Basically risk management is composed of two consecutive steps; risk assessment followed by risk control. The following figure illustrates the various components of risk management.
Integral to the framework is risk documentation, communication and review. The output of risk assessment and recommended controls are usually documented in a risk register. Risk communication is the sharing of information about risk between those involved in the program and all parties involved in patient care. Parties are expected to communicate at all stages of the program but essential is the communication of the risk management output as shown by the solid arrow in the framework which is facilitated by the risk register.. To ensure that the risk management program output is leading to an equivalent or acceptable increase in patient safety level a risk review process (re-risk assessment) of related adverse events is necessary which is then documented in the risk register for better monitoring. If such audit finds that the risk is still high a reconsideration of the risk control measures becomes essential and if that does not lead to risk reduction the risk assessment process might need to be re-initiated.