Develop risk management plan
Overview 3
Key terms 4
Resources and references 5
About risk management 7
What is risk? 7
Defining risk 7
What is risk management? 8
Benefits of risk management 9
Applications of risk management 11
Organisational strategy and risk management 13
Risk attitude 13
Assessing risk attitude 15
Overview of the risk management process 19
The main elements 19
The risk context 22
The risk environment 22
Organisational objectives 23
Stakeholders 24
Risk criteria 26
Risk ratings 27
Existing controls 27
Documenting the risk management plan 30
Overview of risk management plans 30
Risk management plan template 31
What is a risk register? 31
Communication and consultation 34
Importance of communication and consultation 34
Communication and consultation plan 35
Using expert advice 36
Summary 38
Check your learning 39
Feedback 40
Overview
You may be familiar with the concept of risk management through your experience with current occupational health and safety (OHS) legislation. While this is an important part of organisational risk management, this topic extends the concept of risk beyond the area of OHS and addresses the management of risk inherent in all business decisions and activities.
This topic provides an overview of risk and risk management planning in organisations.
It will help you to answer the following questions:
· What is risk management?
· What are the benefits of risk management, and where can it be used?
· What is the relationship between risk management and the other plans and objectives of my organisation?
· What processes are involved in risk management?
· How can I develop and document a risk management plan?
· How can I communicate this plan to relevant stakeholders?
This topic will support you in developing the skills required to develop a risk management plan:
· Analyse and interpret the strategic position and policy on risk management
· Audit the organisation to identify risk management context and potential areas of risk
· Analyse organisational capability to reduce/control the likelihood of both incidents and consequences
· Develop a risk register incorporating a probability/consequence matrix
· Identify access to external specialist assistance within the plan
Key terms
consequence / outcome or impact from one eventcontrol / an existing process, policy, practice or other action that acts to minimise negative risk or enhance positive opportunities
event / occurrence of a particular set of circumstances
frequency / a measure of the number of occurrences per unit of time
hazard / a source of potential harm
likelihood / a general description of probability or frequency
loss / any negative consequence or adverse effect, financial or otherwise
monitor / to check, supervise, observe critically or measure the progress of an activity, action or system on a regular basis in order to identify change from the performance level required or expected
probability / the measure of the chance of occurrence expressed as a number between 0 and 1; ‘frequency’ or ‘likelihood’ rather than ‘probability’ may be used in describing risk
risk / the chance of something happening that will have an impact on objectives
risk analysis / a systematic process to understand the nature of and to deduce the level of risk
risk assessment / the overall process of risk identification, risk analysis and risk evaluation
risk avoidance / a decision not to become involved in, or to withdraw from, a risk situation
risk criteria / terms of reference by which the significance of risk is assessed (can include associated costs and benefits, legal and statutory requirements, socio-economic and environmental aspects, concerns of stakeholders, etc
risk evaluation / process of comparing the level of risk against risk criteria
risk identification / the process of determining what, where, when, why and how something could happen
risk management / the culture, processes and structures that are directed towards realising potential opportunities while managing adverse effects
risk register / a document recording a description of s risk, its causes and impacts, an outline of existing controls, an assessment of the likelihood and consequences of the risk given the existing controls, a risk rating, and the overall priority for the risk
risk reduction / actions taken to lessen the likelihood, negative consequences, or both, associated with a risk
risk treatment / process of selection and implementation of measures to modify risk (can include modifying, avoiding, sharing or retaining risk)
stakeholders / those people and organisations who may affect, be affected by or perceive themselves to be affected by a decision, activity or risk
Resources and references
Websites
Risk Management Standards Australia / www.riskmanagement.com.auA copy of Australian Standard 4360 Risk Manage can be ordered online.
Free Management Library / www.managementhelp.org
Follow link on home page to Risk Management to access many articles on safety, insurance, disaster planning, etc.
Mind Tools Ltd / www.mindtools.com
Choose from the drop-down menu on home page for articles on:
· Problem solving (look at cause and effect diagrams, risk analysis, SWOT)
· Decision making (look at Pareto, force field analysis, cost benefit analysis).
Risk Decisions / www.riskdecisions.com
Follow links on home page to ‘Articles’ for:
· True Estimates Reduce Project Risk
· White Papers for Using Risk Management for Strategic Advantage.
Public Identity Risk Institute / www.riskinstitute.org
Follow links on home page to Publications, Tools, Resources, to Risk Management, to Risk Management Starter Kit – and many more
/ www.businessballs.com
This website contains many articles related to organisational development. To help you reflect on various aspects of risk management, we will refer you to various humorous and interesting short stories which can also be found on this website.
To download these stories, use the link Stories, Research Findings and Analogies. Here are the ones that you might like to read for this topic:
· Lipstick kisses on the mirror
· The donkey
· Six phases of a project
· The blind golfers’ story
· Chickens
· The sweet old couple
· A story of 3 engineers
References
AS/NZS 4360:2004 (2004) Australian/New Zealand Standard Risk Management (3rd edn), Standards Australia (Note: The Standard provides invaluable information relevant to this topic. You can access the Standard through your TAFE or local library, or purchase it from SAI Global.)
Dorfman M S (1997) Introduction to Risk Management and Insurance (6th edn), Prentice Hall
Holmes A (2004) Smart Risk, Capstone, UK
Heldman K (2005) Project Manager’s Spotlight on Risk Management, Harbour Light Press, CA
Frame J Davidson (1994) The New Project Management, Jossey Bass, SF
About risk management
What is risk?
