The Lowitja Institute Risk Management Plan

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "The Lowitja Institute Risk Management Plan"

Transcription

1 The Lowitja Institute Risk Management Plan 1. PURPOSE This Plan provides instructions to management and staff for the implementation of consistent risk management practices throughout the Lowitja Institute (the Institute). The risk management process is cyclical and is linked to the Institute A risk management process which provides a rigorous and systematic framework for understanding the likelihood of risks associated with opportunities for optimising outcomes is essential. It is a tool which identifies threats to the Lowitja Institute objectives and enables the development of strategies to mitigate adverse consequences. In a time when there is increasing pressure on the private, public and not for profit sectors to display better governance, an appropriately framed risk management methodology is critical to maintain and enhance the performance of the Institute. This Plan contains the requirements for establishing and maintaining an enterprise risk management framework for the Institute which is integral to sound management practice. It sets a common approach and outlines the responsibilities of management and staff to systematically manage risk consistent with Australian Standard on Risk Management (AS/NZS ISO 31000:2009). 2. SCOPE This Plan apply to all Institute employees, including permanent employees, those under employment contract, term appointments (including secondments) or temporary arrangements, volunteers, contractors and consultants. It applies to all Institute business and project management processes including strategic planning, business planning, policy development, program administration and decision making at the strategic and operational levels. 3. DEFINITIONS (ISO 31000) Consequence: outcome of an event affecting objectives Hazard: a source of potential harm Inherent risk: a subjective measure of the level of a risk without considering the effectiveness of controls Likelihood: chance of something happening Residual risk: a subjective measure of the risk remaining after risk treatment. Risk analysis: process to comprehend the nature of risk and to determine the level of risk Risk owner: the person or entity with the accountability and authority to manage a risk (i.e. is responsible for managing the identified risk including implementing and monitoring the effectiveness of mitigation strategies, and reporting as needed on the status of the risk to the Chief Executive Officer or Board) Risk treatment: process to modify risk (Note: risk treatments that deal with negative consequences are sometimes referred to as risk mitigation strategies, risk elimination strategies, risk reduction strategies, risk prevention strategies and/or risk control) Risk: the effect of uncertainty on objectives THE LOWITJA INSTITUTE RISK MANAGEMENT PLAN FINAL PAGE 1 OF 17

2 4. ROLES AND RESPONSIBILITIES The following provides a high level overview of the roles and responsibilities: The Lowitja Institute Board Overall responsibility for risk management Chief Executive Officer Compliance with Institute Risk Management Policy and Institute Risk Management Plan Chief Operations Officer Monitoring of compliance with the risk framework and process All Staff Active management of risk in accordance with the Lowitja Institute Risk Management Policy and this Risk Management Plan. 5. PLAN OVERVIEW Introduction The Institute will work within its Enterprise Risk Management (ERM) framework to minimise the effect of uncertainty on its business and project objectives. The Institute recognises that whilst risk is inherent in all its activities, the management of risk is good business practice, creates value, is integral to sound corporate governance and in some instances, a mandatory legal requirement. In particular, effective risk management can lead to better decision making and planning as well as better identification of opportunities and threats. Risk Appetite The Institute risk appetite statement (Attachment F), its descriptions of consequence and likelihood, its matrix for rating risk and its risk register. ERM ERM is a structured, consistent and continuous process used across The Institute at the strategic/corporate level, the operational level and the common operational areas. It is used for identifying, assessing, deciding on, responding to and reporting on opportunities and threats that affect the achievement of the Institute corporate and business objectives (see Figure 1). The Institute risk management activities fit within all quadrants. THE LOWITJA INSTITUTE RISK MANAGEMENT PLAN FINAL PAGE 2 OF 17

3 Figure 1: The Institute Enterprise Risk Management Structure Corporate/Strategic Enterprise Level Operational Business Unit Level Significant & High Risks Common Operational Areas Functional / Specific Reviews Cross Business Unit Major Projects Major Contracts a. Corporate/Strategic This level relates to the strategic risks associated with the Institute carrying out its business objectives as articulated in The Institute Business Plan. b. Operational This area relates to the management of risks associated with the Institute Business Units meeting their specific objectives. c. Common Operational Areas These areas support both the Corporate/Strategic and Operational management of risk. This includes OHS risk and hazard management d. Cross Divisional&/or Major Projects, Major Contracts This area relates to major initiatives of the Institute either through its business units or through cross business unit processes. For major projects a full risk register will be developed, utilising the risk categories set out in Attachment C. The Institute Board reporting The Institute Risk Register, including mitigation strategies, will be assessed and reported against to the Board annually in Quarter 3 (May) of each financial year. Monitoring and review of the Institute Risk Register The Institute Risk Register will be reviewed on a quarterly basis by the Chief Executive Officer, with presentation to a quarterly meeting of Senior Managers. On an annual basis a full reassessment of risks, controls and strategies will be conducted and presented to the Board. The Board should be regularly apprised of significant risk mitigation activities and provided with assurance that Risk Management Plans are in place for each Organisational Level risk and that satisfactory risk mitigation is being undertaken for Operational risks. THE LOWITJA INSTITUTE RISK MANAGEMENT PLAN FINAL PAGE 3 OF 17

