Procedure Template - Risk Management ISO 9001 2015Full description
Risk managementDeskripsi lengkap
risk management
Performance requirements for the assessment, control, monitoring and reporting of material risks that could impact Our Purpose and business plans.
Descripción: SOP Template
Descripción completa
Risk Assessment Procedure
Lecture 12- Risk ManagementFull description
Risk Management Project as part of the masterclass Risk Management Strategic Business Decisions program.Full description
Full description
risk managementFull description
Enterprise Risk Management (ERM) adalah suatu proses (me-manage)pengelolaan risiko secara menyeluruh untuk mengelola ketidakpastian, meminimalisir ancaman dan memaksimalkan peluang yang diim…Deskripsi lengkap
Construction Risk Management
risk managementDescrição completa
Risk Management
Risk Management Quotes eBook
Descripción: Project Risk Management
Risk Management Plan 1Full description
APPENDIX D:
Risk Management Procedure Proce dure – Template
319305228
Table of Contents
Risk Management Procedure.............................................................................................. .. Template............................................................................................................................. .. Table of Contents................................................................................................................. Introduction........................................................................................................................ .. Definitions............................................................................................................................ .. Objectives of Risk Management............................................................................................ .. Benefits of Risk Management................................................................................................ .. Roles and responsibilities................................................................................................... .. Risk Management Governance Structure.............................................................................. .. Relationship with other processes..................................................................................... .. Key Process teps............................................................................................................... One: Communicate and Consult............................................................................................ .. To: !stablis" t"e Conte#t..................................................................................................
319305228
Table of Contents
Risk Management Procedure.............................................................................................. .. Template............................................................................................................................. .. Table of Contents................................................................................................................. Introduction........................................................................................................................ .. Definitions............................................................................................................................ .. Objectives of Risk Management............................................................................................ .. Benefits of Risk Management................................................................................................ .. Roles and responsibilities................................................................................................... .. Risk Management Governance Structure.............................................................................. .. Relationship with other processes..................................................................................... .. Key Process teps............................................................................................................... One: Communicate and Consult............................................................................................ .. To: !stablis" t"e Conte#t..................................................................................................
Risk Treatment 'ctions Status Detailed............................................................................ 'ssurance Coverage Coverage of /e% Risks............... Risks............... ............................ .............. ............................ .................... ........... .......... .......... .......... ........ ... Risk Management 'nnual 'ctivit% Sc"edule and $m(rovement $nitiatives........................... 0e and !merging T"reats and O((ortunities.................................................................... Detailed Risk Register.........................................................................................................
319305228
Introduction The role of this risk management procedure is to provide staff with guidance in how to apply consistent and comprehensive risk management This procedure provides information on how to identify! analyse! evaluate and treat risks
In addition! it identifies other key activities needed for an effective risk management approach The risk management process contained in this procedure aligns with the Australian "tandard for #isk $anagement %A"&N'" I"()*+++:,++-.
#isk is the chance of something happening that will have an impact on o/0ectives It is important that we manage risks in order that the negative impact of risks upon achievement of our o/0ectives is minimised and our a/ility to realise potential opportunities is ma1imised
"et out /elow is a diagram illustrating how this procedure interacts with management documents:
other key risk
319305228
'b(ecti)es of Risk Management
#isk management is a responsi/ility of all! with specific risk responsi/ilities /eing allocated to different groups and levels within the organisation It is important to have complete and current risk information availa/le as this information assists the to make more informed decisions around /oth strategic direction and operational o/0ectives
#isk management is not a stand3alone discipline /ut re4uires integration with e1isting /usiness processes such as /usiness planning and Internal Audit! in order to provide us with the greatest /enefits
The o/0ectives of a risk management framework are to:
•
Provide a systematic approach to the early identification and management of risks5
•
Provide consistent risk assessment criteria5
•
$ake availa/le accurate and concise risk information that informs decision making including /usiness direction5
319305228
Roles and responsibilities
An organisation2s a/ility to conduct effective risk management is dependent upon having an appropriate risk governance structure and well3defined roles and responsi/ilities
It is important for everyone to /e aware of his or her individual and collective risk management responsi/ilities In order for risks to /e effectively managed! it is essential to have people /ehaving in a way that is consistent with the organisation2s approved approach This indicates that risk management is not merely a/out having a well3defined process /ut also a/out effecting the /ehavioural change necessary for risk management to /e em/edded in all organisational activities
"et out /elow is risk management governance structure This structure illustrates that risk management is not the sole responsi/ility of one individual /ut rather occurs and is supported at all organisational levels
Risk Management +o)ernance tructure
319305228
Board •
Indicate the detailed responsi/ilities of the 9oard %if applica/le.
