Risk Management: Planning to Avoid Losses


It sometimes seems that few people can accurately define risk management, let alone apply it in their organization. Yet, a risk management plan can help an organization identify and correct hazards and substandard work practices before bad things happen. Risk management is by far one of the most effective deterrents to organizational loss.

We often understandably focus on the firefighter fatalities we suffer each year, and, of course, we should do whatever we can to decrease this number, which has remained fairly constant in the 100-per-year range. Consider, however, that this number is a small fraction of the annual number of injuries fire service personnel suffer each year on and off the fireground. U.S. Fire Administration data indicate that over the 10-year period ending in 2008, there were just a few more than 41,000 average per-year fireground injuries and a few more than 81,000 injuries per-year overall. Any one of these injuries could have resulted in a fatality. This indicates the need to also focus our efforts on preventing these high injury rates—more accurately, preventing the situations that allow the injuries to occur. A risk management plan can help you do this.


There are numerous reasons for considering a formal risk management plan as part of your organizational structure. National Fire Protection Association (NFPA) 1250, Recommended Practice in Emergency Service Organization Risk Management, states: “The Emergency Service Organization should have a written policy statement that clearly reflects its commitment to risk management through the development, implementation, and administration of a risk management plan.” With that said, let’s look into the potential benefits to be realized.

Most current-day fire administrators are more than aware of the need to keep spending under control, especially with a somewhat uncertain financial future facing some. This need causes most to look internally for methods to cut costs while still operating a fully functional organization. A closely monitored program is needed—one that will ensure a safe, low-liability work environment while still allowing us to do our jobs within the budget. This is a matter of ongoing concern that will very likely remain inherent to the fire service for the foreseeable future.

If your department is like most, certain job responsibilities often include overseeing stand-alone programs that have been identified as critical from a risk management perspective. Vehicle maintenance, self-contained breathing apparatus (SCBA), personal protective equipment (PPE), and communications are but a few of these highly critical areas of responsibility that are many times assigned to specific members of the organization to manage. Although these individuals may be fully capable of performing the tasks, many are often left alone to deal with all aspects of program management with little to no input from others, at least not on a formal and traceable basis.

When dealing with such high-profile concerns—those that can so easily affect the organization as a whole—it is important for administration to monitor the intricacies of each program. Otherwise, you run the risk of overlooking certain needs of a particular program or the program’s performing to a lower level than desired. A risk management plan can help a department avoid this hazard through the implementation of a system of checks and balances, which essentially consolidates these risk-prone areas under one watchful organizational umbrella.


It is important to distinguish between risk management and safety. Workplace and scene safety concerns fall under risk management in the sense that risk management helps to ensure that everything comes together to make working conditions as safe as possible. Risk management in this sense is more of a preparatory approach, where safety is using the tools, procedures, and precautions that the risk management plan has helped to develop. In other words, the intent is not to restrict operational ability but to allow our personnel do their jobs more efficiently and safely while helping to instill the confidence needed to produce those results.

In the National Fallen Firefighter Foundation’s Everyone Goes Home DVD series, Chief Dave Daniels of the Woodinville (WA) Fire Department makes a very straightforward, yet very profound observation: “Competent incident commanders (ICs) are the key to firefighter safety.” This comment speaks volumes, reflecting that we strive to instill the necessary skills in our current and upcoming scene commanders. But how do we get there? What is a “competent” IC when considering the safety of our personnel?

I have long believed that the most outward sign of a competent IC is strong leadership and that strong leadership comes about through a sequence of processes: Strong leadership is evidenced by decisiveness; decisiveness is driven by confidence; confidence is confirmed by experience; and experience is supported by training and mentoring. If these steps are followed, beginning with training, the odds of ending up with a strong leader and, therefore, a competent IC are much higher. And, as Daniels says, “A competent IC is the key to firefighter safety.”


NFPA 1250 defines a hazard as a condition, an object, or an activity with the potential of causing personal injury, equipment damage, loss of material, or reduction of the ability to accomplish the mission. It defines risk as the chance of injury or loss and mitigation as the prevention or reduction of potentially negative effects.