4 Monitoring and review of the Institute Major Projects Risk Register The Lowitja Institute Board should be regularly apprised of significant risk mitigation activities and provided with assurance that Risk Management Plans are in place for each Project Level risk. Monitoring and review of risk framework The Institute risk management framework will be reviewed on an annual basis as part of the continual improvement process set out in AS/NZS ISO Documentation, communication and evaluation Documentation of each step of the risk management process will be undertaken. Appropriate documentation demonstrates accountability and provides a record against which it can be determined that the process has been carried out correctly and enables decisions and/or processes to be reviewed. Communications The Chief Executive Officer is responsible for the development of a communication plan to ensure that all relevant people are kept informed of the risk management framework and its implementation. Linkages The outcomes and outputs of the risk management processes will form inputs to the Institute internal audit, compliance and assurance activities and vice versa. Risk management integration The approach to managing risk is to be embedded within the Institute decision-making structures and operational procedures. 6. THE INSTITUTE RISK WHEEL The Institute has identified a number of key risk areas (listed at Attachment A). These areas or spo provide a framework for identifying risks. This is consistent with the Institute ERM approach which is structured to ensure that all risks in the Institute, particularly those ranked as high or above, are identified and effectively managed. 7. USING THE RISK MANAGEMENT FRAMEWORK The steps outlined below are based on the Australian/New Zealand Standard - Risk Management AS/NZ ISO 31000:2009 (See Figure 1). The Institute is to follow this process in completing the risk register template (refer to Attachment B). THE LOWITJA INSTITUTE RISK MANAGEMENT PLAN FINAL PAGE 4 OF 17

5 Figure 1: The Risk Management Process (AS/NZS/ISO 31000:2009) Communicate and Consult Establish the Context Identify risks Analyse risks Evaluate risks Treat risks Monitor and Review Stage 1: Establish the Context This step involves establishing the context in which the rest of the process will take place. The objectives, strategies and scope of the activity, or part of the Institute to which the risk management process is being applied, should be established. A key step in the Institute risk process is the need to identify and evaluate risks in relation to how they affect the Institute y to deliver the results, outcomes and strategies identified in the Institute Business Plan. Stage 2: Identify risks and risk owner (see columns 1, 2, 3, 4, 5 and 6 of Attachment B) This step seeks to identify the risks that need to be managed. The aim is to generate a list of risks that might have an impact on the achievement of the Institute outcomes/objectives. These risks might prevent, degrade, delay or enhance the achievement of those objectives. Given the experience of staff in the Institute, it is intended that risks are identified using judgements based on experience and existing risk registers, and through brainstorming workshops. Descriptions of identified risks consider source and impact, what the risk is, whom it impacts upon and what the impact is. Identifying the risk and risk owner involves the following steps: Describe the nature of the risk (Column 3). The Risk Categories in Attachment A provide a link to issues that may be considered when identifying possible risks Link the risk to the most relevant the Institute Risk Category (Column 1). Allocate a the Institute risk number (Column 2) Identify a risk owner (Column 4) Identify the causes of the risk (Column 5) Provide a brief description of the impact/consequence of the risk (Column 6). In assessing the impact/consequences, consideration may be given to a range of issues including business management, political, commercial & legal, finance and human resources. A detailed Consequence Table is included as Attachment D. Stage 3: Analyse risks Analysing the risks involves the following steps to determine the inherent risk rating and residual risk rating. THE LOWITJA INSTITUTE RISK MANAGEMENT PLAN FINAL PAGE 5 OF 17

6 3(a) Inherent risk rating (Columns 7, 8 and 9 of Attachment B) I. Rate the consequence of the risk should it occur, and the likelihood of the risk occurring using the descriptors provided in Tables 1 and 2 below (Columns 7 and 8). To determine the inherent risk rating, it is important that the consequence and likelihood of each risk is rated without considering the existing controls and mitigation strategies. This produces a score that indicates worse-case exposure in the event that there are no controls in place or the controls fail to take effect during a risk event. II. Now consider the matrix for assessing risks (see matrix at Table 3). Using this matrix, identify the risk rating as Very High, High, Moderate, Low (Column 9). 3(b) Residual risk rating (Columns 10, 11, 12, and 13 of Attachment B) I. Consider what is currently being done to mitigate/manage the risk, i.e. what controls are in place? Are there already some mitigation strategies in place to manage the risk? Briefly list the controls and mitigation strategies (Column 10) II. Rate the consequence of the risk should it occur, and the likelihood of the risk occurring using the descriptors provided in Tables 1 and 2 below (Columns 11 and 12). It is important that the consequence and likelihood of each risk is rated in the context of existing controls and mitigation strategies. III. Now consider the matrix for assessing risks (see matrix at Table 3). Using this matrix, identify the risk rating as Very High, High, Moderate, Low (Column 13). Table 1 Consequence of risk occurring (Attachment E) CONSEQUENCE TABLE 5 (V) Severe 4 (IV) Major 3 (III) Moderate 2 (II) Minor 1 (I) Negligible Table 2 Likelihood of risk occurring 5 Almost certain Likelihood The event is expected to occur in most circumstances (e.g. monthly to several times a year) 4 Likely The event will probably occur in most circumstances (e.g. least once per year 3 Possible The event might occur at some time over (e.g. within next two years) 2 Unlikely The event could occur at some time (e.g. every two to five years) 1 Rare The event may occur only in exceptional circumstances (e.g. every five to ten years) THE LOWITJA INSTITUTE RISK MANAGEMENT PLAN FINAL PAGE 6 OF 17

7 LIKELIHOOD TABLE Level Descriptor 1 (E) Rare 2 (D) Unlikely 3 (C) Possible 4 (B) Likely 5 (A) Almost Certain Table 3 - Matrix for Rating Risks Legend And Actions Required Very High High Moderate Low Immediate action required Senior Management attention needed Management responsibility must be specified Manage by routine procedures. Stage 4: Evaluate and treat risks (i.e. decide on further actions (Columns 14 and 15 of Attachment B)) Based on the analysis of the risks, it is necessary to decide whether any further actions are necessary and appropriate to further mitigate the risk. This will require consideration of the following: I. Can additional controls and/or mitigation strategies be identified that can help with better managing the risk? If that is the case, provide a brief description in Column 14. THE LOWITJA INSTITUTE RISK MANAGEMENT PLAN FINAL PAGE 7 OF 17

