An Introductory Presentation for ECU Staff

Similar documents
Risk Management Framework

RISK AND BUSINESS CONTINUITY MANAGEMENT

Risk Management Policy. September 2015

POLICY. Policy Title: Integrated Risk Management. Director, Strategic and Governance Services Centre

Kidsafe NSW Risk Management Plan. August 2014

Approved by: Diocesan Council 17 December 2015

Version: th November 2010 RISK MANAGEMENT POLICY

Risk Management Framework. Metallica Minerals Ltd

28 July May October 2016

Risk Management Policy Adopted by:

Topic RISK MANAGEMENT Procedure Category Risk Management Updated 07/2011

RISK MANAGEMENT FRAMEWORK

Policy Number: 040 Risk Management August 2018

Risk Management Framework

Nagement. Revenue Scotland. Risk Management Framework. Revised [ ]February Table of Contents Nagement... 0

GOV : Enterprise Risk Management Policy

Scouting Ireland Risk Management Framework

Enterprise Risk Management Program

YACHTING AUSTRALIA. Club Risk Management Template. A Practical Resource for Clubs and Centres

Practical aspects of determining and applying a risk appetite for SMEs

RISK MANAGEMENT POLICY October 2015

RISK MANAGEMENT FRAMEWORK

Risk Management. Policy No. 14. Document uncontrolled when printed DOCUMENT CONTROL. SSAA Vic

Risk Management Policy and Procedures.

University of Greenwich Risk Management Guide Revised October 2017

Job Safety Analysis Preparation And Risk Assessment

Risk Management Strategy January NHS Education for Scotland RISK MANAGEMENT STRATEGY

Contents INTRODUCTION...4 THE STEPS IN MANAGING RISKS ESTABLISH GOALS AND CONTEXT IDENTIFY THE RISKS...8

Risk Management Policy

Risk Management Policy

What Makes Risk Management Work?

Risk Management Plan PURPOSE: SCOPE:

Policy Number Functional Field. Governance and Management. Related Policies. Policy of Making University Policies.

Understanding Enterprise Risk Management: An Overview

Section Defining Risk Management. 11. Principles of Risk Management

Risk Management Policy and Framework

Nagement. Revenue Scotland. Risk Management Framework

USF System Compliance & Ethics Program. Risk Assessment Process. Enterprise-Wide Risk Assessment

Risk Management. Webinar - July 2017

Risk Management Framework. Group Risk Management Version 2

Risk Management. Seminar June Compiled by: Raaghieb Najjaar, Yaeesh Yasseen & Rashied Small

Guide. Risk Management For Community Service Organisations

Procedure: Risk management

RISK MANAGEMENT GUIDELINES

MEMORANDUM. To: From: Metrolinx Board of Directors Robert Siddall Chief Financial Officer Date: September 14, 2017 ERM Policy and Framework

Risk Management Policy

CITY OF JOHANNESBURG METROPOLITAN MUNICIPALITY GROUP RISK AND ASSURANCE SERVICES GROUP RISK MANAGEMENT POLICY

HAZARD MANAGEMENT POLICY Page 1 of 7 Reviewed: October 2018

RISK REGISTER POLICY AND PROCEDURE

Policy (Board Approved) Public Version

Risk Management Policy

Risk Management Framework

University of the Sunshine Coast (USC) Risk Appetite Statement

TONGA NATIONAL QUALIFICATIONS AND ACCREDITATION BOARD

RISK MANAGEMENT POLICY AND STRATEGY

RISK AND OPPORTUNITY ASSESSMENT GUIDE RISK CRITERIA

Risk Management Strategy Highland Council Pension Fund

Risk Management Procedure

RISK MANAGEMENT FRAMEWORK

University Risk Management Policy

Integrated Risk Management Framework Sept Page 1 of 17

Risk management procedures

Risk Management Policy

NATIONAL RISK MANAGEMENT SYSTEM

Risk Management Strategy

Hazard Identification, Risk Assessment and Control Procedure

Risk Management Policies and Procedures

South Lincolnshire NHS Clinical Commissioning Group Business Continuity Policy

Risk Management Framework

Risk Management Strategy

Main Sections. Corporate Risk Policy Statement and Procedures AR-RMD-CR01. Executive Summary. Anglia Ruskin University Risk Management

RISK MANAGEMENT POLICY

RISK MANAGEMENT POLICY

Risk Management Relevance to PAS 55 (ISO 55000) Deciding on processes to implement risk management

ก ก Tools and Techniques for Enterprise Risk Management (ERM)

Risk Management Strategy

Guide to an ERM Risk Map and Working in Practice

Bournemouth Primary MAT Risk Management Policy

Risk Management. Policy and Procedures

POLICY RISK MANAGEMENT AND REPORTING. Introduction

RISK MANAGEMENT POLICY

Risk Management Policy

ENTERPRISE RISK MANAGEMENT (ERM) GOVERNANCE POLICY PEDERNALES ELECTRIC COOPERATIVE, INC.

