Skip to Content
Risk Management

3 Steps to Building a Rock-Solid Public Entity Risk Control Plan

You were not formally trained in public entity risk management and now find yourself assigned safety and risk management duties. This scenario happens more than you think. Now what? Where do you start?

September 10, 2021

It is no secret that the public sector faces a set of unique risks and challenges. When it comes to designing a public entity risk control plan, however, certain fundamentals can provide a nice blueprint to building that plan effectively.

“The past is one of the greatest indicators of the future,” said Ariel Jenkins, Assistant Vice President of Risk Services. “The best place to start is to get a snapshot of what the lack of safety and risk mitigation has produced in the form of losses or claims.”

Here are three steps that will show you how to find that initial information and use it to establish a formal plan.

1. Analyze Claims Data

Gather a minimum of 48 months back from the most current date of claims data available. In this context, “analyze” means to determine which categories of claims are the most frequent and/or severe. The severity of claims is measured in the dollar amounts of the loss. Be sure to analyze claims data in all areas of risk management, including (but not limited to) workers’ compensation, auto liability, general liability, employment practices liability, law enforcement liability and property risks. Comprehensive claims data analysis will clarify which areas to prioritize when building your risk control plan. You may have to get additional information from your finance department to get a clearer picture of losses or claims that are not covered by insurance or included in claims reports from your TPA.

2. Define Plan Goals and Timeline

After analyzing the frequency and severity of your claims/losses, the next step is to define and articulate what the plan intends to accomplish and within what timeframe. The plan may also be related to some measurable goal within your organization. For example, has your organization set a goal to reduce workers’ compensation losses and/or reduce costs associated with workplace motor vehicle accidents? Your risk control plan should address those goals. The plan should also address its impact on multiple divisions within your organization, therefore, it is critical to involve them in the planning process. The best plans are built when multiple stakeholders own a part of the risk control plan and realize the effects that the lack of safety and risk management can have on the organization. A good tool to use when involving multiple stakeholders in risk control planning is a risk assessment matrix. A quick internet search offers many risk assessment matrix templates online to download. This tool can put into perspective what operations and loss areas are the most risky in terms of the frequency, severity and likelihood of claims.

3. Identify Weaknesses in Your Plan

There are financial and human costs to maintaining the status quo and do nothing different with respect to your risk management program. Strengthening your program should be strategic, tactical and focused on what can be accomplished in both the short and long term. As some of us know, claims and subsequent losses are going to occur regardless of the strengths of any safety or risk management program. It is those moments where program weaknesses meet risks that ultimately lead to losses. In the insurance industry, we refer to these moments as “residual risk” – meaning the risk that remains regardless of all the efforts and progress made with your safety and risk management program in recent years. If claims continue to surface frequently in certain areas, this usually indicates residual risks, and there are additional opportunities to strengthen areas of your risk management program. Residual risk can be measured using a risk assessment matrix as mentioned above. Ultimately, assessing risks can lead to stronger and more effective risk mitigation.