8 Note: A key priority for identifying additional controls and mitigation strategies should be High or risk. For other lower ranked risks the option may be simply ongoing monitoring and reporting on the status of the risk. The selected option should be the most appropriate and practicable, with the objective of reducing the level of risk to a tolerable level. Options may include the following: o o o o Likelihood reduction aimed at eliminating sources of risk or substantially reducing the likelihood of their occurrence Risk avoidance a particular case of likelihood reduction, where undesired events are avoided by undertaking a different course of action Impact mitigation aimed at minimising the consequences of the risk Risk transfer aims at shifting responsibility of the risk to another party (also called risk sharing because risks can rarely be transferred or shed entirely). II. On the other hand there may be sufficient controls and mitigation strategies in place. For instance it may be impractical and/or inappropriate to consider further controls to mitigate the risk. If this is the case, place No further action in Column 14. This option is referred to as risk retention, i.e. risks cannot be further reduced or avoided, or the costs of doing so would be too high. Risks can also be regarded as opportunities if they are retained and dealt with appropriately. III. Finally, consider whether it would be beneficial to include this area of risk on The Institute internal audit program. For example, an audit of the area may provide confidence that the controls and mitigation strategies in place are working adequately; an audit may also help by suggesting additional controls and mitigation actions that may not have been Column 15. IV. As appropriate, a Risk action Plan may be developed for specific risks (Attachment D). Stage 5: Monitor and Review Reporting is to be carried out throughout the Institute reporting process so that the Chef Executive Officer and Chief Operating Officer can monitor progress in achieving risk treatment objectives and management of identified risks. The Institute Executive Team will report to the Board at each Board meeting on risk. This allows the Institute to demonstrate the effectiveness of the risk management process on an ongoing basis. It also allows for a thorough review of its risk register, and, in particular assists in identifying and monitoring any risks of Board nature. The identified risks and the effectiveness of mitigation strategies will be reviewed to reflect changing circumstances and priorities. Stage 6: Communicate and Consult The premise underlying this Plan is that the Institute will consistently consult and communicate with stakeholders and all relevant parties involved. This is to be undertaken at all times in a fair, timely and transparent manner. 8. COMPLIANCE AND CONTINUOUS IMPROVEMENT The steps outlined below are based on the Australian/New Zealand Standard - Risk Management AS/NZ ISO 31000:2009 (See Figure 2). The Institute will ensure that its processes follow the requirements of ISO 31000:2009 as follows. Mandate and commitment is evidenced by this Plan. The framework and implementation processes are as described in this Plan. Monitoring and reviewing of this Plan will be undertaken annually THE LOWITJA INSTITUTE RISK MANAGEMENT PLAN FINAL PAGE 8 OF 17

9 Annual reviews will evidence continual improvement. Figure 2: AS/NZS ISO Mandate & Commitment 5.3 Designing The Framework 5.6 Continual Improvement of the Framework 5.4 Implementing Risk Management Risk Management Process Clause Monitoring & Reviewing The Framework Related attachments Attachment A The Institute Risk Wheel Attachment B The Institute Risk Register Template Attachment C The Institute Major Projects Risk Wheel Attachment D The Institute Risk Action Plan Template Attachment E The Institute Detailed Consequence Table Attachment E The Institute Risk Appetite Statement Legislation N/A Related policies The Institute Risk Management Policy Other related documents The Institute Business Plan AS/NZS ISO 31000:2009 Risk Management Principles and Guidelines Revision history Version Date issued Notes By 1 31/05/2012 Initial Draft Chief Operations Officer Review date April 2013 Contact Chief Operations Officer THE LOWITJA INSTITUTE RISK MANAGEMENT PLAN FINAL PAGE 9 OF 17

10 ATTACHMENT A The Institute Risk Wheel Business Development & Competition Infrastructure & Information Technology Governance & Stakeholders THE LOWITJA INSTITUTE Compliance & Legal Operations Human Resources Finance Research THE LOWITJA INSTITUTE RISK MANAGEMENT PLAN FINAL PAGE 10 OF 17

11 ATTACHMENT B The Institute Risk Register Template ERM LEVEL: DATE: INHERENT RISK RESIDUAL RISK The Institute Risk Category The Institute Risk No Nature of Risk to The Institute (Risk Name & Description) Risk Owner Risk Factors/Causes of Risk Effects for The Institute if Risk Eventuates Consequence Likelihood Risk Rating (VH, H, M, L) Mitigation Strategies to Control Risks (Current Controls/Existing Mitigation Strategies) Consequence Likelihood Risk Rating (VH, H, M, L) Future Risk Treatment (Proposed Controls/ Mitigation Strategies) Audit Recommended (Y/N) THE LOWITJA INSTITUTE RISK MANAGEMENT PLAN FINAL PAGE 11 OF 17

12 ATTACHMENT C The Institute Major Projects Risk Wheel Budget allocation Reputational ATI image Harm to environment Financial Environmental Lowitja Institute Major Projects Safety Programme Harm to people or property Deliverables Dates VET operations Operational Technical Stakeholders Subcontractors Interface Technical and performance requirements THE LOWITJA INSTITUTE RISK MANAGEMENT PLAN FINAL PAGE 12 OF 17

