Presentation is loading. Please wait.

Presentation is loading. Please wait.

Advisers to Growing Businesses RISK MANAGEMENT Central Queensland University November 2006.

Published byFlora Patrick Modified over 8 years ago

Similar presentations

Presentation on theme: "Advisers to Growing Businesses RISK MANAGEMENT Central Queensland University November 2006."— Presentation transcript:

1 Advisers to Growing Businesses RISK MANAGEMENT Central Queensland University November 2006

2 Advisers to Growing Businesses BDO Kendalls’ Role – 2002/3 Guidance to the University in establishing Risk Management Policy and Process Framework Deliver training to key management groups Facilitate process implementation workshops Provide feedback, information and outcomes to Risk Management Committee Management own the process and its key elements Key decision making remains with the University

3 Advisers to Growing Businesses Why Risk Management? CQU is committed to a comprehensive and systematic approach to effective management of potential opportunities and adverse threats Risk management is a key element in improving CQU’s business and services to assist in achieving its objectives CQU aims to achieve best practice in controlling risks which may impact its business

4 Advisers to Growing Businesses Why Risk Management? Statutory Requirements  Financial Management Standard “The University must protect itself from unacceptable costs or losses associated with its operations.”  Workplace Health & Safety Act 1995 Imposes obligations on people at workplace to ensure work place health and safety AUQA Common Law Duty of Care

5 Advisers to Growing Businesses What is Risk? The exposure to the possibility of something happening that will have an impact of the University’s organisational objectives  Objectives: Financial and Non Financial

6 Advisers to Growing Businesses Elements of Risk Risk arises out of uncertainty and has two elements: 1.Frequency / likelihood of something happening 2.Severity / impact of the consequences arising from the event.

7 Advisers to Growing Businesses Risk Management Is … Culture and process Systematic application of management policies, procedures and practices Effective management of opportunities and threats Establishing context Identifying Analysing Assessing Treating Monitoring Communicating

8 Advisers to Growing Businesses Risk Management is Not … Just accounting controls Another name for insurance About creating risk averse management A label to hide inadequate analysis when something goes wrong A green light for careless enthusiasm An opening for ‘risky management”

9 Advisers to Growing Businesses

10 Risk Management Objectives Structured basis for strategic planning Enhance governance and corporate management processes Discharge statutory responsibilities Practical framework for decision making Protect unacceptable costs/losses Minimise missed opportunities Safeguard assets (including people)

11 Advisers to Growing Businesses University’s RM Objectives Implement RM across all areas of the University in accordance with best practice guidelines Integrate RM into the management culture of the University Foster an environment where staff assume responsibility for managing risk

12 Advisers to Growing Businesses The Process to Date … 1.CQU Risk Management Policy promulgated 2.Risk Management Committee and Terms of Reference Established 3.Workshop to identify Key Risk Categories 4.Policy Framework and Guidelines established 5.Templates: - Risk Mgt Standards- Risk Records - Risk Treatment Plans- Risk Register 6.Pilot Launch – Health Safety and Security Key Risk Category

13 Advisers to Growing Businesses The Process to Date … 7.CQU Risk Management Workshops conducted, identifying risks and treatment plans 8.Risk Management Committee and Terms of Reference Established as sub-committee of Audit Committee 9.Significant change and restructure 10.AUQA Audit and Report 11.Risk Management Committee rolled into Audit Committee 12.Risk Management Software acquired 13.Re-launch of Risk Management to Senior Management

14 Advisers to Growing Businesses Key Risk Categories 1.Corporate Governance & Compliance 2.Financial and Commercial 3.Operations 4.Student 5.Health, Safety & Security 6.Human Resources 7.Data & Information Technology 8.Reputation 9.Asset Maintenance 10.Environmental

15 Advisers to Growing Businesses Risk Management Process AS/NZ 4360 (Refer Frame 1)

16 Advisers to Growing Businesses Establishing Context & Framework  Internal and external decision makers  Individuals directly and indirectly affected by decisions, actions and inactions  Unions, staff groups  Community groups  Statutory regulators (health, safety, environmental etc)  Politicians (all levels of govt) with electoral or portfolio interest  Non government groups  Users and suppliers of services and facilities Identify Internal and External Stakeholders

17 Advisers to Growing Businesses Establishing Context & Framework  Purpose of stakeholder analysis is to provide decision makers with a documented profile of stakeholders to better understand needs, issues and responsibilities  Framework and Stakeholder Mix subject to constant change  Consultation and review process must be continuous and recurrent in the Risk Management process

18 Advisers to Growing Businesses Identifying Risks  Aim to identify risks to be managed  Comprehensive identification critical  Potential risk not identified at this stage is excluded from further analysis  Identification should include all risks whether or not they are under the University’s control

19 Advisers to Growing Businesses Identifying Risks  Audits & physical inspections  Brainstorming  Decision trees  Examination of local or oversees experience  Expert judgment  History, incident reports  Interview, focus group discussions  Scenario analysis  SWOT analysis  Surveys, questionnaires etc… Possible Methods of Identifying Key Risks

