PropoDoc provides self-help document templates and tools. It is not a law firm and does not provide legal advice. Learn more.
Skip to main content
Example
guide

Risk Management Plan Example — Mid-Size Company

Example document for Risk Management. Use this as a reference when creating your own.

For Informational Purposes

This document template is provided for informational purposes. Customize it for your specific needs.

Document: Risk Management

Example Document

Last updated 6/4/2026

Risk Management Plan — Larkfield Logistics (Mid-Size Company)

Organisation / programme: Larkfield Logistics — company-wide risk plan Owner (risk manager): Priya Nair, Head of Operations Date: 5 June 2026 Approved by: D. Hartley (Managing Director) Status: Approved Next review: 7 September 2026


1. Objectives and scope

This plan governs the principal risks to Larkfield Logistics, a 180-person regional freight and warehousing company. It covers operational, financial, compliance, people, and technology risks across the business; it excludes project-specific risks, which are managed in each project's own register. The plan runs for the financial year and is reviewed monthly, with a fuller quarterly deep-dive.

2. Risk appetite

Risk categoryAppetiteWhat this means in practice
Safety / peopleLowDriver and warehouse safety risks reduced as far as reasonably practicable
Legal / complianceZeroFull compliance with transport, licensing, and data law; no breaches accepted
FinancialDefined limitSingle-event loss tolerance of 150k; no exposure above 400k uninsured
Commercial / strategicModerateCalculated bets on new contracts welcomed where margin justifies them
ReputationLowCustomer-facing failures escalated quickly; service standards protected

3. How likelihood and impact are scored

ScoreLikelihoodImpact
1Rare (unlikely this year)Negligible (under 10k or no real disruption)
2UnlikelyMinor (10k to 50k or brief disruption)
3PossibleModerate (50k to 150k or noticeable disruption)
4LikelyMajor (150k to 400k or serious disruption)
5Almost certainSevere (over 400k or business-threatening)

Risk score = likelihood x impact. Bands: 1 to 4 low (green), 5 to 12 medium (amber), 15 to 25 high (red). Red risks require a named owner and an active response within one week and are reported to the MD.

4. Risk register

IDRisk (cause and consequence)LikelihoodImpactScoreResponseOwner
R1A major customer (28% of revenue) does not renew, cutting income sharply3515Reduce: account plan, quarterly business reviews, diversify the pipeline to lower single-customer sharePriya Nair
R2A cyber-attack encrypts the dispatch system and halts operations for days3412Reduce + transfer: backups, staff phishing training, segmented network; cyber-insurance for residual lossIT Manager (Tom Beck)
R3A driver shortage leaves contracted routes uncovered, breaching SLAs4312Reduce: retention bonus, agency-driver framework agreement, apprentice pipelineFleet Manager (S. Okoye)
R4A serious yard or road safety incident causes harm and regulatory action2510Reduce + transfer: safety programme, telematics, vehicle maintenance regime; liability insurancePriya Nair
R5A new operator licence requirement is missed, risking a fine and suspension248Reduce: compliance calendar with owner and reminders; annual external auditCompliance Officer (M. Reyes)
R6Fuel price spike erodes margin on fixed-price contracts428Accept + reduce: fuel-surcharge clause in new contracts; small contingency held for legacy onesFinance (D. Hartley)
R7Key warehouse-management software vendor discontinues support236Reduce: contractual support guarantee; shortlist of replacement systems maintainedIT Manager (Tom Beck)

5. Risk matrix

Each risk above is plotted on the likelihood-by-impact grid:

  • Red (high, 15 to 25): R1 (15) — loss of the major customer sits top-right and is the company's most serious risk; it is reviewed at every monthly meeting.
  • Amber (medium, 5 to 12): R2 (12), R3 (12), R4 (10), R5 (8), R6 (8), R7 (6) — each has an owner and a planned response, reviewed each cycle.
  • Green (low, 1 to 4): none currently; lower-scoring items are logged in the working register and monitored for movement.

6. Roles and governance

RolePersonResponsibility
Sponsor / executiveD. Hartley (MD)Accountable for risk overall; sets appetite; receives the monthly top-risk report
Risk managerPriya NairMaintains this plan and register; chairs the monthly risk review
Risk ownersAs named per riskAccountable for their risk and its response actions
Risk review forumMonthly operations meetingExamines red and amber risks; escalates breaches to the MD

7. Monitoring and review

  • Review cadence: Register reviewed at the monthly operations meeting; quarterly deep-dive each September, December, March, and June.
  • Early-warning indicators: Customer-concentration percentage (R1), failed-login and patch-status reports (R2), driver vacancy rate (R3), and surcharge coverage (R6).
  • Reporting: A top-five risk summary goes to the MD monthly; red risks are flagged immediately.
  • Escalation: Any risk that breaches appetite, or materialises, is escalated to the MD within 24 hours.
  • Feedback loop: Incidents and near-misses are logged and reviewed at the next meeting to surface new risks and adjust scores.

Notes

A realistic worked example for a mid-size logistics company, showing risk appetite by category, scored likelihood and impact, a ranked register with the four response types, named owners, a colour-banded matrix, and a monthly review cadence. The company, people, and numbers are illustrative.

About this Example

Part of the Risk Management document collection

Document Type

Risk Management

How risks are identified, assessed, and controlled across the business or project.

Complexity

moderate

Risk Level

low