Risk Management Policy

LONDON BOROUGH OF ENFIELD RISK MANAGEMENT STRATEGY

Fundamentals of Project Risk Management

Risk Management Strategy

Best Practices in ENTERPRISE RISK MANAGEMENT. [ Managing Risks Holistically ]

College Procedure. 1. Introduction

Perpetual s Risk Management Framework

Risk Assessment Policy (Trust, Summer, Senior and Prep School & EYFS)

Archery Victoria is mindful of the risks associated with conducting archery activities and events at club level.

An Update On Association Policies, Health Checks & Guidelines To A Safer Hockey Association. Lauren Woods Member Engagement & Operations

Risk Management Policy

1. Define risk. Which are the various types of risk?

APPENDIX 1. Transport for the North. Risk Management Strategy

UNIVERSITY OF ABERDEEN RISK MANAGEMENT FRAMEWORK

RISK MANAGEMENT STRATEGY Version 3

General Risk Management Framework

Manage Risk STUDENT HANDOUT

Transcription:

Risk Management at ECU An Introductory Presentation for ECU Staff Phillip Draber Manager, Risk and Assurance

Outcomes By the end of this session you should: Be able to complete and document risk management (RM) applicable to your School, Centre or Project. Be able to: Effectively understand how RM is integrated with ECU s Strategic Planning and Operational Planning and Project processes; Develop a focussed RM capability within your School, Centre or Project.

Risk Management - Context Risk management is integral to the successful conduct of operations or the completion of any project. What is the risk management process? How can the risk management process be applied to a project? This introductory session will outline what the RM process is at ECU and how it is broadly used in ECU operations and projects.

What is Risk? The effect of uncertainty on ECU s objectives at the strategic, operational and tactical (project level). A deviation from the expected positive and/or negative. All decisions create a risk. Did we make the right decision? Can we manage the outcomes of that decision?

Consequences of Poor Risk Management Global Financial Crisis? $16Million Software Fix for the RMIT Peoplesoft IT Software (2002 2004). Perth Arena 1 (2007 Current) $438 Million cost vs. $160 Million budget Opening 3 years later than scheduled Alterations in the allocation between contractors and State Government Increased risk to the State Lack of transparency in decision-making 1 The Office of the Auditor General for WA Report 1/2010, The Planning and Management of Perth Arena, Perth Western Australia, 10 March 2010.

Risk Management is A logical, systematic method to: Identify Analyse Evaluate, and Treat Risks Associated with activities, functions and processes that enable ECU to maximise and exploit opportunities by minimising threats and hazards and the impact of adverse events encountered in the pursuit of our strategies.

Risk Management is About creating and protecting value An integral part of all University processes Part of ECU decision-making About addressing uncertainty Systematic, structured and timely Based on the best available information Tailored for ECU About taking into account our culture and our community Transparent and inclusive Dynamic, iterative and responsive About continuous improvement at ECU

Applications of Risk Management Process Contingency or uncertainty based IT Disaster Recovery Plans Business Continuity Plans Hazard based Workplace Safety Hazard Assessments Duty of Care for Work Place Integrated Learning Practicum Project based Major IT Systems Projects Offshore Programs Capital Works Operations Strategic Risk Management & Reporting Faculty and Centre Risk Registers

When Risk Management can be Used Alignment with Quality @ ECU Cycle: Plan Do Review Improve Material risks associated with key initiatives Material risks associated with various options or alternative courses of action Regular monitoring of and reporting on how we are managing identified risks Lessons learned from our experiences to improve (particularly when mistakes made)

Integrated Risk Management Policy Policy Statement The aim of this policy is to provide a framework to manage the risks involved in all University activities to maximise opportunities and minimise adversity. Considered and structured risk-taking is an essential ingredient in the successful achievement of the University s mission and strategic objectives. To this end, the University will maintain procedures to provide the Council and the Senior Leadership Team with a systematic view of the risks faced in the course of ECU activities. Where appropriate these procedures will be consistent with the Standards Australia Risk Management Standard, AS/NZS 4360:2004 - Risk Management 1. 1 Now superseded by AS/NZS ISO 31000:2009 Risk Management Principles and Guidelines