We can’t escape risk – it’s all around us. Recent world events such as terrorist activities have highlighted what a complex, risky world we live in. To a degree we may have become both more sensitive and a little more accustomed to the types of risks we face.
Many people are also becoming aware that risk is more complex and systemic than it has ever been. As we become more aware of risks – such as the risks of rising world temperatures and pollution in general – the more we become concerned about the causes of those risks and how to manage them. We are generally more concerned about the impacts of human existence on the environment and about the effects of racial and religious intolerance on world peace.
Defining risk
Generally we view risk in a negative way, and in terms of its negative consequences. It’s true that in organisations risks are potential events that pose threats to the organisation, its people and projects. We need to remember the other side of the equation too – that risks are also potential opportunities.
Completing this type of formal study may be a risk for you. You are investing a significant number of hours reading about risk and its management and completing assessment tasks. If you get to the end of the subject and realise that you’ve learnt a lot more about risk than when you started, you’ve taken on a risk and benefited from it. The risk (the threat of loss of time that you can’t regain) will thus end in opportunity because you’ll have achieved something at the conclusion of your study that you didn’t have in the beginning.
Within a business environment there is always the chance that you have overestimated the negative impact of competitor activity or underestimated your own sales potential. The outcome is your business performs better than predicted.
Another way of understanding this concept is if you assess there is a 50% probability or likelihood that a particular decision may not achieve a particular outcome, there may also be a 50% likelihood that the same decision will achieve a better than expected outcome.
In fact we can say that every business decision has risk associated with it because we never have absolute control over all factors that are inputs into decisions or of all the factors that impact on outcomes of decisions. This also highlights the need to manage risk in order to minimise its negative impact and maximise its beneficial potential.
A definition of risk that encompasses this notion that risk can have both negative and positive consequences is ‘Risk is the chance of something happening that will have an impact on objectives’.
/ Time for a short break!Go to www.businessballs.com and use the link Stories, Research Findings and Analogies and read the story called ‘Lipstick kisses on the mirror’.
What is risk management?
Take calculated risks. That is quite different from being rash.
General George S Patton 1885–1945
Organisations and individuals make decisions regarding risks every day. They might use a formally recognised, documented process or go with the ‘sink or swim’ approach. When the stakes are high and the results of actions likely to affect many people – as they often are in the business world – the latter approach is very ‘risky business’.
Although many of us would benefit by analysing the risks we take in our daily lives more effectively, the management of risk tends to be focused on organisations. This is because the implications of poor risk management can have significant impacts on a wider number of stakeholders as well as on national and local economies. It’s also because the nature of risk within organisations is far more complex that the simple tasks we have to manage as individuals.
A key part of the business process
Risk management is therefore generally recognised internationally as a key business process within both the private and public sectors. While risk management may include the treatment of identified risks (risk treatment), it is a broader and more strategic process. As we will deal with it in this subject, risk management is a holistic and generic management process that is applicable in all kinds of organisations at all levels and to individuals.
Risk management involves applying skills, knowledge and risk management tools and techniques to all aspects and functions of an organisation to reduce risks to an acceptable level while maximising opportunities.
Benefits of risk management
As a manager you are responsible for making decisions that benefit the organisation or area you manage and the relevant stakeholders. Whether you manage a for-profit company, a government organisation, a not-for-profit organisation or any other business, you’ll have one major goal in mind – to maximise benefits to the organisation and its stakeholders – customers, employees, shareholders, etc.
Both the end results of risk management and the processes that are involved in getting to the end result provide benefits to managers. For instance, for managers to make good decisions they need relevant information. Risk identification and analysis is part of the vital information you’ll use when determining a go or no-go decision regarding various projects. The structured risk management approach also enhances and encourages the identification of greater opportunities for continuous improvement through innovation.
Managers and business executives have found that risk management has the following specific benefits:
· Greater control: Control of adverse events is enhanced by identifying and taking actions to minimise their likelihood and reduce their effects.
· Greater confidence: People will have more confidence in their understanding of risks and their capability to manage them. This also encourages the seeking of opportunities as people feel safer in taking ‘calculated risks’.
· Improved planning, performance and effectiveness: Effective planning is facilitated by access to strategic information about the organisation. This also enhances the organisation’s ability to seize opportunities, mitigate negative outcomes and achieve better performance and productivity.
· Improved stakeholder relationships: Communication and consultation are essential processes in effective risk management. The development of dialogue between the organisation and its stakeholders increases mutual understanding of and insight into the wants, needs and motivations of both parties.
· Enhanced reputation: Organisations that are known to have a sound process for managing risk tend to attract investors, lenders, suppliers and customers.
· Accountability, assurance and governance: Through the demonstration and documentation of the risk management approach, various parts of the organisation are focused on conforming to requirements and enhanced performance.
· Personal wellbeing: Generally, when we effectively manage personal risk we experience an increase in our health and wellbeing.
/ The Risks of Success – Lee ForrestOne of the first and most important lessons any successful Australian businessperson learns is there is risk associated with every decision they take. But one of the main reasons they become successful rather than unsuccessful is because they understand there are even greater risks in not taking them.
/ Activity 1
It’s hard to read a newspaper or listen to current affairs programs without hearing about ‘corporate governance’. It is considered a ‘hot topic’ in organisations these days.