20 Advisers to Growing Businesses Identifying Risks  Commercial relationships  Legal relationships  Custody  Management activities and controls  Natural events  Political/legal  Occupational health and safety  Personnel/human behaviour  Property/facilities  Public liability  Security  Socio-economic  Etc … Possible Sources of Risk

21 Advisers to Growing Businesses Identifying Risks Documentation of this step  For a small process this step may be documented by a simple tabulation  More detailed documentation may be required for larger processes  List each risk and classify  Eg functional groups, exposure profiles etc

22 Advisers to Growing Businesses Analysing Risks  The magnitude of consequences of an event, should it occur, and the likelihood of the event and the associated consequences, are assessed in the context of no existing controls  Consequences and likelihood are combined to produce a level of risk CONSQUENCES AND LIKELIHOOD

23 Advisers to Growing Businesses  How often situation occurs  How many operations/people exposed  Skills/experience of people exposed  Special characteristics of people exposed  Duration of exposure  Proximity of hazard to people exposed  Distractions  Quantity of materials or multiple exposure points involved  Environmental conditions  Condition of facilities, equipment  Effectiveness of existing control measures Analyse LIKELIHOOD considering:

24 Advisers to Growing Businesses Analysing Risks  Do controls represent good practice?  Are controls minimising exposure to risks?  Do stakeholders know about controls?  Are there adequate systems and procedures in place to support controls?  Is there adequate training/supervision in relations to controls?  Is there adequate maintenance of controls?  How easy is to to use, or work with, controls? Analyse EXISTING CONTROLS considering:

25 Advisers to Growing Businesses Analysing Risks Potential for “chain reaction” Concentration of risk exposures Direct/indirect financial impact Fines, penalties, rectification costs Other regulatory impact Business interruption Position of stakeholders relative to exposure Human impact Analyse CONSEQEUENCE considering:

26 Advisers to Growing Businesses Analysing Risks Qualitative Methods Used:  Where level of risk does not justify time and resources for numerical or detailed scientific analysis  For initial screening of risks  Where Numerical data inadequate  Valuable when analysis shared across range of people, backgrounds & interests TOOLS FOR ANALYSIS

27 Advisers to Growing Businesses Analysing Risks Semi-Qualitative Methods Allocates a qualitative word ranking to likelihood (eg Almost Certain – Rare) high, medium or low and consequence (eg Extreme – Insignificant)  Rankings are shown against a word scale for ranking the level of risk (eg V.High – V.Low)  Avoid overcomplicating analysis. Relatively straightforward methods can be effective  Method, rationale and results should be documented TOOLS FOR ANALYSIS

28 Advisers to Growing Businesses Evaluating and Ranking Risks  Risk evaluation involves comparing the level of risk determined during analysis with previously established criteria  Decides whether risks are acceptable or unacceptable  Output of risk evaluation is a prioritised list of risks for further action (ranking)

29 Advisers to Growing Businesses Evaluating & Ranking Risks Consider:  Degree of control over risk  Cost impact, benefits and opportunities presented by risk  Significance of risk & importance of policy, program, process or activity  Risk may be accepted if consequence & likelihood is consistent with established criteria  Acceptance may follow risk reduction measures  Regularly review and monitor for changing circumstances  Process and rationale should be documented Acceptable and Unacceptable Risk

30 Advisers to Growing Businesses Evaluating & Ranking Risks  Level of risk so low that specific treatment not appropriate within available resources  Cost of treatment is so excessive compared to benefit that acceptance is only option  Opportunities presented outweigh threats to such a degree that risk is justified  No treatment is available Reasons a risk may be accepted:

31 Advisers to Growing Businesses  Risks not considered acceptable are those which will be treated in some way  These are prioritised for subsequent management action as a component of the management’s and the University’s Risk Actions Plans and Risk Register Evaluating & Ranking Risks Unacceptable risks:

32 Advisers to Growing Businesses Risk Treatment Risk Treatment involves  Identifying and considering the range of Options for Treatment  Assessing those options  Preparing Risk Treatment Plans  Implementing Risk Treatment Plans

33 Advisers to Growing Businesses Risk Treatment  ELIMINATE the risk  TRANSFER the risk  PREVENT or MINIMISE the consequences and/or likelihood of the risk  Substitution  Redesign  Isolation  RETAIN the risk - when exposure is not or cannot be minimised by other means:  Eg Administrative controls  Eg Personal protection (Refer Frame 4 – Risk Treatment Process) OPTIONS to Manage the Risk

34 Advisers to Growing Businesses Risk Treatment  Plans document how chosen options will be implemented  Plans identify:  Responsibilities  Schedules  Expected outcome of treatments  Budgeting,  Performance measures  Review, assessment and monitoring processes Preparing Risk Treatment Plans

35 Advisers to Growing Businesses Risk Treatment  Developing Standards and Procedures  Communicating  Training and instruction  Supervision  Maintenance Implementing Risk Treatment Plans

36 Advisers to Growing Businesses Risk Treatment Monitoring and Reviewing Risk Treatment  Chosen controls have been implemented as planned:  Are chosen control in place?  Are controls being used?  Are controls used correctly?  Control controls are working:  Have changes made to control exposure resulted in planned outcome?  Has exposure to risk been diminished or adequately reduced?  Are they any new problems?  Have implemented control measures resulted in introduction of new problems?  Have implemented control measures resulted in worsening of existing problems?