Committee •
Indicate the detailed responsi/ilities of the relevant committee %if applica/le.
C"ief !#ecutive Officer •
Indicate the detailed responsi/ilities of the relevant 6E( or relevant position %if applica/le.
Risk Committee •
Indicate the detailed responsi/ilities of the relevant internal risk committee or relevant
319305228
Relationship with other processes
#isk management is not a stand3alone discipline In order to ma1imie risk management /enefits and opportunities! it needs to /e integrated with e1isting /usiness processes
"ome of the key /usiness processes with which risk alignment is necessary are:
•
Internal !udit 7 Internal Audit reviews the effectiveness of controls Alignment /etween the Internal Audit function and that of the controls within the #isk $anagement process is critical! and the role of #isk 8 6ompliance $anager will seek to align these core processes
319305228
Key Process teps
#isk management is a continual process that involves the following key steps:
•
6ommunicate and consult
•
Esta/lish the conte1t
•
Identify risks
•
Analyse risks
•
Evaluate risks
•
Treat risks
•
$onitor and review
It is important to follow this process when conducting risk management as this ensures that the approach to risk management is /oth comprehensive and consistent
319305228
Process tep
')er)iew
comprehensive picture of the risks we face
"ternal communication and consultation is targeted at informing e1ternal stakeholders of: •
•
•
The organisation2s risk management approach The effectiveness of our risk management approach #e4uesting feed/ack where appropriate
#isk management is a key governance and management function! which e1ternal stakeholders! including =overnment and industry! are paying! increased attention to "atisfying these stakeholders that we use appropriate risk management practices will influence their perception of the organisation
Process
319305228
Process tep
')er)iew
Conte"t
/. The e"ternal conte"t 9uilding an understanding of our e1ternal stakeholders and hence the e1tent to which this e1ternal environment will impact on our a/ility to achieve corporate o/0ectives: •
•
9usiness! "ocial! #egulatory! 6ultural! 6ompetitive! ?inancial and Political Environments in which we operate It also involves considering our strengths! weaknesses! opportunities and threats
0. The internal conte"t This is aimed at understanding organisational elements and the way they interact! such as: •
6ulture! internal stakeholders! structure! capa/ilities %in terms of resources such as people! systems! processes and capital.! goals and
Process
319305228
Process tep
')er)iew
Part of risk identification also involves identifying risks that may arise ;over the horion< "ome e1amples of possi/le considerations could include: •
•
@orldwide events #ising pu/lic e1pectations re pu/lic sector entities
Process
319305228
Process tep
')er)iew
•
•
•
•
Process
Identifying controls currently in place to manage the risk /y either reducing the conse4uence or likelihood of the risk5 Assessing the effectiveness of current controls5 Identifying the likelihood of the risk occurring5 and Identifying the potential conse4uence or impact that would result if the risk was to occur
@hen evaluating the effectiveness of current controls! the factors to consider include consistency of application! understanding of control content and documentation of controls where appropriate 6ontrols are aimed at /ringing the risk within an accepta/le level The evaluation of current controls can occur through several different processes including:
319305228
Process tep
')er)iew
Process
319305228
Process tep
')er)iew
Possi/le risk treatment options include: •
•
•
•
•
Avoid the risk 7 change /usiness process or o/0ective so as to avoid the risk5 6hange the likelihood 7 undertake actions aimed at reducing the cause of the risk5 6hange the conse4uence 7 undertake actions aimed at reducing the impact of the risk5 "hare&transfer the risk 7 transfer ownership and lia/ility to a third party5 and #etain the risk 7 accept the impact of the risk
@hen determining the preferred treatment option! consideration should /e given to the cost of the treatment as compared to the likely risk reduction that will result %cost /enefit analysis.