Introduction Integrated Risk Management Guidelines Risk Management can be characterised as the culture, processes and structures that are directed towards the effective management of potential opportunities to reduce or mitigate adverse impacts to an organisation. Risk is inherent in all academic, administrative and business activities. Every member of the University community continuously manages risk. Formal and systematic approaches to managing risk have evolved that are now regarded as good practice. Consequently, ECU acknowledges that the adoption of a strategic and formal approach to risk management will improve decision-making, enhance outcomes and lead to greater accountability. The aim of risk management is not to eliminate risk, rather to manage the risks involved in all University activities, with the overall goal of maximising opportunities and minimising adversity.

Integrated Risk Management Framework As part of integrated risk management, it is important for ECU to define the Risk Framework facing it and thus set the context for the manner by which risk is managed at the University. To this end, an IRM Framework has been developed that maps risks to ECU s strategic priorities. It forms the basis for all risk registers as well as the structure of the ECU Strategic Risk Register. The information in the map should not be seen as exhaustive, but rather as a tool to assist in the identification and control of operational risks.

Risk Management Process Establish Context RISK ASSESSMENT Communication and Consultation Identify Risks Analyse Risks Evaluate Risks Monitor and Review Treat Risks Adopted from ISO Standard 31000

Establish a Context Context of the ECU risk management process Risk Management Policy, Guidelines and Risk Map Strategic Risk directly related to ECU s Strategic Priorities Operational related to Schools and Centres and would incorporate strategic risks managed by Faculties and Centres Opportunity Risk Management major projects such as IT, Commercialisation, Capital Works Projects and Offshore Programs Establish criteria against which risk will be evaluated Defines structure of risk analysis

Functional Risk Categories and their Consequences Identifying risks and their consequences is the first step in the risk management process and is the precursor for the risk assessment. To provide structure for this step, the Senior Leadership Team and Council have approved an integrated risk management framework. Each risk and consequence can be categorised for higher order analysis. Categorising risks and their consequences will focus risk identification activities and contribute to more effective risk management.

Risk Categories In the Integrated Risk Management Framework and in the Risk Register the functional risk categories are: Engagement Student Recruitment and Retention Teaching and Learning Staffing Research and Creativity IT & Knowledge Systems Physical Infrastructure Financial Management Governance and Accountability

Identification of Risks The identification of what, why and how events arise as the basis for future analysis Use a well structured systematic process Identify studies needed Scope, objectives, resources Use generic sources of risk as a guide Risk Glossary Risk Statements Threat, Risk Event, Impact Hazard, Risk Event, Consequence

Risk Statements Should follow the syntax of a threat/hazard whilst doing something (context) may result in an event that has the following impacts/consequences. Consider the following example: Wet weather whilst driving may result in an accident that causes injury, damage or death.

Analysis of Risks Consider Sources of risk (threats/hazards) The likelihood that those risks may occur Consider The range of potential consequences or impacts The context of existing procedures and controls Consequence and likelihood are combined to produce an estimated (inherent) level of risk

Risk Analysis Best available information sources used Purpose Separate minor risks from major risks Provide data to assist in evaluation and treatment plans Use professional judgement and experience

Qualitative Measures of Likelihood Score Description Likelihood 1 Theoretically possible but not expected to occur during your career, the activity or the lifetime of the equipment Rare (<5% probability) 2 Possible that it may occur once during your career, the activity or the life of the equipment Possible (5-10% probability) 3 This event may occur slightly more than twice in your career, during the activity or during the life of the equipment Occasional (10-25% probability) 4 This event may occur frequently in your career, the activity or during the life of the equipment 5 Expected to occur routinely in your career, or at least once during the activity or during the lifetime of the equipment Likely (25-50% Probability) Almost Certain (>50% probability)