13 ATTACHMENT D The Institute Risk Action Plan Template Risk and Risk Owner: Strategy: Actions: Expected Outcomes: Performance Measures: Milestones/Deliverables: Budget & Resourcing: Responsibilities: Review Processes: Consultation: Review Date: Comments: THE LOWITJA INSTITUTE RISK MANAGEMENT PLAN FINAL PAGE 13 OF 17

14 Attachment E The Institute Detailed Consequence Table Severity Level Severity (Likely Consequence) Retained Funds Reduction Health & Safety Natural Environment Social/Cultural Heritage Community/Government Reputation/Media Legal 5 (Severe) 4 (Major) TBC TBC Multiple fatalities, or significant irreversible effects to >50 persons. Single fatality and/or severe irreversible disability (>30%) to one or more persons. Very serious longterm environmental impairment of ecosystem functions. On-going serious social issues. Significant damage to structures/items of cultural significance Serious public or media outcry (international coverage). Significant prosecution and fines. Very serious litigation including class actions. Major breach of regulation. Major litigation 3 (Moderate) TBC Moderate irreversible disability or impairment (<30%) to one or more persons. Serious medium term environmental effects. Significant adverse national media/public/ngo attention. Serious breach of regulation with investigation or report to authority with prosecution and/or moderate fine possible. 2 (Minor) 1 (Negligible) TBC TBC Objective but reversible disability requiring hospitalisation. No medical treatment required. Moderate, short term effects but not affecting ecosystem functions. Minor effects on biological or physical environment. On-going social issues. Permanent damage to items of cultural significance Minor medium-term social impacts on local population. Mostly repairable. Attention from media and/or heightened concern by local community. Criticism by NGOs. Minor, adverse local public or medical attention or complaints. Minor legal issues, noncompliances and breaches or regulation. THE LOWITJA INSTITUTE RISK MANAGEMENT PLAN FINAL PAGE 14 OF 17

15 Attachment F The Institute Risk Appetite Statement Introduction This document sets out the Institute Risk appetite, at the Institute organisational level, is the amount of risk exposure, or potential adverse impact from an event, that the organisation is willing to accept/retain in pursuit of its objectives. Once the risk appetite threshold has been breached, risk management treatments and business controls are to be implemented to bring the exposure level back within the accepted range The establishment of the Institute statement on risk appetite is intended to guide employees, volunteers and contractors in their actions and ability to accept and manage risks. Through the risk management framework and its risk appetite statement, the Institute formally establishes and communicates its risk appetite. Risk appetite can be expressed in terms of a continuum. Assessment Description High Risk Appetite 5 Moderate Risk Appetite 4 Modest Risk Appetite 3 Low Risk Appetite 2 Zero Risk Appetite 1 The Institute accepts opportunities that have an inherent high risk that may result in reputation damage, financial loss or exposure, major breakdown in information system or information integrity, significant incidents(s) of regulatory non-compliance, potential risk of injury to staff, volunteers and contractors. The Institute is willing to accept risks that may result in reputation damage, financial loss or exposure, major breakdown in information system or information integrity, significant incidents(s) of regulatory non-compliance, potential risk of injury to staff, volunteers and contractors. The Institute is willing to accept some risks in certain circumstances that may result in reputation damage, financial loss or exposure, major breakdown in information system or information integrity, significant incidents(s) of regulatory non-compliance, potential risk of injury to staff, volunteers and contractors. The Institute is not willing to accept risks in most circumstances that may result in reputation damage, financial loss or exposure, major breakdown in information system or information integrity, significant incidents(s) of regulatory non-compliance, potential risk of injury to staff, volunteers and contractors. The Institute is not willing to accept risks under any circumstances that may result in reputation damage, financial loss or exposure, major breakdown in information system or information integrity, significant incidents(s) of regulatory non-compliance, potential risk of injury to staff, volunteers and contractors. In general, the Institute Board, staff, volunteers and contractors and its stakeholders. THE LOWITJA INSTITUTE RISK MANAGEMENT PLAN FINAL PAGE 15 OF 17

16 Risk Appetite Statement The statements below indicate the Institute Staff, Volunteers and Contractors Risk Appetite 2 We will continue to engage and retain staff, volunteers and contractors that meet the high standards of The Institute. General Reputation Risk Appetite 2 The Institute will continue to foster an environment of exemplary behaviour. It accepts that this impacts how the institution is viewed externally Financial Resources Risk Appetite 2 Securing adequate financial resources supports the Institute The Institute will maintain its high financial stewardship standards and will continue to ensure that financial commitments do not exceed available resources. Information Management Risk Appetite 2 The Institute will maintain the security, integrity and availability of information systems. The Institute will maintain controls to prevent unauthorised systems access with the ability to alter or create data. The Institute will strive to provide adequate hardware and bandwidth. OHSE Risk Appetite 1 The Institute will take corrective action to address known occupational health, safety, environment and volunteer/employee/contractor well-being exposures. Zero harm is the Institute THE LOWITJA INSTITUTE RISK MANAGEMENT PLAN FINAL PAGE 16 OF 17

17 Regulatory Environment Risk Appetite 1 The Institute will respond in accordance with established policy, procedure and agreements to any regulatory breach. Stakeholder Relationships Risk Appetite 2 The Institute will continue to maintain good relationships with critical stakeholders. Operations Risk Appetite 1 The Institute will not tolerate operational breaches and will pursue any persons responsible for fraud to the full extent of the law. Contagion Risk Appetite 2 The Institute will ensure that the risk of contagion from other indigenous organisations is minimised. Multiple contagion paths can materialise, financial or other. Business Development Risk Appetite 3 The Institute will accept a moderate level of risk to grow the business. Retained Funds Risk Appetite 1 The Institute will ensure retained funds are fully protected. THE LOWITJA INSTITUTE RISK MANAGEMENT PLAN FINAL PAGE 17 OF 17

Risk Management Policy and Framework

Risk Management Policy and Framework Risk Management Policy and Framework December 2014 phone 1300 360 605 08 89589500 email info@centraldesert.nt.gov.au location 1Bagot Street Alice Springs NT 0870 post PO Box 2257 Alice Springs NT 0871

More information

Risk Management: Coordinated activities to direct and control an organisation with regard to risk.

