How to do it

STEP ONE: A RISK IDENTIFICATION WORKSHOP: (Risk circle can facilitate if you wish)

  • What are significant risks for our circle?
  • What is a concern for our circle?
  • What worries do we have for the circle?

A risk is that X happens, caused by Y and with the consequence of Z.

Anything goes – GET IT OUT – capture lots of risks without evaluation - that comes later. Build on what others say – one idea or concern can trigger another.

Then make sure you record the risks you have spent the time identifying! The Risk circle can provide an example Risk Register.


  • How bad would it be if this risk happened?
  • Would it limit our ability to carry out our mandate?
  • What other circles/parts of XR might it impact?
  • Who else might it impact? (outside of XR)
  • Do we stand to lose anything if it happens? (donations; financial cost)
  • What might cause this risk?

Answering these questions for each risk, and capturing the answers in your Risk Register, means you now know the probability, impact, and severity of your circle's risks. These are important factors that allow you to prioritise your list of risks.

If you identify risks with a high impact to XRUK, please notify the Risk circle.


Decide what actions to take to deal with the highest priority risks. In the Risk Management world there are essentially 4 ways to deal with a risk:

  • Avoid: Stop the activity or do it a different way
  • Reduce: Take steps to reduce the risk's severity and/or to reduce its probability
  • Transfer: Flag to the XR Risk circle, seek advice, have third party support
  • Accept: Carry on with activity and monitor regularly, identify a contingency action if needed

The first three of these are about mitigating a risk. The last one allows you to plan a contintency action should the risk actually happen. You may decide to do mitigating actions, or to plan contingency actions, or you may do both.

Record the the actions within your Risk Register so that you can refer back to these and remember what was decided and who is doing what.


Things change.... so it is a good idea to regularly (suggest once/month) review your circle's risks and check whether the mitigating actions have been done. New risks will have arisen and over time some already known risks will become more (or less) critical.


A large circle may contain diverse sub-circles and if so, each should carry out risk management. The sub-circles may have different levels of risk and should try to rank themselves so the riskiest circles can be prioritised for any support they may need.


  • Ask the Risk circle to come and join one of your circle's meetings to help you discuss risk management
  • Set time aside with your circle to brainstorm risks
  • Prioritise those risks and decide what you want to tackle first
  • Use the 4 Risk Management action types to do something with priority risks
  • Ask the Risk circle about tools to aid getting to the “root cause” or decide the best “action” to take
  • Make a commitment to review what you find as often as you need