risk management

Jewish Family & Child is committed to building increased awareness and shared responsibility of Risk Management at all levels of the Agency. The Agency developed and implemented a Risk Management framework to identify and assess Risks with the aim of eliminating or reducing their impact on the Agency. Furthermore, JF&CS engages in quarterly risk assessments where risk areas are reassessed and monitored.

Risk Management is an organization’s systematic continuous method to minimize the likelihood of things going wrong, maximize the likelihood of things going right and to prepare to address crisis, all in order to effectively reach its goals and fulfill its mission.

There are 3 Major Components to Jewish Family & Child’s Risk Management:

  1. Risk Management Framework + Policy and Procedures

  2. Proactive Risk Management – Systematic Continuous Risk Assessment & Mitigation Process

  3. Business Continuity Plan

In the past two years, Jewish Family & Child has embedded Risk Management into the culture of our organization. The Risk Management Steering Committee established the framework and the coordinated the effort of engaging staff in risk management activities. 8 teams were established each assigned to a risk area. Each team consisted of expert area leaders. The following risk areas were identified:

  1. Governance, Board Operations, Fundraising, and Public Relations

  2. Human Resources Management and Volunteers

  3. Financial Management, Insurance and Fundraising

  4. Facility Risks, Safeguarding Equipment & Systems, and Health & Safety

  5. Technology and Information Management, Data & Internet

  6. Client Service & Experience

  7. Client Case File Case Management

  8. Crisis Management and Business Continuity Plan


Risk Management Framework
Risk Assessment Model
Risk Assessment process was based on a generic assessment model which was configured and tailored to specifically reflect our Agency’s needs by the Risk Management Steering Committee. The staff members involved were informed and trained in the use and application of the Risk Assessment model. A key message was the more you use and practice the model, the better you become at it!

I.   Identify the Risk Activity/Event
II.  Describe the Risk Activity/Event
        - What negative event/activity can happen?
        - Alternatively, what positive activity might not happen?
        - Where? When? Why? Who? And How?
III. Analyze the Risk Activity/Event
        - What immediate and future impact can it have?
        - What potential damages may it cause on the Agency?
        - Imagine the Worst Case Scenario!
IV.  Document the Potential Damages (learn more about potential damage (Jodi: click to link to “types of potential damages” doc provided))
        - Note what damages might be caused to the Agency in the sequence of events
        - Which potential damage could lead to the next potential damage?
V.    Assess the Severity 
        - How severe are the potential damages based on the potential impact on the Agency’s ability to provide service to the clients? 
VI.    Assess the Likelihood
        - Look at the risk with the highest potential severity based on:
Past experience, the procedures, processes, control, tools & measures, and recovery plans which the Agency has in place to address the risk
•    The likelihood of the specific risk activity/event causing the potential damage is at its/their highest level of severity (worst case scenario) 

VII.    Score the Risk 
        - The final Score of each potential risk is the multiplication of the Severity factor by the Likelihood factor. The final score will determine the Level of the Potential Risk at one of the Four Risk Levels:
Minor, Moderate, Major or High. Please click here to see the Risk Scoring Matrix to determine the level of potential risk.
VIII.    Apply Next Steps
        - Decide on additional and/or approved measures that may be required
        - Set an action plan for implementation
        - Report


Proactive Risk Management – Systematic Continuous Risk Assessment & Mitigation Process

Jewish Family & Child implements a continuous, ongoing, comprehensive risk identification, assessment and management process. Since our initial risk assessment process, the 8 teams that were established have been engaged in the “Continuous Operational Risk Management” phase. This requires that all teams assemble at least 3 times a year and participate in the periodic assessment of all the risk activities and risk events within their area.

The purpose of the periodic review is:

  1. To ensure that new and/or changing information and circumstances are evaluated and assessed to determine their impact on the recent risk score of each of the risk activities/events, and reassess when required.

  2. To identify new risk Activities/Events in each of the Risk Areas and Categories which may have emerged due to changing circumstances and assesses them

  3. To follow up on the implementation of recommendations for action plans to mitigate and lessen risk, with emphasis on activities/events with a Major or High Risk score.

JF&CS has established guidelines for the Period Risk Assessment Review. These guidelines provide sufficient detail to engage in a thorough, timely and responsible process for collecting the relevant information for addressing emerging risk needs. Specifically, the guidelines provide details on the methods; the roles and responsibility of the Agency members, the frequency of engaging in the process as well as follow-up based on the urgency of the results of the Period Risk Assessment Review.

The Period Risk Assessment Review Reports as well as specific plans to mitigate risk and identify staff responsibility is submitted to the Steering Committee of Risk Management. Risk Assessment Periodic Review Reports are rolled-out by the Steering Committee and reported to our Board of Directors.

Staff at all levels of Jewish Family & Child are encouraged to actively identify, assess, report and contribute to the control and management of risk in all of the 8 risk areas. Managers are supported to create and open culture within their teams to enable staff to freely discuss and communicate risks.

Business Continuity Plan (BCP)

One of the components of JF&CS’s Risk Management is our Business Continuity Plan (BCP). The purpose of the BCP is to prepare JF&CS in the event of extended service outages caused by factors beyond our control (e.g. natural disasters, man-made events), and to restore services to the widest extent possible in a minimum time frame. All JF&CS sites are expected to implement preventive measures whenever possible to minimize network failure and to recover as rapidly as possible when a failure occurs.

JF&CS’s BCP is based on certain operating principles whereby the mission of our Agency will guide the service delivery of our mandated services. Our BCP identifies several key areas that are important such as; initial response, damage assessment and control, business recovery phase – preparedness level, provision of essential services. Furthermore, our plan identifies certain crisis situations that may occur and has developed specific plans in response.   The plan identifies vulnerabilities and recommends necessary measures to prevent extended service outages. It is a plan that encompasses all JF&CS system sites and operation facilities.


Jewish Family & Child

4600 Bathurst St | 1st Floor

Toronto, ON   M2R 3V3




Jewish Family & Child thanks its generous funders:

UJA Federation_Black_CMYK (1).png

Accredited by:

Copyright © 2020 Jewish Family and Child Service of Greater Toronto  |  Read Our Privacy Policy