Process
319305228
Process tep
')er)iew
entire risk register will /e reviewed! with review participation /eing /roader than solely #isk (wners and #isk Treatment (wners
It is also important for the effectiveness of the risk management framework to monitored and reviewed This framework drives the e1tent to which risks will /e ade4uately managed throughout the organisation $onitoring implementation of the #isk $anagement "trategy is one availa/le monitoring mechanism
In addition! the risk management framework itself will /e reviewed annually! with results /eing reported to the A#6 and the 9oard As risk management developments are constantly occurring! this review mechanism will provide us with information on current risk management developments! facilitating us making continuous risk management improvements
"et out /elow is a diagram illustrating how the risk management overall risk management framework
#isk management reporting is a key element of the $onitor and #eview2 phase of the risk management process! and needs to occur at each step of the process This risk management reporting process supports a formalised! structured and comprehensive approach /y to the monitoring and review of its risks! there/y enhancing its risk management process Risk Management Reporting Responsibilities +roup
Responsibilities
#isk (wners
•
Identify new and emerging risks
•
$onitor and review the risks which they own
•
Prepare reports for the risks which they own
•
=eneral $anager! ?inance and 6orporate "ervices
#isk and 6ompliance $anager
Provide the #isk and 6ompliance $anager with information on the risks which they own
•
Identify new and emerging risks
•
#eview reports prepared /y the #isk and 6ompliance $anager
•
Provide e1ecutive support to the #isk and 6ompliance $anager! for e1ample! re4uiring timely provision of risk information from the organisation to the #isk and 6ompliance $anager
•
Identify new and emerging risks
•
Prepare reports
•
•
=ather risk information from the relevant organisational people! for e1ample! #isk (wners Identify new and emerging risks
Risk $e)el
scalation Recipient
igh "ignificant $edium ow
Risk Reports and Recipients
Report Type
Timing
!ccess to Risk Management Reporting 3ramework The #isk $anagement #eporting ?ramework will /e made availa/le to each employee of The #isk $anagement #eporting ?ramework will /e availa/le as follows: •
•
References ?or further information on risk management! the following documents provide a comprehensive and practical overview:
•
A"&N'" I"( )*+++:,++- 7 #isk management 3 Principles and guidelines
9 ),B:,+*+ 7 6ommunicating and consulting a/out risk
!ppendi"#
Risk Control $ikelihood Conse%uence Rating
The following were endorsed /y the
in
for
These will /e su/0ect to review in
Control ffecti)eness Rating Criteria Rating
&efinition
Indicators
$ikelihood Rating Criteria Rating
&escriptor
3re%uency
&escription
Conse%uence Rating cale &escriptio n Rating
3inancial
er)ice 4uality
Reputation
People 5 Knowledge
takeholders
Compliance6 +o)ernance 5 $egal
ystems 5 Processes
18
&escriptio n Rating
3inancial
er)ice 4uality
Reputation
People 5 Knowledge
takeholders
Compliance6 +o)ernance 5 $egal
ystems 5 Processes
19
!ppendi"# Risk assessment templates and heat map
RIK 3'R 7 PDATED AND END(#"ED
'wner
Risk &escription
9J TE
Risk Category
2o Conse%uence$ikelihood
Risk Rating
Risk !ssessment Template
Title#
Risk !ssessment Completed *y#
Category#
&ate !ssessed#
Identify Risks
Risk – &escription : Impact
Cause
)aluate !ction
!nalyse Risks
"isting Controls
Control !ssessment
Risk !ssessment
Conse%uence $ikelihood
Treat Risk;
Avoid #isk Accept #isk #educe #isk
Risk Rating
Transfer #isk Increase #isk
Risk !ssessment Treatment Plan Template
Risk 'wner# Preferred Risk Treatment and 'b(ecti)e
18
Treat Risks
Risk Treatment : !ction Plan
Monitor 5 Re)iew !ccountabilitie s
Timeline s
Risk Rating
Insurance
Re)iew : Monitor Insurance tatus
KRI
KCI
Measurement and monitoring
Insura/leK InsuredK
19
319305228
!ppendi"# Risk Reporting – potential risk reports
Risk Profile
Purpose The #isk Profile #eport provides a graphical representation of the placement of key risks on a heat map This report provides a 4uick reference for Directors and E1ecutives as to the organisation2s risk e1posure It helps to guide the allocation of resources to treat those risks! which pose the /iggest threat! /oth in terms of likelihood and conse4uence This report is a snapshot of the organiations current organisational risk profile
In addition! the #isk Profile #eport will document the e1tent of risk rating changes that have occurred and e1plain the known or likely reasons for the change The types of reasons that might /e presented include: •
6hange in operations
•
Internal Audit findings indicate that controls are less effective than anticipated Implementation of risk treatment actions
319305228
•
•
Any improvements re4uired The status of any approved treatment actions
319305228
Risk treatment actions status - detailed
Purpose The #isk Treatment Actions #eport contains a status update on progress against approved risk treatment actions People are more likely to deliver upon what they are measured against Therefore this report increases accounta/ility for delivery against agreed risk management actions It also provides comfort to Directors and E1ecutives that risks are /eing treated as anticipated
Information included •
#isk description
•
#isk rating
•
Description of the risk treatment action
•
Date for completion of risk treatment
•
Person%s. responsi/le
•
"tatus %eg in progress! completed.