Risk Management: Coordinated activities to direct and control an organisation with regard to risk. POLICY CG01 RISK MANAGEMENT Document Control Statement This Policy is maintained by the Governance and Organisational Strategy. Any printed copy may not be up to date and you are advised to check the electronic

More information

RISK MANAGEMENT POLICY

RISK MANAGEMENT POLICY DOCUMENT TYPE: DOCUMENT STATUS: POLICY OWNER POSITION: INTERNAL COMMITTEE ENDORSEMENT: APPROVED BY: Council policy Approved Manager Organisational Development Risk Management Committee Council DATE ADOPTED:

More information

Council Meeting Agenda 27/07/15

Council Meeting Agenda 27/07/15 3 Risk Management Framework Abstract Council s Risk Management Framework ( the Framework ) was adopted by Council in 2012. The Framework provides structure and guidance to Council s risk management activities

More information

Managing Risk in Procurement Guideline

Managing Risk in Procurement Guideline Guideline DECD 14/10038 Managing Risk in Procurement Guideline Summary The Managing Risk in Procurement Guideline assists in the identification and minimisation of risks involved in the acquisition of

More information

RISK MANAGEMENT STRATEGY 2013-2016

RISK MANAGEMENT STRATEGY 2013-2016 RISK MANAGEMENT STRATEGY 2013-2016 As presented and endorsed by the Mornington Peninsula Shire s Audit Committee at its meeting of 20 February, 2013 and subsequent adoption by Council at its meeting of

More information

Avondale College Limited Enterprise Risk Management Framework 2014 2017

Avondale College Limited Enterprise Risk Management Framework 2014 2017 Avondale College Limited Enterprise Risk Management Framework 2014 2017 President s message Risk management is part of our daily life, something we do regularly; often without realising we are doing it.

More information

ENTERPRISE RISK MANAGEMENT FRAMEWORK

ENTERPRISE RISK MANAGEMENT FRAMEWORK ROCKHAMPTON REGIONAL COUNCIL ENTERPRISE RISK MANAGEMENT FRAMEWORK 2013 Adopted 25 June 2013 Reviewed: October 2015 TABLE OF CONTENTS 1. Introduction... 3 1.1 Council s Mission... 3 1.2 Council s Values...

More information

Compliance Management Framework. Managing Compliance at the University

Compliance Management Framework. Managing Compliance at the University Compliance Management Framework Managing Compliance at the University Risk and Compliance Office Effective from 07-10-2014 Contents 1 Compliance Management Framework... 2 1.1 Purpose of the Compliance

More information

Version Adoption by Council: 2013 Resolution Number: 2013/177 Current Version: V1.0 Administered by: Governance Coordinator

Version Adoption by Council: 2013 Resolution Number: 2013/177 Current Version: V1.0 Administered by: Governance Coordinator Risk Management Framework Version Adoption by Council: 2013 Resolution Number: 2013/177 Current Version: V1.0 TRIM CON: 12/1132 Administered by: Governance Coordinator Last Review Date: 2013 Next Review

More information

POL ENTERPRISE RISK MANAGEMENT SC51. Executive Services Department BUSINESS UNIT: Executive Support Services SERVICE UNIT:

POL ENTERPRISE RISK MANAGEMENT SC51. Executive Services Department BUSINESS UNIT: Executive Support Services SERVICE UNIT: POL ENTERPRISE RISK MANAGEMENT SC51 POLICY CODE: SC51 DIRECTORATE: Executive Services Department BUSINESS UNIT: Executive Support Services SERVICE UNIT: Executive Support Services RESPONSIBLE OFFICER:

More information

Core Infrastructure Risk Management Plan

Core Infrastructure Risk Management Plan SHIRE OF MOUNT MAGNET Roads and Buildings Core Infrastructure Risk Management Plan Version 1 May 2013 AM4SRRC Document Control Asset Management for Small, Rural or Remote Communities Document ID: 59_280_110211

More information

3 August 2012 Policy updated to reflect name changes and alignment with current Aurora Energy Group Policy standards.

3 August 2012 Policy updated to reflect name changes and alignment with current Aurora Energy Group Policy standards. Aurora Energy Risk Management Policy Version History REV NO. DATE REVISION DESCRIPTION APPROVAL 0 19/11/98 Risk Management Policy Prepared by: Manager Internal Audit 1 March 2007 Risk Management Policy

More information

Risk Management Policy

Risk Management Policy Risk Management Policy Responsible Officer Author Ben Bennett, Business Planning & Resources Director Julian Lewis, Governance Manager Date effective from December 2008 Date last amended December 2012

More information

SAI GLOBAL LIMITED Risk Management Policy

SAI GLOBAL LIMITED Risk Management Policy SAI GLOBAL LIMITED Risk Management Policy SAI Global Ltd ABN 67050611642 Last Updated: February 2012 Contents 1. Risk Management... 3 2. Policy... 3 3. Risk Management Philosophy... 3 4. Risk Appetite...