The standard describes risk management as a specialized field of management. As such, a basic organizational management process can be applied when determining how to put the plan together: planning (What needs to be accomplished?); organizing (What are your time frame and resources to help accomplish the task?); directing/leading (How can you motivate personnel to do as you ask?); coordinating (Are things coming together as planned?); and controlling (What has been accomplished, in what time frame, and are things on track?).

In its simplest terms, risk management consists of two components: risk assessment and risk control. Assessment begins with identifying known or potential hazards, whereas control looks more closely at an identified hazard and further defines any detrimental effects it may have on the organization. Risk levels are then estimated, leading to the decision of whether to intervene or not. If it is determined that intervention is necessary, the risk control component involves creating a control strategy, the implementation of that strategy, and the ongoing evaluation of any selected control measures.

Figure 1. Assessment/Control Process

Figure 1 provides a brief, overall visual reference of the assessment/control process. Steps shown above the heavy dashed line are part of the riskassessment component; steps below the line are part of the riskcontrol component. Note the second dashed line indicating the feedback loop. This is the monitoring and evaluating process that goes on after risk control steps are implemented to ensure that the process is effective.


Looking at NFPA 1250 in more detail, we see the entire process referred to as a similar, five-step format:

  • Identification and analysis
  • Formulating alternatives
  • Selecting alternatives
  • Implementing alternatives
  • Monitoring program

Identifying and analyzing the risks within our organizations is by far the most in-depth and time-consuming phase. Risk identification is first in the assessment process. Risk factors to consider include (among others) department territory and jurisdiction, entity or segment of the public served, and your personnel. Fire service personnel can be an overlooked risk factor in many organizations, yet it is vitally important that you consider the wide personality variations that come with a diverse group of individuals—especially when faced with the dynamics involved with many facets of our profession.

Consider the competency and commitment levels of each individual—especially those in influential positions within the organization. Remember that organizational risk relates to the health and well-being not only of our personnel but also of the entire organization. As human beings, the members of our organizations can be unpredictable and, therefore, can suddenly find themselves (and the organization) embarrassed at the least or facing a much more serious situation if things really go bad. Members identified with high-risk factors should be dealt with accordingly. They must be made aware of the potential effect their erratic behavior or decision making could have on themselves and the organization.

During the identification process, consider loss areas such as workers’ compensation, liability (general, auto, environmental, professional), and negative media. These are major organizational risk factors with the potential to have widespread, long-term detrimental effects.


Once you have identified all the risk factors, analyze and prioritize them. Weigh and evaluate factors based on probability, severity, and frequency. Give those identified as having the highest probability of loss with the lowest probability of occurrence (high-risk/low-frequency) significant attention. These situations have the greatest potential for causing trouble, yet they occur so infrequently that we are often ill-prepared for them.

Determine how to best mitigate the identified risks. Exposure avoidance, segregation of exposures, contractual transfer, and a solid loss reduction/prevention program are common recommendations. Choosing the one most effective for the situation will depend on the specific circumstances.

Make sure to project a specific intended goal, along with any potential effects on department operations. Making across-the-board organizational changes, for example, may raise questions or cause resentment in some personnel. Take adequate time to plan, prepare, and educate/train personnel on the changes unless, of course, the changes are made in response to an identified high-priority, safety-related concern. This is especially important where equipment or procedural changes are involved.

Ensuring that any corrective actions are contributing to the intended goals of the program necessitates that a method of measurement is in place. The frequency and methods of data collection are up to the individual organization; however, they should be conducted often and thoroughly enough to readily keep pace with trends identified through the feedback process.


If this all sounds a bit overwhelming, consider it an indication that your organization may be in need of the coordinating effects a risk management program can provide. Remember that it is not a one-person project; it requires the participation of a group of individuals, particularly those assigned to oversee some of the more risk-prone areas mentioned earlier. To begin the process of selecting participants in the program, consider those in charge of each of the areas in Figure 2. Participants who will be a part of what will become your risk management committee can be recruited from this list. This is a partial list, and some areas may not apply to your organization. It can give insight into the types of risk areas that you need to consider for inclusion in your program. You can then coordinate and integrate each into the plan.