319305228
•
Description of the assurance activities 7 Previous year
•
Description of the assurance activities 7 6urrent year
The key findings of assurance activities! as they influence risk! would /e reflected in the organisation2s #isk Profile #eport within the reason for change2 column
Risk management annual activity schedule and improvement Initiatives
Purpose The #isk $anagement Improvement Initiatives #eport tracks progress against the risk management improvement initiatives approved to /e implemented over the coming year It provides assurance around the continual improvement of the risk management processes and practices
Information included •
Description of the initiative5
319305228
This report is a summary risk register that includes the f ollowing information: •
#isk description5
•
#isk category5
•
#isk rating5
•
6auses5
•
Impacts5 and
•
6urrent controls
The would then determine whether the risks contained in this report warranted inclusion in the risk register @here risks are included in the risk register! the Audit and #isk 6ommittee and the 9oard would have visi/ility of the new risk information in the #isk Profile #eport
Detailed risk register
Purpose The Detailed #isk #egister #eport contains all information contained in the risk register All
319305228
Templates ,"amplesRisk Profile
!lmost Certain
H
$ikely
,!)
C -!G!*+
Possible
*
*G
8nlikely
B
*)
Remote
*L
*,!L
**
$IK$I9''&: Insignificant
Minor
Moderate
Ma(or
"treme
C'2482C
Rank
Ref
/
H
0
C
1
-
Risk Category
Risk &escription
Rating 9igh
9igh
Trend
ignificant
P A=E *C (? L)
Reason for Change
Impro)ement Re%uired;
Mreason for change
Mreason for change
Mreason for change
Impro)ement tatus
319305228
Rank
Ref
Risk Category
Risk &escription
Rating
=
G
ignificant
>
*+
ignificant
?
*,
ignificant
@
L
ignificant
Trend
Reason for Change
Impro)ement Re%uired;
Mreason for change
Mreason for change
No
Mreason for change
No
Mreason for change
Mreason for change
Mreason for change
Mreason for change
Mreason for change
No
Mreason for change
Mreason for change
No
Mreason for change
No
Mreason for change
A
,
ignificant
B
)
ignificant
/
*)
Medium
//
*
Medium
/0
**
$ow
/1
B
$ow
/=
*L
$ow
/>
*G
Medium
Key Risks in red are new: emerging risks Completed Rows highlighted In Progress verdue Not Impro)ement tatus Applica!le
contain opportunities
P A=E *- (? L)
Impro)ement tatus
319305228
P A=E ,+ (? L)
319305228
/.
Risk Treatment !ctions tatus – &etailed
Ref
Risk &escription
H
-
Rating 9igh
ignificant
Treatment !ctions
&ue &ate
Responsible Person
tatus
*
Mdate
Mperson responsi/le
In progress
,
Mdate
Mperson responsi/le
6ompleted
)
Mdate
Mperson responsi/le
In progress
L
Mdate
Mperson responsi/le
6ompleted
*
Mdate
Mperson responsi/le
In progress
,
Mdate
Mperson responsi/le
In progress
)
Mdate
Mperson responsi/le
6ompleted
L
Mdate
Mperson responsi/le
In progress
Comments -GO complete %e1ample.
Completed In Progress verdue
319305228
!ssurance Co)erage of Key Risks
Rank
Risk &escription
Control : Treatment
Risk Rating
/
9igh
B
ignificant
>
ignificant
?
ignificant
Trend
!ssurance !cti)ities – Pre)ious
Internal Audit
None
Internal Audit
None
Internal Audit
Internal Audit
E1ternal Audit
Internal Audit
None
Internal Audit
None
=
ignificant
A
ignificant
319305228
Risk Management !nnual !cti)ity chedule and Impro)ement Initiati)es