Qualitative Measures of Consequence or Impact Level Rank Injuries Financial Loss Asset Loss Interruption to Services Minor 1 No injuries < $50K or 5% of Operational Budget Little or no impact on assets Reputation & Image < 1/2 day Unsubstantiated, low impact, low profile or no news items Performance Up to 5% variation to KPI Disruptive 2 First aid treatment $50K - $250K or 10% of Operational Budget Minor loss or damage to assets 1/2-1 day Substantiated, low impact, low news profile 5-10% variation to KPI Serious 3 Medical treatment $250K - $3M or 25% of Operational Budget Major damage to assets > 1 day to < 1 week Substantiated, public embarrassment, moderate impact, moderate news profile 10-25 % variation to KPI Critical 4 Death or extensive injuries $3M - $10M or 50% of Operational Budget Significant loss of 1 week - 1 assets month Substantiated, public embarrassment, high impact, high news profile, third party actions 25-50% variation to KPI Catastrophic 5 Multiple Deaths or severe permanent disabilities $10M > or 50% > of Operational Budget Complete loss of assets 1 month > Substantiated, public embarrassment, very high multiple impacts, high widespread news profile, third party actions 50%> variation to KPI

Risk Evaluation Factors (REF) Consequences Minor Disruptive Serious Critical Catastrophic Description Likelihood Score 1 2 3 4 5 Theoretically possible but not expected to occur during your career, the activity or the lifetime of the equipment Rare (<5% probability) 1 1 (Low) 2 (Low) 3 (Low) 4 (Low) 5 (Moderate) Possible that it may occur once during your career, the activity or the life of the equipment Possible (5-10% probability) 2 2 (Low) 4 (Low) 6 (Moderate) 8 (Moderate) 10 (Substantial) This event may occur slightly more than twice in your career, during the activity or during the life of the equipment Occasional (10-25% probability) 3 3 (Low) 6 (Moderate) 9 (Moderate) 12 (Substantial) 15 (High) This event may occur frequently in your career, the activity or during the life of the equipment Likely (25-50% Probability) 4 4 (Low) 8 (Moderate) 12 (Substantial) 16 (High) 20 (Extreme) Expected to occur routinely in your career, or at least once during the activity or during the lifetime of the equipment Almost Certain (>50% probability) 5 5 (Moderate) 10 (Substantial) 15 (High) 20 (Extreme) 25 (Extreme)

Risk Evaluation A comparison of estimated risk levels against preestablished criteria: Consider objectives of project or strategies. Consider opportunities of project or strategic outcomes. Decide can risk be accepted? Treat, Tolerate, Transfer or Terminate (4T s) Produce prioritised list for action.

Accept Risk Establish acceptable level of risk

Risk Management Delegations

Risk Treatments Identify actions required to reduce risk to acceptable level Should be cost-effective (ALARP As Low As is Reasonably Possible) Should include timelines/deadlines Specific responsibilities must be assigned

Risk Treatments Low and moderate risks Require minimal or no treatment But regularly monitor and review to ensure that they remain low or moderate Substantial/High or Extreme risks Devise, and actively monitor Treatment Action Plans (TAP)

Risk Treatment Options Techniques Tactics Examples Accept Tolerate Approvals Avoid Terminate Cease Activity Prevent Treat Training Engineer Treat Equipment Modification Substitute Treat Development and Test Environments Detect Treat Alarms Risk Transfer Transfer Insurances

Documenting the Process Demonstrates RM is properly conducted Provides management and decision-makers with a plan Addresses key exposures in a logical and prioritised way Provides an accountability mechanism Facilitates continuous monitoring & review Consistent with the Quality@ECU process (PDRI) Allows us to share & communicate RM activities amongst all stakeholders (particularly staff)

Risk Management Plan Template Introduction Context Roles and Responsibilities Risk Identification and Analysis Documentation Approval

Monitor & Review Oversight and review of the risk management system (including internal audit, follow-up and annual reviews) Changes that might affect the activity Occurs concurrently throughout the process, particularly during planning Schools and Centres must regularly: Revisit risk assessments Monitor implementation of action plans

Communication & Consultation Should: Be appropriate Address internal & external stakeholder requirements Cover each stage of the process and the process as a whole Include decisions using a consultative process Be effectively communicated Be documented

Risk Registers and Plan Once the planning context for each risk management process is established (either by a project plan or other source documents) the identification of risks, their analysis and evaluation along with their treatment is to be documented in a risk register. A risk management plan simply identifies how the risk management will be carried out during the activity rather than what risks are to be managed.

Risk Management Outcomes More informed decision-making Improved Business Continuity and Contingency Planning Minimising disruptions to operations and projects Better use of resources Strengthening the culture of continuous improvement

Risk Management Contacts Phillip Draber (x2495) Darryl Welsby (x2426)

Conclusion Risk management is integral to the successful completion of any project. What is the risk management process? How can the risk management process be applied to a project? This introductory session outlined what the RM process is at ECU and how it is broadly used in ECU projects.

Risk Management Questions?

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback