More than OH&S
Definitions of Risk Risk is virtually anything that threatens or limits the ability of a community or non-profit organisation to achieve its mission. OR Effect of uncertainty on objectives Reference: AS/NZS/ISO Risk Management 2009
Definitions continued It can be unexpected and unpredictable events such as destruction of a building, the wiping of all your computer files, loss of funds through theft or an injury to a member or visitor who trips on a slippery floor and decides to sue. Any of these or a million other things can happen, and if they do they have the potential to damage your organisation, cost you money, or in a worst case scenario, cause your organisation to close.
5 Key steps in Risk Assessment 1. Establish the context 2. Identify risk/s 3. Analyse Risk (Likelihood and Consequence) 4. Evaluating Risk 5. Monitor and Review
The Risk Management Process
Establishing a context What relationships does the organisation have and how important are these? What laws, regulations, rules or standards apply to your organisation? What are the aims and objectives of the organisation? Who is involved with the organisation - internally and externally? What are your organisation's capabilities? What are you currently doing for risk management either formally or informally? Have you established some criteria for your organisation that defines what level of risk is acceptable?
Identifying Risk Whole of organisation Brain Storm: What is at risk and what will the effect be? What can happen? When, where, why and how might this occur? Who and what might be involved? What and the effects and who is affected? What are we doing about this now?
Analysing Risk What is the likelihood of the risk occurring and what is the consequence of that outcome? High probability /Low impactHigh Probability /High Impact Low probability /Low impactLow Probability /High Impact Likelihood rating A - Frequent - Likely to occur frequently B - Probable - would occur but not frequently C - Occasional - could happen occasionally D - Remote - Rare, not likely but possible E - Improbable - Highly unlikely but still possible Consequence/Severity rating A - Catastrophic - may result in death or loss of bodily functions B - Critical - may cause severe injury, illness C - Marginal - may cause injury or illness resulting in loss of work as an example D - Negligible - may cause minor injury or illness
Evaluating Risk Its about determining whether the level of risk is acceptable or unacceptable. It enables priorities to be established that equate to an appropriate level of risk. Options include: Treating, accepting, avoiding, reducing and/or transferring the risk
Monitor and Review Monitoring = Continual assessment of what has been implemented Review = A periodic assessment of the effectiveness and environment
InsignificantMinorModerateMajorCatastrophic Probability:Historical: Likelihood >1 in 10 Is expected to occur in most circumstanc es 5 Almost Certain MHHEE 1 in Will probably occur 4 LikelyMMHHE 1 in 100 – 1,000 Might occur at some time in the future 3 PossibleLMMHE 1 in 1,000 – 10,000 Could occur but doubtful 2 UnlikelyLMMHH 1 in 10,000 – 100,000 May occur but only in exceptional circumstanc es 1 RareLLMMH E – Extreme risk – detailed action plan required H - High risk – needs senior management attention M – Medium risk – specify management responsibility L – Low risk – manage by routine procedures High or Extreme risks must be reported to Senior Management and require detailed treatment plans to reduce the risk to Low or Medium.
Consequence People Injuries or ailments not requiring medical treatment. Minor injury or First Aid Treatment Case. Serious injury causing hospitalisation or multiple medical treatment cases. Life threatening injury or multiple serious injuries causing hospitalisation. Death or multiple life threatening injuries. Reputation Internal Review Scrutiny required by internal committees or internal audit to prevent escalation. Scrutiny required by external committees or ACT Auditor Generals Office, or inquest, etc. Intense public, political and media scrutiny. Eg: front page headlines, TV, etc. Assembly inquiry or Commission of inquiry or adverse national media. Business Process & Systems Minor errors in systems or processes requiring corrective action, or minor delay without impact on overall schedule. Policy procedural rule occasionally not met or services do not fully meet needs. One or more key accountability requirements not met. Inconvenient but not client welfare threatening. Strategies not consistent with Governments agenda. Trends show service is degraded. Critical system failure, bad policy advice or ongoing non-compliance. Business severely affected. Financial 1% of Budget or <$5K 2.5% of Budget or <$50K > 5% of Budget or <$500K > 10% of Budget or <$5M >25% of Budget or >$5M
An example of risk assessment not solely focussed on OHS
R ISK R EFERENCE T HE R ISK W HAT C AN H APPEN ? S OURCE H OW CAN THIS H APPEN I MPACT FROM EVENT HAPPENING C URRENT CONTROL S TRATEGIES AND THEIR EFFECTIVENESS (A) –Adequate (M) – Moderate (I) – Indadequate C URRENT R ISK L EVEL A CCEPTABILITY (A/U) L IKELIHOOD C ONSEQUENCE C URRENT R ISK L EVEL Identifying and Analysing Risks
R ISK R EFERENCE P OTENTIAL T REATMENT O PTIONS C OSTS & B ENEFITS I S THE T REATMENT TO BE I MPLEMENTED (Y/N) T ARGET R ISK L EVEL R ESPONSIBLE P ERSON T IMETABLE For implementation M ONITORING strategies to measure effectiveness of Risk Treatments L IKELIHOOD C ONSEQUENCE T ARGET L EVEL Risk Treatment Schedule and Action Plan