Risk Management Policy & Procedures An Overview for Staff Prepared by MSM Compliance Services Pty Ltd

Who Are MSM Compliance? MSM is a national professional services business focused on the general insurance industry. Your company has engaged MSM to assist in the management of its obligations as a holder of an Australian Financial Services Licence. MSM helps to ensure that you and your company comply with your AFS Licence obligations with the least disruption to your core business.

Why Are You Reading This? To provide you with an introduction to our Risk Management Policy and Procedures. It will present you with a synopsis, but not the detail. You should still take the time to read the full Risk Management Policy & Procedures.

What Is Risk? The chance of something happening that will have an impact upon business. objectives and goals. It could be physical, financial, economic or legal. It includes potential for gain and exposure to loss. It is the volatility of potential outcomes; “How surprised do you really want to be?”

How Is Risk Measured Measured in terms of consequences and likelihood. Risk = consequences x likelihood. Risk is also measured by the level of outrage or concern a particular event may have on a business or employees of the business.

Examples Of Risk Injury to staff and clients including assault. Buildings being vandalised. Harm to authorised or unauthorised visitors. Contracting communicable diseases. Fire to building or contents. Theft or Fraud. Storm or water damage. Loss of computer data.

What Is Risk Management The culture, processes and structures that are directed towards the effective management of potential opportunities and adverse effects. The aim of risk management is to maximise opportunity by managing risks. It is a way of confidently taking the right risks and then managing the outcomes for success.

What Risk Management Is Not Another name for insurance (Insurance is the treatment option for an identified risk where the risk is shared or transferred). Just accounting controls. About creating risk averse management. A green light to careless enthusiasts. Opening the door to “risky management”. Something that other people do.

Why Is A Risk Management Program Important? Risk management is recognised as an integral part of good management practice. An effective Risk Management program is also a mandatory requirement for AFS Licensees. The effective management of risks reduces the likelihood of major disruptions to the plans of the business and increases the chances of the business achieving its goals.

The Benefits Of Risk Management More effective strategic planning. Better cost control. Increased knowledge & understanding of exposure to risk. More systematic & thorough method of decision making. Prevention rather than reaction to risk Greater transparency in decision making.

Who Is Responsible For Risk Management? The Responsible Manager(s) is ultimately responsible. The Risk Management Officer is responsible for the day to day operation of these Policy and Procedures. The Risk Management Officer is indicated on our Organisation Chart by the Code RMO under their name. All staff and Authorised Representatives must be familiar with and comply with this Policy and Procedure. All staff are encouraged to look for improvements to our risk management procedures.

Risk Management Process Overview I N P UT Establish Context Identify Risks Analyse Risks Evaluate Risks Treat Risks M O N I T O R & R EV I E W

Risk Management Process Establish the Context – generally we are conservative and risk adverse. Identify Risks – only risks identified can be managed. Risk Analysis –risks are classified according to likelihood and severity. Risk Evaluation – prioritised for further action. Risk Treatment – decide on and implement course of action; (i) avoid, (ii) avert, (iii) transfer or (iv) retain Monitoring & review – how effective are the processes? Communication & Consultation – ensure all staff and relevant stakeholders are involved.

Review & Updates Our Risk Management Policy & Procedures will be reviewed on an annual basis as part of our the Business Planning process or after any major or catastrophic loss or near loss impacting on the business. Any changes will be advised by management either via or at our regular Staff meetings.

In Summary You should Read the full Policy & Procedures. Identify the Risk Management Officer (RMO) on our Organisation Chart. Be aware of the risks listed in the Risk Identification Table. Inform the RMO or Compliance Officer if you become aware that our Risk Management program is not being adhered to.

Where To From Here? Please take the time to read our full Risk Management Policy and Procedures and if you require further clarification discuss with our Risk Management Officer.