The Australian/New Zealand Standard on Risk Management By Professor J A Cross.

The Australian/New ZealandStandard on Risk Management

By

Professor J A Cross

Modern Development of Risk Management

Investments

Insurance

Liability

Security

Environment

FireOHS

Quality

ProactiveManagement

of Risk

Communicate

Monitor

Iden

tifyAsses

Trea

tC

onte

xt

Emergency PlanningBusiness Continuity

Innovation

Quality

Investment

Human ResourceManagement Corporate

Governance

Change Management

Production

Safety

Environment

Why develop a standard?

• To define good practice in risk management• To support new government and industry

practice• To support legislation requiring risk

management• To standardize terminology• To help integrate risk management practice

Objectives

• One standard for all risks and organisations• To be understood by non experts• risk is about managing opportunity as well as

loss• To define good risk management practice not

to specify particular risk management tools or techniques

Risk Management

• The culture, processes and structures that are directed to the effective management of potential opportunities and adverse effects

The Process• The systematic application of management policies

procedures and practices to the tasks of establishing the context identifying, analysing evaluating, treating monitoring and communicating risk

Risk Management

• proactive• systematic• logical analysis

but• takes account of political realities

Risk Management AS/NZS 4360

ESTABLISH THE CONTEXT

IDENTIFY RISKS

ANALYSE RISKS

EVALUATE RISK

AS

SE

SS

TREAT RISKS

CO

NS

UL

T A

ND

CO

MM

UN

ICA

TE

MO

NIT

OR

AN

D R

EV

IEW

Safety

Regulations

• Consult

• Identify• Assess• Control• Monitor

AS4360

Risk Management

• Consult• Context• Identify• Assess• Treat

• Monitor• Feedback

CommunicateInternal and External

• Stakeholder views and needs are important• Poor communication is a source of risk• Team approach needed to identify risks• Ownership of risk management process

ContextFirst Think Strategically

• Organisation’s Mission and Culture• Organisation’s Objectives• Stakeholders• Strengths and Weaknesses,

Opportunities and Threats

Risk Management Context

• The context of the risk within the organisation• Areas of particular concern• Deciding resources• Deciding scope of risk management activities• Legal Requirements• Factors which affect ability to manage the risk

Criteria for acceptability

Eg:

• Legal limits

• Company policy and standards

• Cost benefit criteria

• Criteria for unacceptable risk - work must stop

Structured Approach

• Steps of Project• Activities to be undertaken• Risks of activities• Sources of risk

Identification

• The risk management context

Identify studies needed,

scope, objectives, resources

generic sources of risk and areas of impact

Identify Risks

What can happen

How it can happen

Identification

• The most critical step of the process

- risks not identified can not be controlled

• Requires

- a systematic and comprehensive approach

- imagination

- in depth understanding

Purpose of Identification

• To identify new risks which follow change• As part of process prioritisation• To ensure best procedures and controls used• To make people aware of risks

Workforce Involvement

• Gives the message that safety matters• Helps people understand hazards• Trains in hazard awareness

Analysis

ANALYSE RISKS

Determine Existing Controls

DetermineConsequences

DetermineLikelihood

Establish Level of Risk

Co

ns

ult

an

d C

om

mu

nic

ate

Mo

nit

or

and

Re

vie

w

Evaluation

• Comparing against criteria• Deciding whether the risk is acceptable• Deciding whether the risk is as low as

reasonably practical• Deciding priorities for action

taking account of wider context of risks

communicating with stakeholders

Analysis

• Purpose

To separate minor risks from major

To estimate the size of the risk

To provide information for decisions

To provide information on how to reduce risk

Risk analysis should be logical,

systematic and as objective as possible

Treatment

• Identify treatment options• Evaluate treatment options• Prepare management plan• Implement plan• Define mechanism for monitoring

Treatment Options

• Avoid - Eliminate• Reduce probability• Reduce Consequences• Transfer or share

- Insurance

- Subcontracting• Retain and plan

RISK CONTROL

Treatment Plan

• What is to be done?• Who by?• When by?• Where is the budget?• What are potential problems?• How will the plan be monitored?

Monitor and Review

• Risks

- Regularly check for new risks

- Look for new factors increasing risk

- Changes in priorities

• Systems which control risk

- Audit

- Review

Implementation

• Support of senior management• Develop organisational policy• Communicate policy

- risk management an integral part of planning

• Manage risks at organisational level• Manage risks at program and team level• Monitor and review

A decision making process within a Safety management System

• Requires

Policy

Organisation

- Management representative

- Responsibility and authority

- Resources

Management Review

Plan Act Review Improve

Documentation

Adequate Auditable• Methods• Information Sources• Assumptions• Results• Decisions

Why document?

• To demonstrate that you have undertaken the process with due diligence

• To communicate with others

- about risk

- about risk control• So you can remember what you did• To provide a trail for audit and review

What is New?

OLD• Reactive• When it happens• What is wrong• Identify hazards

• Perceived Risks• Standard Controls

NEW• Proactive• Formal Procedure• What could go wrong• Identify hazards and

what might happen• Assessed risks• Develop procedures

TV Transmission Tower Maintenance

• Context

- Government agency - at present no competition

- about to be outsourced

- key objective is continuity of transmission

- key risk public liability from injury of trespassers

- many transmission towers are in remote areas

Identification Exercise

• Hazards

- vehicle accidents

- heights

- radiation

- manual handling

Also Identified

• Vehicle checking procedures not always followed• 4 Wheel drive training courses specified were not

available• People were pressured to drive long distances when tired• Climbing equipment was not regularly maintained -

(person whose job it was had been down sized!)• Performance indicator based on minimising downtime -

normally climb with power on and rely on communication procedures for reducing power when passing transmitter