Once upon a time, pastors thought their churches were safe and secure places that even criminals would respect. Unfortuantely, that’s no longer the case (or perhaps, that always was a fairy tale). Regardless, part of your responsibility as a church leader is to take prudent measures to protect your congregation. As we’ve addressed previously, there are many actions you can take to accomplish that goal. However, a key first step is to assess what risks your church could face. From there, you can determine what to do that will improve church safety and security.
What is a Risk Assessment?
The assessment step is really a deep-dive look at potential risks to your church. It involves asking some uncomfortable questions such as:
What event might occur that could take down the church?
How would we respond if a tornado siren went off during a service?
Have we provided staff and volunteers with training on how to react in an active shooter situation?
What would our teams do if the fire alarm went off?
Drop any of those questions at the next staff meeting and you’ll feel the tone of the room take a nose-dive. No one likes to talk about the bad things that could happen within or to our churches. Unfortunately, this is an important issue that we must seriously consider. We’ve all heard of the church or ministry damaged by scandal, fraud, natural disaster, or other difficult events.
A trusted bookkeeper siphoned funds into his account, a former member files a lawsuit, or someone is hurt while at a church function. These situations really do happen, yet we tend to think that as a church we’re immune from these issues. That’s simply not the case. We have a responsibility to consider the risk events that could harm our congregations and take appropriate actions to improve church safety and security.
A risk is simply the chance that something could go wrong. The fallout from that event could be minuscule or catastrophic, depending on the situation. Fortunately, there are steps we can take to prevent a risk from occurring and minimizing the impact if it does occur. The process of identifying, assessing, and mitigating risk is commonly referred to as a risk management program. I’ve managed that function for a large company and on individual projects. The following is an overview of the process and how to get started.
Step #1: Identify the potential risks to church safety and security
This step involves gathering your senior leadership team and asking that uncomfortable question, “What event(s) might occur that could take out our church?” Explain that the reason for this discussion is to ensure you’re doing everything needed to prevent these risks. Here are a few additional questions to use that can get the conversation going:
- Consider incidents at other churches that damaged their reputation, cost them financially, or severely hurt their ministry. Is your church at risk of facing similar issues?
- What events or actions could occur that would cause physical or emotional harm to our staff, volunteers or congregation?
- Are there weather events specific to our region that could cause physical damage to our facilities?
- What could occur that may lead to legal action against our church or church leadership?
Your list of potential risks may include the following:
- Financial – fraudulent activity or lack of financial resources to maintain church operations
- Abuse – child abuse, sexual harassment
- Natural disasters – tornado, hurricane, fire, flood, earthquake
- Moral failure of senior leadership
- Health and Safety – security threats, unsafe practices or environments
- Technology – loss of vital data or financial information, network crash, inefficient systems
- Legal or compliance issues – whether intentional, due to negligence or ignorance
- Human Resources – low morale, insufficient staffing to handle the workload, personnel issues, lack of succession planning
Step #2: Assess the likelihood and potential impact of each risk
As you discuss each risk, talk through the scenario and what might happen. Assess each risk for how likely it is to occur and what the impact would be to your church if it did happen.
For the risk of natural disasters:
Are you in an area prone to tornados? If so, then the likelihood may be rather high. Should a tornado damage your building, that could lead to physical injuries if anyone is present at the time. Additionally, extensive damage to the building could mean you won’t be able to hold services there for several weeks (or more). While you can’t reduce the likelihood of a tornado, you can take steps to reduce the impact. Examples include purchasing insurance, proper building construction, developing and communicating safety procedures, and scouting temporary facilities before they’re needed.
Step #4: Determine what processes are already in-place to prevent each risk
Do you have policies and processes in-use to prevent the risk? For example: Do you require that at least two people count and sign-off on the offering total for each service? Is each volunteer working with children required to pass a criminal background check and attend training prior to serving? Do you have insurance coverage on your facilities and the contents? Have you documented these policies and do you communicate them to staff on a regular basis? You may want to seek out legal counsel regarding certain risks to confirm that you’re in compliance with applicable laws and regulations. These are all steps that can reduce the likelihood and/or impact of various risks.
Step #5: Identify gaps and take action to further mitigate risks
If you determine that the mitigations in-place aren’t sufficiently reducing a particular risk, then you need to develop a plan to close that gap. This may include getting additional insurance coverage, implementing background checks, or developing a security threat response plan. The key to this step is to document the actions required and assign a single leader responsible for ensuring that the tasks are completed by a certain date. This leader should report back to you on a weekly basis until all tasks are complete.
Step #6: Communicate the risks and mitigating actions
Just having your senior leadership team aware of the risks isn’t sufficient. Discuss these risks with staff and volunteers who are directly responsible for carrying out the risk mitigation actions or who may be impacted by a risk event (such as an emergency evacuation).
Summarize each risk into a sentence or two and review the list with your staff. Get their input on the list and ask if they have any ideas for how to prevent these risks. Discuss any existing policies or procedures that prevent each risk such as background checks or safety rules. Make sure they understand that you’ve put those policies in place for a purpose and what the consequences to the church could be if one is violated and the risk occurs.
Communicate applicable risks while training volunteers and discuss which policy or procedure you’ve designed to prevent those risks. When people understand why they’re required to follow a certain procedure, they’re much more likely to comply.
Step #7: Review and update this list of risks
This process to improve church safety and security cannot be a one-time effort. The external and internal environment changes constantly and we have to adapt our risk list and risk prevention measures accordingly.
Review each risk at least once each year and discuss the most important policies with staff and volunteers on a monthly basis. You may think that they’ve “got it” after one training session—please don’t make that assumption. Reiterate the key processes and policies used to mitigate risks on a regular basis. About the time that you’re sick of saying the same thing, your team is just starting to understand…so keep communicating.
Hard Work Now Can Prevent Heartache Later
Now, all of this sounds like a lot of work and I’m sure that your to-do list is already a mile long. That combination doesn’t bode well for your ability to get started on this process. However, a risk management program is a lot like preventative medicine. We can either invest the time and energy now to prevent and mitigate risks or we can deal with the consequences later.
Also, please realize that discussing risk doesn’t mean we’re lacking faith. Our faith has to be in God first—trusting Him for protection, wisdom, and direction. Next, we combine our faith with action by identifying, assessing, and mitigating risks. We have a responsibility as leaders to take all reasonable efforts to protect our congregations, staff, volunteers, and community. Take the time to go through this process with your team. It won’t be the most fun staff meeting, but it may have the biggest pay-off.