What is Risk? “ Risk is the effect of uncertainty on objectives ” AS/NZS ISO31000:2009
Risk Management Risk Management is the process of identifying, analysing and evaluating risks with a view to ensuring the effective management of potential opportunities while reducing or avoiding adverse effects.
Risk Management Framework Provides: Systematic approach to risk identification & management. Consistent risk assessment criteria. Accurate and concise risk information, for decisions. Cost effective and efficient risk treatment strategies. Ensure risk exposure remains within acceptable level.
Risk Management: Benefits Increase likelihood of achieving objectives Improve quality of care Protect staff, assets, property and reputation Performance consistent with values Support better business decision making Meet compliance and government requirements
Prevention is better than the cure… Risk management is a proactive attempt to identify potential risks and incidents before they happen in order to develop prevention and response strategies.
Establish the Context This involves the identification of objectives, legislative and policy requirements and stakeholder expectations. Strategic Operations Knowledge People & Culture Information Technology Financial
Audits or physical inspections Brainstorming/Workshops Incident and adverse outcome analysis Claims analysis Personal organisational experience Focus group discussion Identify Risks Risk identification is a process of determining what can happen and how it can happen.
Risk Categories The organisation categorises risks according to the following risk categories: Strategic Financial Operational etc.
Typical Governance Structure CEO Audit and Risk Committee Executive Team Divisions / Service Areas Staff ‘Risk Management Unit’ Board
Risk Register Ref The Risk What & How Consequences of an event happening Control Adequacy of existing controls Residual Risk Possible treatment options 10 Staff member assaulted by patient while on home visit
Analyse and Evaluate Risks Taking into account current controls and their effectiveness Risks are measured and assessed against two key criteria: The likelihood of the event occurring. The consequence or impact of an adverse event. The likelihood and consequence tables need to be tailored to the size and nature of the entity.
Likelihood Table RatingNameDefinition * 1Rare1 in 5 years 2Unlikely 3Possible 4Probable 5Nearly Certain 1 per month *Insert own scales RatingNameDefinition (example financial metrics)* 1InsignificantNone or small financial expense 2MinorUnbudgeted expense 3ModerateSignificant budget impact 4MajorMajor budget impact/loss 5CatastrophicUnlikely to recover from financial impact Consequence Table Likelihood and Consequence rating scales
Risk Rating Scales: Likelihood LIKELIHOODLIKELIHOOD Level Detailed description 5FrequentThe event is very likely to occur within a month 4LikelyThe event will probably occur within 6 months 3OccasionallyThe event could occur this year (12 months) 2UnlikelyThe event could occur between 1-5 years 1RareThe event may possibly occur, but unlikely at a frequency less than 5 yearly
Risk Treatment Options ACCEPT - Accept the level of risk REDUCE- Reduce the likelihood or consequence via improved control, contingency planning TRANSFER- Shift responsibility to external party (e.g. insurance) AVOID- Do not proceed with the activity OPTIONS
Controls Identify controls that are in place Assess control effectiveness Effective Indicates minimal net risk currently due to excellent risk management/control in place, tested and monitored Good Indicates good risk management, generally in accordance with Australian and/or Industry Standards or practice, but an opportunity for refinement exists to reduce risk further Fair Indicates a need for risk improvement, or that risk controls are presently being developed but are not fully in place and tested as yet Poor Indicates risk controls have not yet been developed and a significant lack of risk control exists, thus where application of risk management is required as a matter of priority
Risk Analysis – Likelihood/Consequence Insignificant 1 Minor 2 Moderate 3 Major 4 Catastrophic 5 Nearly Certain 5SSHHH Probable 4MSSHH Even Chance 3LMSHH Unlikely 2LLMSH Rare 1LLMSS L = LowS = Significant M = MediumH = High
Risk Register Ref The Risk What & How Consequences of an event happening Control Adequacy of existing controls Residual Risk Possible treatment options 10Staff member assaulted by patient while on home visit L Unlikely 2 C Moderate 3 1.Staff trained to recognise violent situations 2.Staff all have mobile phones GOODLOW Medium Rating