37 Advisers to Growing Businesses Documentation  Each stage of the Risk Management Process should be documented:  Demonstrate the process  Evidence of systematic process  Record to develop risk database  Provide decision makers with RM plan for approval and implementation  Accountability mechanism and tool  Facilitate continuing monitoring and review  Provide audit trail  Share and communicate information

38 Advisers to Growing Businesses Documentation  Risk Register  Risk Management Standards for Specific Risk Category

39 Advisers to Growing Businesses Responsibility  For RM to be effective it must be implemented by every person within the organisation  Council, VC, DVC,  Directors, Deans, HODS,  Line Management,  Staff, Students and 3 rd Parties  RM is not just the responsibility of management  RM must become and integral part of the University’s culture

40 Advisers to Growing Businesses Managing Risk  Managing risk means forward thinking  Managing risk means responsible thinking  Managing risk means balanced thinking  RM provides a framework to facilitate more effective decision making  RM is all about maximising opportunity by managing risk

41 Advisers to Growing Businesses Contact Daniel Nolan Acting Internal Audit Manager Extension 6932

Download ppt "Advisers to Growing Businesses RISK MANAGEMENT Central Queensland University November 2006."

Similar presentations

The Risk Management Process (AS/NZS 4360, Chapter 3)

The Risk Management Process (AS/NZS 4360, Chapter 3)
The Department of Energy Enterprise Risk Management Model

The Department of Energy Enterprise Risk Management Model
Major Accident Prevention Policy (MAPP) and Safety Management System (SMS) in the Context of the Seveso II Directive.

Major Accident Prevention Policy (MAPP) and Safety Management System (SMS) in the Context of the Seveso II Directive.
Risk The chance of something happening that will have an impact on objectives. A risk is often specified in terms of an event or circumstance and the consequences.

Risk The chance of something happening that will have an impact on objectives. A risk is often specified in terms of an event or circumstance and the consequences.
Managing Risk: A Framework and Reporting Cycle 2014.

Managing Risk: A Framework and Reporting Cycle 2014.
Appendix H: Risk training slides (sample). What is Risk? “ Risk is the effect of uncertainty on objectives ” AS/NZS ISO31000:2009.

Appendix H: Risk training slides (sample). What is Risk? “ Risk is the effect of uncertainty on objectives ” AS/NZS ISO31000:2009.
PROJECT RISK MANAGEMENT

PROJECT RISK MANAGEMENT
Risk Management Policy & Procedures An Overview for Staff Prepared by MSM Compliance Services Pty Ltd.

Risk Management Policy & Procedures An Overview for Staff Prepared by MSM Compliance Services Pty Ltd.
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group 209-754-9130

Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
Control and Accounting Information Systems

Control and Accounting Information Systems
Environmental Management System (EMS)

Environmental Management System (EMS)
IAEA International Atomic Energy Agency Responsibility for Radiation Safety Day 8 – Lecture 4.

IAEA International Atomic Energy Agency Responsibility for Radiation Safety Day 8 – Lecture 4.
Service Design – Section 4.5 Service Continuity Management.

Service Design – Section 4.5 Service Continuity Management.
COMP8130 and COMP4130 Adrian Marshall Verification and Validation Risk Management Adrian Marshall.

COMP8130 and COMP4130 Adrian Marshall Verification and Validation Risk Management Adrian Marshall.
The Australian/New Zealand Standard on Risk Management

The Australian/New Zealand Standard on Risk Management
1 Risk evaluation Risk treatment. 2 Risk Management Process Risk Management Process.

1 Risk evaluation Risk treatment. 2 Risk Management Process Risk Management Process.
Title slide PIPELINE QRA SEMINAR. PIPELINE RISK ASSESSMENT INTRODUCTION TO GENERAL RISK MANAGEMENT 2.

Title slide PIPELINE QRA SEMINAR. PIPELINE RISK ASSESSMENT INTRODUCTION TO GENERAL RISK MANAGEMENT 2.
The Risk Management Process

The Risk Management Process
1 Risk management and Investigation Peter Roberts

1 Risk management and Investigation Peter Roberts
Benefits for using a standardised risk management framework to risk assess Infection Prevention and Control Sue Greig Senior Project Officer National.

Benefits for using a standardised risk management framework to risk assess Infection Prevention and Control Sue Greig Senior Project Officer National.

Similar presentations

Ads by Google