The figure below summarises the process of conducting a risk assessment. 

Step 1: Identify the scope, context, criteria

• Risks are best managed in the internal and external contexts in which they occur. Therefore, one should detail the potential risk and involve all those who know and understand the context of the risk with a defined scope for specific actions e.g. focusing on the learning environment, or a specific programme.

• Risk Identification – Be clear in your consideration of ‘who’ is at risk considering diversity factors such as age, disability, gender, etc and how they will be impacted.  Often, risk assessments in workplaces or learning institutions may be driven by the jobs under consideration. But, in safeguarding risk assessment, you need to move beyond the obvious or often considered risk.
  
• Risk Analysis – Once a risk is identified, take time to understand it. Some questions to guide understanding of the risk include : what kind of a risk is it;  how likely is it to take place; what would be its impact; is it related to any other existing risk; are there controls against this type of risk;, and what is the level of sensitivity or confidentiality of the risk exposure. To ensure objectivity in the risk assessment process, the views of all the members of the risk assessment team should be considered.
  
• Risk Evaluation - Evaluate the risk analysis based on the existing criteria for the organisation and decide if, additional risk treatment measures are needed, or if current controls are effective. Make sure that you record the decision taken on the risk and communicate it to other stakeholders.
  

Step 3: Risk Treatment:

• Formulate and identify the appropriate risk treatment measure to take for every risk where the current controls are not fully effective or additional measures are required. For every risk treatment proposed, assess its effectiveness in addressing the level of risk exposure. In some instances, the institution may decide that the level of risk is within an acceptable range and not implement any mitigation measures. This process is iterative with incremental measures advised with every review

Step 4: Record and Report

• Document the outcomes of the risk assessment process in a risk register and monitor them for implementation of treatment actions. Regularly review and monitor the learning environment and workplaces for any emerging risks and update the risk register. Reports should be prepared and shared with senior leadership and the board for decision-making.