Risk Management Guidelines

Risks should be managed when planning, conducting and evaluating exercises to ensure the exercise performance objectives are achieved. 

There are two aspects of exercise risk that need to be addressed:
  • The risk to the exercise. (Includes such things as cancellation, adverse reaction, political issues, protest, failure to achieve objectives, budget issues etc.), and   
  • The risk in the exercise.  (Includes risk to participants, legal and regulatory risk associated with the conduct of the exercise)

Safety is of critical importance if the exercising involves participant exposure to potentially dangerous situations or hazardous materials or risks to the community and the environment. The responsibility for identifying risk controls should be assigned to a safety officer with appropriate responsibilities and powers.

The risk management process involves communication, documentation, and coordination. ISO 31000 provides a suitable framework for undertaking risk management to ensure systematic risk identification, analysis and evaluation processes are in use and evaluates risk when compared to the exercise performance objectives. The exercise project team should use a risk management process compatible with ISO 31000.


Internal and external factors such as changes in legislation and regulations, media interest and relationship with government or other organizations which may affect the exercise performance objectives should be considered. It is also important to consider the risks of conducting the exercise to the organization itself.

Risk identification

Risk identification involves the identification of risk sources, potential unwanted events and situations, their causes and their potential consequences that will have a negative effect on exercise performance objectives.

Risk evaluation

Risks should be prioritized using the rating assigned during the risk analysis, so that the most important risks can be addressed first. Risk treatments may include eliminating or avoiding risk by not undertaking an exercise activity, reducing the likelihood of occurrence, mitigating the consequence, sharing the risk, or accepting the level of risk and continuing with the exercise project without change.

Risk management plan

A risk management plan should ensure that risks are managed. Risk management should be embedded in all aspects of the organization’s exercise practices and processes including the policies, planning, and budget required for effective exercise project risk management.

Monitor and review risk

Monitoring and review are integral to the risk management process and involve regular checking or surveillance. Responsibilities for monitoring and reviewing should be clearly defined in the risk management plan. Monitoring and reviewing processes should encompass all aspects of risk management including:
  • ensuring that controls are effective and efficient in both design and operation;
  • analysing and learning lessons from events (including near-misses), changes, trends, successes and failures, which may require revision of risk treatments;
  • detecting changes in the external and internal context; and,
  • identifying emerging risks

Environmental considerations

The organisation should consider environmental risks and impacts, and the effect on the community and the operating environment. The environmental impact of the exercise activities should be assessed and analysed and the results documented and considered during exercise planning, conducting and evaluation.

Gender and diversity considerations

The exercise coordinator is responsible for gender and diversity considerations associated with exercise projects. These considerations should be addressed in exercise planning, conducting and evaluation, the results documented and the “lessons identified” reported.

Logistical considerations

The exercise coordinator should ensure that logistical details are managed by the exercise project team. Management of logistical details can make the difference between an effective exercise and an exercise that is confusing, ineffective, and inefficient.

Exercise logistical requirements will vary based on type and method of the exercise. The specific materials, equipment and facilities needed to carry out the exercise should be determined by the exercise planners as they develop the scenario, including the location(s) where the exercise will take place. Those responsible for logistics address the supplies, materials, equipment, services and facilities required for the exercise.

Exercise logistical considerations include transportation, infrastructure (facilities, parking and equipment), staffing, services (catering, medical support, and site security) and appropriate meeting and briefing arrangements.