More information

PROCEDURES RISK MANAGEMENT FRAMEWORK AND GUIDELINES PURPOSE INTRODUCTION. 1 What is Risk?

PROCEDURES RISK MANAGEMENT FRAMEWORK AND GUIDELINES PURPOSE INTRODUCTION. 1 What is Risk? PROCEDURES RISK MANAGEMENT FRAMEWORK AND GUIDELINES PURPOSE This Framework and Guidelines have been developed in support of the CQUniversity Risk Management Policy and are intended for use by the CQUniversity

More information

Risk Management Policy Adopted by:

Risk Management Policy Adopted by: Risk Management Policy Adopted by: Infigen Energy Limited Infigen Energy (Bermuda) Limited Infigen Energy RE Limited in its capacity as Responsible Entity of Infigen Energy Trust Adopted: 17 December 2009

More information

Bridgend County Borough Council. Corporate Risk Management Policy

Bridgend County Borough Council. Corporate Risk Management Policy Bridgend County Borough Council Corporate Risk Management Policy December 2014 Index Section Page No Introduction 3 Definition of risk 3 Aims and objectives 4 Strategy 4 Accountabilities and roles 5 Risk

More information

Risk Management Framework

Risk Management Framework Risk Management Framework Category or Type Originally approved by, and date Administration and Management Vice Chancellor at VCAG on December 2008 Last approved revision October 2011 Sponsor Chief Operating

More information

Risk Management. Policy

Risk Management. Policy Policy Risk Management Endorsed: 26 February 2014 Brief description The GPC Risk Management Policy and its supporting standards and procedures provide a framework to ensure that risks arising from our

More information

Enterprise Risk Management Framework 2012 2016. Strengthening our commitment to risk management

Enterprise Risk Management Framework 2012 2016. Strengthening our commitment to risk management Enterprise Risk Management Framework 2012 2016 Strengthening our commitment to risk management Contents Director-General s message... 3 Introduction... 4 Purpose... 4 What is risk management?... 4 Benefits

More information

Risk Methodology. Contents. Introduction... 2. The Risk Management Structure... 2. The Risk Management Cycle... 2. Methodology...

Risk Methodology. Contents. Introduction... 2. The Risk Management Structure... 2. The Risk Management Cycle... 2. Methodology... Risk Methodology Contents Introduction... 2 The Risk Management Structure... 2 The Risk Management Cycle... 2 Methodology... 3 Appendix 1...5 Definition of Controls... 5 Appendix 2...6 Definition of Impact...

More information

Risk Management Policy and Process Guide

Risk Management Policy and Process Guide Risk Management Policy and Process Guide Status: pending Next review date: December 2015 Page 1 Information Reader Box Directorate Medical Nursing Patients & Information Commissioning Operations (including

More information

Hazard Identification, Risk Assessment and Control Management

Hazard Identification, Risk Assessment and Control Management The Paraplegic and Quadriplegic Association of SA Inc Hazard Identification, Risk Assessment and Control Management STATEMENT The Paraplegic and Quadriplegic Association of South Australia Incorporated

More information

SOUTHERN RURAL WATER POLICY RISK MANAGEMENT POLICY

SOUTHERN RURAL WATER POLICY RISK MANAGEMENT POLICY SOUTHERN RURAL WATER POLICY RISK MANAGEMENT POLICY 1. POLICY STATEMENT Having regard to AS/NZS ISO 31000 Risk Management, it shall be the Policy of SRW to manage risk to protect public safety, quality

More information

Revenue Scotland. Risk Management Framework

Revenue Scotland. Risk Management Framework Revenue Scotland Risk Management Framework Contents 1. Introduction... 3 1.1 Overview of risk management... 3 2. Policy statement... 4 3. Risk management approach... 5 3.1 Risk management objectives...

More information

A Risk Management Standard

A Risk Management Standard A Risk Management Standard Introduction This Risk Management Standard is the result of work by a team drawn from the major risk management organisations in the UK, including the Institute of Risk management

More information

6. Risk management plans for high risk activities and special events

6. Risk management plans for high risk activities and special events 6. Risk management plans for high risk activities and special events What is a high risk activity or special event? The answer to this question will be different for every organisation. A high risk activity

More information

ERM Program. Enterprise Risk Management Guideline

ERM Program. Enterprise Risk Management Guideline ERM Program Enterprise Management Guideline Table of Contents PREAMBLE... 2 When should I refer to this Guideline?... 3 Why do we need a Guideline?... 4 How do I use this Guideline?... 4 Who is responsible

More information

Shepway District Council Risk Management Policy

Shepway District Council Risk Management Policy Shepway District Council Risk Management Policy Contents Section 1 Risk Management Policy... 3 1. Updates and amendments... 3 2. Definition... 3 3. Policy statement... 3 4. Objectives... 3 Section 2 Risk

More information

University of New England Compliance Management Framework and Procedures

University of New England Compliance Management Framework and Procedures University of New England Compliance Management Framework and Procedures Document data: Document type: Administering entity: Framework and Procedures Audit and Risk Directorate Records management system

More information

Risk Management The International Standard

Risk Management The International Standard Risk Management The International Standard John Crawley & Emer McAneny June 2014 Who I am Accountant Banker Businessman Trainer Turnaround Expert Risk Expert Agenda Strategy GRC Tolera nce Identifica tion

More information

RISK AND OPPORTUNITY MANAGEMENT STRATEGY 2013-2014

RISK AND OPPORTUNITY MANAGEMENT STRATEGY 2013-2014 RISK AND OPPORTUNITY MANAGEMENT STRATEGY 2013-2014 Version 1.0 October 2013 Not protectively marked INDEX PAGE NO TITLE 3 Executive Summary 4 Our Shared Vision and Priorities 5 Outline of the Risk and

More information

The Risk Management strategy sets out the framework that the Council has established.

