News & Insights

Risky Business: Managing, Identifying and Mitigating Risk in Your Bids

Jack Bolton
Written by
Jack Bolton

One of the most common questions you will come across when tendering for public sector work is how you identify and mitigate risk. Buyer’s frequently ask this question because they want to be confident of your ability to reduce the likelihood and impact of risks on their contract.

Buyer’s will often ask you to provide:

  • Your risk management approach
  • Examples of specific risk assessments

Risk Management Approach

Questions that ask about your risk management approach generally refer to the risks that your staff and the public could encounter during the day to day operations of your business.

Although some questions may give you a breakdown on how to respond, for those that don’t, consider the following:

Risk Management

We’d recommend starting with a written statement affirming your commitment to working in a way that is safe for your staff, the client’s staff and the public. While committing to this may seem obvious, you should still include it as it affirms the baseline for your approach and will smoothly transition into the remaining bulk of your response. Your introductory paragraph should also include who within your organisation is responsible for managing risks and health and safety issues.

If you have any, it could be worth at this point dropping in any health and safety certifications or accreditations your organisation may hold. This will show the buyer that you have verifiable expertise. Relevant certifications and accreditations could include:

Identifying Risks

Following on, you should explain how you identify risks associated with the contract. Risk assessments (RAs) will be the main way you do this. RAs would usually be conducted during project mobilisation, but this is industry-dependent. For example, RAs in construction would normally take place before work commences. Whereas, in home care services, RAs are conducted at the start and throughout as new customers are referred and the condition of existing customers change.

It is important to identify who will be conducting your risk assessments. You should also mention whether the buyer’s staff or clients will be involved in this process. For example, RAs in building maintenance should be conducted with assistance from the building manager. Care RAs may involve the service user and their family.

Depending on the industry, it may be difficult to offer too much specific information on risk at tender stage as you may not have visited the site yet or even know where your site(s) will be. In this case, it would be useful to include a number of common risks associated with your line of work as well as any you may have already identified specific to the contract. Including example or specific risks demonstrates that you understand and are prepared to deal operational risks.

Mitigating Risks

Once you have demonstrated your approach to identifying risks, it is equally important to show that you are able to mitigate against them. Rather than providing a point-by-point response, on mitigating each and every risk, you simply need to discuss your standard procedures on risk mitigation.

Blow-by-blow risk assessments will cover your procedures in finer detail. Again, your processes should be contract and industry specific. For example, a cleaning contractor might place signs to indicate where the floor may be slippery as a result of their work.

Some example mitigations could include:

  • Construction – cordoning off workspaces and clearly signposting the area in order to prevent members of the public from entering the site.
  • Care – assigning two care workers to support an elderly client on trips to the shop, reducing the likelihood of them tripping or falling over.
  • Security – Mitigate hostile threats to personnel by wearing protective clothing and minimising lone-working.

Another crucial element in risk mitigation is providing your staff with appropriate training. This will ensure that they can correctly and safely use equipment and follow procedures. In your response you should detail specific modules, equipment and procedures that your staff have been trained in. If applicable, you should name the qualifications that they have achieved. For example, a construction contractor may undergo health and safety and site procedure training, obtaining a Construction Skills Certifications Scheme (CSCS) card as a result.

Where relevant, you should include details on any Personal Protective Equipment (PPE) you issue to your staff as well as the guidelines you mandate for specific use cases.

Responding to Incidents

Reducing risk is all well and good, but for full marks, you will also need to demonstrate your ability to cope with incidents should they occur. Usually this response will consist of a combination of the following (although this is industry dependent):

  • Cordoning off the affected area, isolating the incident or preventing public access to it.
  • Administering first aid
  • Contacting the relevant emergency services
  • Informing management and the client

The buyer won’t expect you to be able to deal with every hypothetical incident conceivable, so just stick to describing your standard response.

The main thing here, it to make the buyer confident that incidents are very unlikely to occur. If you have statistics on previous incidents etc. these will be useful. Any examples of how you dealt with any incidents in the past will also go down well.

Reporting and Learning from Incidents

The final element in your response to a risk approach question should be about how you report any incidents and ensure that they do not happen again.

For reporting, you should describe:

  • How your staff record the details of any accident or incident
  • Where these details are logged
  • How often are incident logs reviewed and by whom
  • How incident details or logs are shared with your client and how often this takes place

Learning from previous incidents will often be closely related to reporting. As incident logs are reviewed, lessons from them will presumably be learned. However, you should also mention whether staff retraining, or refresher training, would be necessary after certain incidents. This is particularly important if it was your staff at fault.

Risk Assessments

Instead of (or in addition to) describing your risk management, you may simply need to provide example or specific risks assessments.

A risk assessment is a more itemised and detailed version of the risk management approach shown above. Rather than describing a general approach, a risk assessment will address each risk and should include:

  • The nature of the risk
  • The impact if it occurred
  • The likelihood of the risk occurring
  • Any actions you could take to mitigate the risk
  • The person responsible for the mitigation (the “owner”)

Risk assessments are often displayed in tables and use numerical values to express the likelihood and impact of potential risks:

Risk Impact (1-5) Likelihood (1-5) Mitigation Actions Owner


Example Vs Specific Risk Assessments

Depending on the tendering process, you may need to provide either an example risk assessment or a specific one.

Example risk assessments should be drawn up using risks and mitigations that you are likely to encounter and deploy during the contract. As before, the more relevant, the better.

Specific risk assessments should only be asked for if the buyer is offering you the opportunity to conduct a site visit, or if the service you provide and are bidding for is not site specific, such as Home Care.

However, if you are the incumbent provider and are asked to provide an example risk assessment, you should provide one that is specific to your existing contract. This will demonstrate that you have the existing measures in place to mitigate and respond to all relevant risks, whereas your rival tenderers will not.


Risk management approach and risk assessments may form a significant portion of any tender you bid for; however, you shouldn’t worry. As professionals experienced in your field, you’ll most-likely conduct risk identification, mitigation and response management, even if you’ve never written it down.

If you’re still struggling to put pen to paper, give us a call. We’ll help translate your practises into words.


Did you enjoy this post?

Check out one of our latest blogs: Why You Shouldn’t Be Bidding (Yet)

Follow us on Linkedin to keep up with our day-to-day operations. We post new tenders, weekly blogs, tips, tricks and more.


Contact us

Talk to an expert

We will provide a free, no obligation consultation on your bidding requirements