Figure 2. Selecting Committee Members


The process of writing your risk management plan is going to be largely dependent on local considerations and already established policies and procedures. There are many plans on the Internet you can use as a template for further developing your plan. Regardless of what route you take, the components of the plan will remain relatively constant in following the facets of the overall program discussed here.

The plan should be a written, formally accepted document that can be distributed to members having responsibility under the scope of the plan. It does not, however, need to be cumbersome and complicated. The end result should be a system that enables you to identify areas in need of attention, issue and track organizational changes made toward corrective action, and include provisions relating to the retention of all pertinent documentation.

Suggested sections defined within the document might include the following:

  • The scope, purpose, and content—all of which will lay out the overall intent of the plan.
  • A risk management model, illustrating plan components along with a definition of each component and an explanation of how the components will interact with each other.
  • The plan’s organization, illustrating various control measures.
  • The responsibilities of each member assigned to the program.
  • The frequency/severity scale, showing the methodology used to prioritize identified risks.
  • The goals and objectives of the plan, including a section to be periodically updated based on the frequency of committee meetings.


Developing a risk management committee, consisting of a minimum of representatives of each of the high-risk operational and administrative areas of the organization, is highly recommended. Periodic meetings will allow and encourage discussion of issues relating to each assigned area of responsibility. Base meeting schedules on organizational need.

Typical agenda items might include a review of past reporting period goals and their current status, along with the discussion of any goals for the upcoming reporting period. Scrutinize any concerns expressed and, if needed, implement the revisions following the process discussed earlier.

Let’s say, for example, that during the previous committee meeting, it was determined that the then current method of tagging defective SCBA was not acceptable—tags were being tied on with string, and some tags did not remain secured and got lost before the SCBA could be repaired. This was reviewed as an unacceptable hazard because of the possibility that the unit might inadvertently be put back into service because of the missing repair tag. Committee response to this problem might, therefore, be to devise a more secure method of attaching the tags using wire twist-ties—which was implemented during the last reporting period. This method, however, was further reviewed for follow-up at the current meeting because personnel still depended on manually securing the tags. Unless the wire was twisted enough turns, the tags could still detach. The revised solution was to use plastic zip-ties to more securely attach the tags—a solution that will again be reviewed at the next scheduled committee meeting.

If you still are unsure of whether a risk management program would work for your organization, consider that a well-implemented and maintained program will (1) provide a systematic process for decision making; (2) prevent organizational loss (personal injury costs, equipment damage or destruction, organizational embarrassment, theft, and so on) through open discussion and member involvement in discussing risks; (3) allow hazards to be examined and risks to be estimated; (4) cause decisions to be communicated formally, documented, and defensible in court if the process was ever legally questioned; and (5) allow the organization to deal with uncertainly in a more member-friendly manner.


USFA Report: http://www.usfa.dhs.gov/fireservice/fatalities/statistics/casualties.shtm.

National Fire Protection Association, NFPA 1250, Recommended Practice in Emergency Service Organization Risk Management, 2010 Edition, Quincy MA.

National Fire Protection Association, NFPA 1500, Fire Department Occupational Safety and Health Program, 2007 Edition, Quincy MA.

Daniels, Dave, Woodinville (WA) Fire Department, Everyone Goes Home DVD series, 2008, NFFF, Emmitsburg, MD.

Wilder, Steven. Risk Management in the Fire Service. (Saddle Brook, N.J.: Fire Engineering Books & Videos, 1997.

Tim Hyden is training/safety officer for East Manatee (FL) Fire Rescue and an 18-year veteran of the Florida fire service. He has an associate degree in fire science and an advanced technical certificate in fire science administration and is a graduate of the Florida Fire Chiefs’ Association Emergency Services Leadership Institute. Hyden has several state certifications through the Florida Bureau of Fire Standards and Training; is a contributing writer to Florida Fire Service and Fire Engineering magazines; and speaks on leadership and motivation, officer development, risk management, and marketing.

More Fire Engineering Issue Articles
Fire Engineering Archives

No posts to display