The Risk Management strategy sets out the framework that the Council has established. Derbyshire County Council Management Policy Statement The Authority adopts a proactive approach to Management to achieve Best Value and continuous improvement and is committed to the effective management

More information

State Records Guideline No 25. Managing Information Risk

State Records Guideline No 25. Managing Information Risk State Records Guideline No 25 Managing Information Risk Table of Contents 1 Introduction... 4 1.1 Purpose... 4 1.2 Authority... 4 2 Risk Management and Information... 5 2.1 Overview... 5 2.2 Risk management...

More information

Analyzing Risks in Healthcare. February 12, 2014

Analyzing Risks in Healthcare. February 12, 2014 Analyzing s in Healthcare February 12, 2014 1 Content What is Enterprise Management (ERM) ERM Benefits ERM Standards / ISO 31000:2009 ERM Process Register ERM Governance Model s Q&A 2 What is Enterprise

More information

Title: OHS Risk Management Procedure

Title: OHS Risk Management Procedure Issue Date: July 2011 Review Date: July 2013 Page Number: 1 of 9 1. Purpose: To outline the methodology by which Department of Education and Early Childhood Development (DEECD) identifies, assesses, controls

More information

Paper J WEST LEICESTERSHIRE CLINICAL COMMISSIONING GROUP BOARD MEETING. 10 February 2015. Governance How we manage our business

Paper J WEST LEICESTERSHIRE CLINICAL COMMISSIONING GROUP BOARD MEETING. 10 February 2015. Governance How we manage our business Paper J WEST LEICESTERSHIRE CLINICAL COMMISSIONING GROUP BOARD MEETING 10 February 2015 Title of the report: Section: Report by: Presented by: Risk Management Strategy & Policy Governance How we manage

More information

ENTERPRISE RISK M A NAGEMENT POLICY

ENTERPRISE RISK M A NAGEMENT POLICY Tablelands Regional Council ENTERPRISE RISK M A NAGEMENT POLICY Draft Final Policy No: PD 3.3.1 File ref: PD 3.3.1 Policy Section: INSURANCE AND RISK MANAGEMENT Version: 1 Date Adopted: 7 July 2010 Review

More information

A guide for members APES 325 Risk Management for Firms

A guide for members APES 325 Risk Management for Firms A guide for members APES 325 Risk Management for Firms An explanation and introduction to APES 325 Risk Management for Firms Overview of the scope and application of a risk management framework. APES 325

More information

Risk Management Procedure

Risk Management Procedure Purpose of this document Develop and document procedures and work instructions for Risk Management to cover the project Stages set out in the Project Process Map. The purpose of this procedure is to identify

More information

Bedford Group of Drainage Boards

Bedford Group of Drainage Boards Bedford Group of Drainage Boards Risk Management Strategy Risk Management Policy January 2010 1 Contents 1. Purpose, Aims & Objectives 2. Accountabilities, Roles & Reporting Lines 3. Skills & Expertise

More information

RISK MANAGEMENT STRATEGY

RISK MANAGEMENT STRATEGY RISK MANAGEMENT STRATEGY 1 Introduction The purpose of this document is to outline a which facilitates the effective recognition and management of risks facing the University. The Combined Code on Corporate

More information

An Introduction to Risk Management. For Event Holders in Western Australia. May 2014

An Introduction to Risk Management. For Event Holders in Western Australia. May 2014 An Introduction to Risk Management For Event Holders in Western Australia May 2014 Tourism Western Australia Level 9, 2 Mill Street PERTH WA 6000 GPO Box X2261 PERTH WA 6847 Tel: +61 8 9262 1700 Fax: +61

More information

Project Risk Management. Presented by Stephen Smith

Project Risk Management. Presented by Stephen Smith Project Risk Management Presented by Stephen Smith Introduction Risk Management Insurance Business Financial Project Risk Management Project A temporary endeavour undertaken to create a unique product

More information

Risk Management Policy

Risk Management Policy Risk Management Policy Effective from 4 July 2015 Version Number: 2.1 Author: Director of Planning Planning Directorate Document Control Information Status and reason for development Revised updating the

More information

Risk Management Policy

Risk Management Policy Risk Management Policy DOCUMENT CONTROL Developed by: Date: Origination: Quality, Systems & Shared s March 2014 Authorised by: Colette Kelleher April 2014 DOCUMENT REVIEW HISTORY Original Circulation date:

More information

Waveney Lower Yare & Lothingland Internal Drainage Board Risk Management Strategy and Policy

Waveney Lower Yare & Lothingland Internal Drainage Board Risk Management Strategy and Policy Waveney Lower Yare & Lothingland Internal Drainage Board Risk Management Strategy and Policy Page: 1 Contents 1. Purpose, Aims & Objectives 2. Accountabilities, Roles & Reporting Lines 3. Skills & Expertise

More information

RISK MANAGEMENT FOR INFRASTRUCTURE

RISK MANAGEMENT FOR INFRASTRUCTURE RISK MANAGEMENT FOR INFRASTRUCTURE CONTENTS 1.0 PURPOSE & SCOPE 2.0 DEFINITIONS 3.0 FLOWCHART 4.0 PROCEDURAL TEXT 5.0 REFERENCES 6.0 ATTACHMENTS This document is the property of Thiess Infraco and all

