The Australian/New Zealand Standard on Risk Management By Professor J A Cross
Modern Development of Risk Management
Investments Insurance Environment Security Liability Quality Fire OHS
Change Management Human Resource Management Business Continuity Emergency Planning Innovation Environment Monitor Treat Safety Proactive Management of Risk Identify Quality Production Context Asses Change Management Communicate Investment Governance Human Resource Management Corporate
Why develop a standard? To define good practice in risk management To support new government and industry practice To support legislation requiring risk management To standardize terminology To help integrate risk management practice
Objectives One standard for all risks and organisations To be understood by non experts risk is about managing opportunity as well as loss To define good risk management practice not to specify particular risk management tools or techniques
Risk Management The culture, processes and structures that are directed to the effective management of potential opportunities and adverse effects The Process The systematic application of management policies procedures and practices to the tasks of establishing the context identifying, analysing evaluating, treating monitoring and communicating risk
Risk Management proactive systematic logical analysis but takes account of political realities
Risk Management AS/NZS 4360 ESTABLISH THE CONTEXT IDENTIFY RISKS CONSULT AND COMMUNICATE MONITOR AND REVIEW ANALYSE RISKS ASSESS EVALUATE RISK TREAT RISKS
Safety Regulations Consult Identify Assess Control Monitor AS4360 Risk Management Consult Context Identify Assess Treat Monitor Feedback
Communicate Internal and External Stakeholder views and needs are important Poor communication is a source of risk Team approach needed to identify risks Ownership of risk management process
Context First Think Strategically Organisation’s Mission and Culture Organisation’s Objectives Stakeholders Strengths and Weaknesses, Opportunities and Threats
Risk Management Context The context of the risk within the organisation Areas of particular concern Deciding resources Deciding scope of risk management activities Legal Requirements Factors which affect ability to manage the risk
Criteria for acceptability Eg: Legal limits Company policy and standards Cost benefit criteria Criteria for unacceptable risk - work must stop
Structured Approach Steps of Project Activities to be undertaken Risks of activities Sources of risk
Identification The risk management context Identify studies needed, scope, objectives, resources generic sources of risk and areas of impact Identify Risks What can happen How it can happen
Identification The most critical step of the process - risks not identified can not be controlled Requires - a systematic and comprehensive approach - imagination - in depth understanding
Purpose of Identification To identify new risks which follow change As part of process prioritisation To ensure best procedures and controls used To make people aware of risks
Workforce Involvement Gives the message that safety matters Helps people understand hazards Trains in hazard awareness
Analysis ANALYSE RISKS Consult and Communicate Monitor and Review Determine Existing Controls Determine Consequences Determine Likelihood Consult and Communicate Monitor and Review Establish Level of Risk
Evaluation Comparing against criteria Deciding whether the risk is acceptable Deciding whether the risk is as low as reasonably practical Deciding priorities for action taking account of wider context of risks communicating with stakeholders
Analysis To separate minor risks from major Purpose To estimate the size of the risk To provide information for decisions To provide information on how to reduce risk Risk analysis should be logical, systematic and as objective as possible
Treatment Identify treatment options Evaluate treatment options Prepare management plan Implement plan Define mechanism for monitoring
Treatment Options Avoid - Eliminate Reduce probability RISK Reduce Consequences Transfer or share - Insurance - Subcontracting Retain and plan RISK CONTROL
Treatment Plan What is to be done? Who by? When by? Where is the budget? What are potential problems? How will the plan be monitored?
Monitor and Review Risks - Regularly check for new risks - Look for new factors increasing risk - Changes in priorities Systems which control risk - Audit - Review
Implementation Support of senior management Develop organisational policy Communicate policy - risk management an integral part of planning Manage risks at organisational level Manage risks at program and team level Monitor and review
A decision making process within a Safety management System Requires Policy Organisation - Management representative - Responsibility and authority - Resources Management Review Plan Act Review Improve
Documentation Adequate Auditable Methods Information Sources Assumptions Results Decisions
Why document? To demonstrate that you have undertaken the process with due diligence To communicate with others - about risk - about risk control So you can remember what you did To provide a trail for audit and review
What is New? OLD NEW Reactive When it happens What is wrong Identify hazards Perceived Risks Standard Controls NEW Proactive Formal Procedure What could go wrong Identify hazards and what might happen Assessed risks Develop procedures
TV Transmission Tower Maintenance Context - Government agency - at present no competition - about to be outsourced - key objective is continuity of transmission - key risk public liability from injury of trespassers - many transmission towers are in remote areas
Identification Exercise Hazards - vehicle accidents - heights - radiation - manual handling
Also Identified Vehicle checking procedures not always followed 4 Wheel drive training courses specified were not available People were pressured to drive long distances when tired Climbing equipment was not regularly maintained - (person whose job it was had been down sized!) Performance indicator based on minimising downtime - normally climb with power on and rely on communication procedures for reducing power when passing transmitter