The Australian/New Zealand Standard on Risk Management By Professor J A Cross
Jan 15, 2016
The Australian/New ZealandStandard on Risk Management
By
Professor J A Cross
Modern Development of Risk Management
Investments
Insurance
Liability
Security
Environment
FireOHS
Quality
ProactiveManagement
of Risk
Communicate
Monitor
Iden
tifyAsses
Trea
tC
onte
xt
Emergency PlanningBusiness Continuity
Innovation
Quality
Investment
Human ResourceManagement Corporate
Governance
Change Management
Production
Safety
Environment
Why develop a standard?
• To define good practice in risk management• To support new government and industry
practice• To support legislation requiring risk
management• To standardize terminology• To help integrate risk management practice
Objectives
• One standard for all risks and organisations• To be understood by non experts• risk is about managing opportunity as well as
loss• To define good risk management practice not
to specify particular risk management tools or techniques
Risk Management
• The culture, processes and structures that are directed to the effective management of potential opportunities and adverse effects
The Process• The systematic application of management policies
procedures and practices to the tasks of establishing the context identifying, analysing evaluating, treating monitoring and communicating risk
Risk Management
• proactive• systematic• logical analysis
but• takes account of political realities
Risk Management AS/NZS 4360
ESTABLISH THE CONTEXT
IDENTIFY RISKS
ANALYSE RISKS
EVALUATE RISK
AS
SE
SS
TREAT RISKS
CO
NS
UL
T A
ND
CO
MM
UN
ICA
TE
MO
NIT
OR
AN
D R
EV
IEW
Safety
Regulations
• Consult
• Identify• Assess• Control• Monitor
AS4360
Risk Management
• Consult• Context• Identify• Assess• Treat
• Monitor• Feedback
CommunicateInternal and External
• Stakeholder views and needs are important• Poor communication is a source of risk• Team approach needed to identify risks• Ownership of risk management process
ContextFirst Think Strategically
• Organisation’s Mission and Culture• Organisation’s Objectives• Stakeholders• Strengths and Weaknesses,
Opportunities and Threats
Risk Management Context
• The context of the risk within the organisation• Areas of particular concern• Deciding resources• Deciding scope of risk management activities• Legal Requirements• Factors which affect ability to manage the risk
Criteria for acceptability
Eg:
• Legal limits
• Company policy and standards
• Cost benefit criteria
• Criteria for unacceptable risk - work must stop
Structured Approach
• Steps of Project• Activities to be undertaken• Risks of activities• Sources of risk
Identification
• The risk management context
Identify studies needed,
scope, objectives, resources
generic sources of risk and areas of impact
Identify Risks
What can happen
How it can happen
Identification
• The most critical step of the process
- risks not identified can not be controlled
• Requires
- a systematic and comprehensive approach
- imagination
- in depth understanding
Purpose of Identification
• To identify new risks which follow change• As part of process prioritisation• To ensure best procedures and controls used• To make people aware of risks
Workforce Involvement
• Gives the message that safety matters• Helps people understand hazards• Trains in hazard awareness
Analysis
ANALYSE RISKS
Determine Existing Controls
DetermineConsequences
DetermineLikelihood
Establish Level of Risk
Co
ns
ult
an
d C
om
mu
nic
ate
Mo
nit
or
and
Re
vie
w
Evaluation
• Comparing against criteria• Deciding whether the risk is acceptable• Deciding whether the risk is as low as
reasonably practical• Deciding priorities for action
taking account of wider context of risks
communicating with stakeholders
Analysis
• Purpose
To separate minor risks from major
To estimate the size of the risk
To provide information for decisions
To provide information on how to reduce risk
Risk analysis should be logical,
systematic and as objective as possible
Treatment
• Identify treatment options• Evaluate treatment options• Prepare management plan• Implement plan• Define mechanism for monitoring
Treatment Options
• Avoid - Eliminate• Reduce probability• Reduce Consequences• Transfer or share
- Insurance
- Subcontracting• Retain and plan
RISK CONTROL
Treatment Plan
• What is to be done?• Who by?• When by?• Where is the budget?• What are potential problems?• How will the plan be monitored?
Monitor and Review
• Risks
- Regularly check for new risks
- Look for new factors increasing risk
- Changes in priorities
• Systems which control risk
- Audit
- Review
Implementation
• Support of senior management• Develop organisational policy• Communicate policy
- risk management an integral part of planning
• Manage risks at organisational level• Manage risks at program and team level• Monitor and review
A decision making process within a Safety management System
• Requires
Policy
Organisation
- Management representative
- Responsibility and authority
- Resources
Management Review
Plan Act Review Improve
Documentation
Adequate Auditable• Methods• Information Sources• Assumptions• Results• Decisions
Why document?
• To demonstrate that you have undertaken the process with due diligence
• To communicate with others
- about risk
- about risk control• So you can remember what you did• To provide a trail for audit and review
What is New?
OLD• Reactive• When it happens• What is wrong• Identify hazards
• Perceived Risks• Standard Controls
NEW• Proactive• Formal Procedure• What could go wrong• Identify hazards and
what might happen• Assessed risks• Develop procedures
TV Transmission Tower Maintenance
• Context
- Government agency - at present no competition
- about to be outsourced
- key objective is continuity of transmission
- key risk public liability from injury of trespassers
- many transmission towers are in remote areas
Identification Exercise
• Hazards
- vehicle accidents
- heights
- radiation
- manual handling
Also Identified
• Vehicle checking procedures not always followed• 4 Wheel drive training courses specified were not
available• People were pressured to drive long distances when tired• Climbing equipment was not regularly maintained -
(person whose job it was had been down sized!)• Performance indicator based on minimising downtime -
normally climb with power on and rely on communication procedures for reducing power when passing transmitter