Risk Management Plan Example — Mid-Size Company
Example document for Risk Management. Use this as a reference when creating your own.
For Informational Purposes
This document template is provided for informational purposes. Customize it for your specific needs.
Document: Risk Management
Example Document
Last updated 6/4/2026
Risk Management Plan — Larkfield Logistics (Mid-Size Company)
Organisation / programme: Larkfield Logistics — company-wide risk plan Owner (risk manager): Priya Nair, Head of Operations Date: 5 June 2026 Approved by: D. Hartley (Managing Director) Status: Approved Next review: 7 September 2026
1. Objectives and scope
This plan governs the principal risks to Larkfield Logistics, a 180-person regional freight and warehousing company. It covers operational, financial, compliance, people, and technology risks across the business; it excludes project-specific risks, which are managed in each project's own register. The plan runs for the financial year and is reviewed monthly, with a fuller quarterly deep-dive.
2. Risk appetite
| Risk category | Appetite | What this means in practice |
|---|---|---|
| Safety / people | Low | Driver and warehouse safety risks reduced as far as reasonably practicable |
| Legal / compliance | Zero | Full compliance with transport, licensing, and data law; no breaches accepted |
| Financial | Defined limit | Single-event loss tolerance of 150k; no exposure above 400k uninsured |
| Commercial / strategic | Moderate | Calculated bets on new contracts welcomed where margin justifies them |
| Reputation | Low | Customer-facing failures escalated quickly; service standards protected |
3. How likelihood and impact are scored
| Score | Likelihood | Impact |
|---|---|---|
| 1 | Rare (unlikely this year) | Negligible (under 10k or no real disruption) |
| 2 | Unlikely | Minor (10k to 50k or brief disruption) |
| 3 | Possible | Moderate (50k to 150k or noticeable disruption) |
| 4 | Likely | Major (150k to 400k or serious disruption) |
| 5 | Almost certain | Severe (over 400k or business-threatening) |
Risk score = likelihood x impact. Bands: 1 to 4 low (green), 5 to 12 medium (amber), 15 to 25 high (red). Red risks require a named owner and an active response within one week and are reported to the MD.
4. Risk register
| ID | Risk (cause and consequence) | Likelihood | Impact | Score | Response | Owner |
|---|---|---|---|---|---|---|
| R1 | A major customer (28% of revenue) does not renew, cutting income sharply | 3 | 5 | 15 | Reduce: account plan, quarterly business reviews, diversify the pipeline to lower single-customer share | Priya Nair |
| R2 | A cyber-attack encrypts the dispatch system and halts operations for days | 3 | 4 | 12 | Reduce + transfer: backups, staff phishing training, segmented network; cyber-insurance for residual loss | IT Manager (Tom Beck) |
| R3 | A driver shortage leaves contracted routes uncovered, breaching SLAs | 4 | 3 | 12 | Reduce: retention bonus, agency-driver framework agreement, apprentice pipeline | Fleet Manager (S. Okoye) |
| R4 | A serious yard or road safety incident causes harm and regulatory action | 2 | 5 | 10 | Reduce + transfer: safety programme, telematics, vehicle maintenance regime; liability insurance | Priya Nair |
| R5 | A new operator licence requirement is missed, risking a fine and suspension | 2 | 4 | 8 | Reduce: compliance calendar with owner and reminders; annual external audit | Compliance Officer (M. Reyes) |
| R6 | Fuel price spike erodes margin on fixed-price contracts | 4 | 2 | 8 | Accept + reduce: fuel-surcharge clause in new contracts; small contingency held for legacy ones | Finance (D. Hartley) |
| R7 | Key warehouse-management software vendor discontinues support | 2 | 3 | 6 | Reduce: contractual support guarantee; shortlist of replacement systems maintained | IT Manager (Tom Beck) |
5. Risk matrix
Each risk above is plotted on the likelihood-by-impact grid:
- Red (high, 15 to 25): R1 (15) — loss of the major customer sits top-right and is the company's most serious risk; it is reviewed at every monthly meeting.
- Amber (medium, 5 to 12): R2 (12), R3 (12), R4 (10), R5 (8), R6 (8), R7 (6) — each has an owner and a planned response, reviewed each cycle.
- Green (low, 1 to 4): none currently; lower-scoring items are logged in the working register and monitored for movement.
6. Roles and governance
| Role | Person | Responsibility |
|---|---|---|
| Sponsor / executive | D. Hartley (MD) | Accountable for risk overall; sets appetite; receives the monthly top-risk report |
| Risk manager | Priya Nair | Maintains this plan and register; chairs the monthly risk review |
| Risk owners | As named per risk | Accountable for their risk and its response actions |
| Risk review forum | Monthly operations meeting | Examines red and amber risks; escalates breaches to the MD |
7. Monitoring and review
- Review cadence: Register reviewed at the monthly operations meeting; quarterly deep-dive each September, December, March, and June.
- Early-warning indicators: Customer-concentration percentage (R1), failed-login and patch-status reports (R2), driver vacancy rate (R3), and surcharge coverage (R6).
- Reporting: A top-five risk summary goes to the MD monthly; red risks are flagged immediately.
- Escalation: Any risk that breaches appetite, or materialises, is escalated to the MD within 24 hours.
- Feedback loop: Incidents and near-misses are logged and reviewed at the next meeting to surface new risks and adjust scores.
Notes
A realistic worked example for a mid-size logistics company, showing risk appetite by category, scored likelihood and impact, a ranked register with the four response types, named owners, a colour-banded matrix, and a monthly review cadence. The company, people, and numbers are illustrative.
About this Example
Part of the Risk Management document collection
Document Type
Risk Management
How risks are identified, assessed, and controlled across the business or project.