More information

Risk Management Guide

Risk Management Guide Risk Management Guide Page(s) Introduction 3 The 5 steps to identifying risk 4 Risk Management Process - Step 1 5 Identify - Step 2 Assess Step 3 5-6 6 Control - Step 4 6 Monitor and Review -Step 5 6 Risk

More information

APPENDIX 4. Risk Tables

APPENDIX 4. Risk Tables APPENDIX 4 Tables Preliminary Qualitative Criteria The qualitative risk assessment criteria have been developed to identify key risks to the environment, society, heritage and business reputation. The

More information

River Stour (Kent) Internal Drainage Board Risk Management Strategy and Policy

River Stour (Kent) Internal Drainage Board Risk Management Strategy and Policy River Stour (Kent) Internal Drainage Board Risk Management Strategy and Policy Page: 1 Contents 1. Purpose, Aims & Objectives 2. Accountabilities, Roles & Reporting Lines 3. Skills & Expertise 4. Embedding

More information

Administration and General Order No. AD/1/TBC

Administration and General Order No. AD/1/TBC COUNTY DURHAM AND DARLINGTON FIRE AND RESCUE SERVICE Administration and General Order No. AD/1/TBC CORPORATE RISK MANGEMENT POLICY 1. INTRODUCTION 1.1 County Durham and Darlington Combined Fire Authority

More information

POLICY. Number: 7311-10-005 Title: Enterprise Risk Management. Authorization

POLICY. Number: 7311-10-005 Title: Enterprise Risk Management. Authorization POLICY Number: 7311-10-005 Title: Enterprise Risk Management Authorization [ ] President and CEO [ X] Vice President, Finance and Corporate Services Source: Director, Enterprise Risk Management Cross Index:

More information

Project Risk Analysis toolkit

Project Risk Analysis toolkit Risk Analysis toolkit MMU has a corporate Risk Management framework that describes the standard for risk management within the university. However projects are different from business as usual activities,

More information

Victorian Government Risk Management Framework. March 2015

Victorian Government Risk Management Framework. March 2015 Victorian Government Risk Management Framework March 2015 This document reproduces parts of the AS/NZS ISO 31000:2099 Risk Management Principles and Guidelines. Permission has been granted by SAI Global

More information

Integrated Risk Management Policy

Integrated Risk Management Policy Integrated Management Policy Document reference number Document developed by Quality and Patient Safety Directorate Revision number 4 Document approved by Quality and Patient Safety Directorate Approval

More information

Discipline: Technical Services Category: Procedure. Risk Management RM-01 2013. Applicability. ARTC Network Wide. Interstate Network.

Discipline: Technical Services Category: Procedure. Risk Management RM-01 2013. Applicability. ARTC Network Wide. Interstate Network. Discipline: Technical Services Category: Procedure Risk Management RM-01 2013 Applicability ARTC Network Wide Interstate Network Hunter Valley Document Status Version Prepared by Reviewed by Endorsed Approved

More information

RISK MANAGEMENT FRAMEWORK

RISK MANAGEMENT FRAMEWORK RISK MANAGEMENT FRAMEWORK DOCUMENT INFORMATION DOCUMENT TYPE: DOCUMENT STATUS: POLICY OWNER POSITION: INTERNAL COMMITTEE ENDORSEMENT: APPROVED BY: Strategic document Approved Manager Organisational Development

More information

Compliance Policy AGL Energy Limited

Compliance Policy AGL Energy Limited Compliance Policy AGL Energy Limited November 2013 Table of Contents 1. About this Document... 3 2. Policy Statement... 4 3. Purpose... 4 4. AGL Compliance Context... 4 5. Scope... 5 6. Objectives... 5

More information

Revised Risk Management Policy and Framework. Report by Head of Finance

Revised Risk Management Policy and Framework. Report by Head of Finance Audit Committee 29 April 2010 Item No 7 Revised Risk Management Policy and Framework Report by Head of Finance Summary A substantial review of our current Risk Management Strategy has been carried out.

More information

ENTERPRISE RISK MANAGEMENT POLICY

ENTERPRISE RISK MANAGEMENT POLICY ENTERPRISE RISK MANAGEMENT POLICY TITLE OF POLICY POLICY OWNER POLICY CHAMPION DOCUMENT HISTORY: Policy Title Status Enterprise Risk Management Policy (current, revised, no change, redundant) Approving

More information

R I S K M A N A G E M E N T S Y S T E M F R A M E W O R K

R I S K M A N A G E M E N T S Y S T E M F R A M E W O R K R I S K M A N A G E M E N T S Y S T E M F R A M E W O R K VERSION REV 4.0 OWNER VP OPS AND ENG EFFECTIVE DATE MARCH 2014 REVIEW DATE MARCH 2014 1. PURPOSE, APPLICATION AND SCOPE This Management System

More information

ENTERPRISE RISK MANAGEMENT NARACOORTE LUCINDALE COUNCIL GUIDELINES

ENTERPRISE RISK MANAGEMENT NARACOORTE LUCINDALE COUNCIL GUIDELINES ENTERPRISE RISK MANAGEMENT NARACOORTE LUCINDALE COUNCIL GUIDELINES December 2015 NLC Enterprise Risk Management Guidelines Contents INTRODUCTION... 3 1. Enterprise Risk Management Principles... 5 2. The

More information

Confident in our Future, Risk Management Policy Statement and Strategy

Confident in our Future, Risk Management Policy Statement and Strategy Confident in our Future, Risk Management Policy Statement and Strategy Risk Management Policy Statement Introduction Risk management aims to maximise opportunities and minimise exposure to ensure the residents

More information

ISO 31000:2009 - ISO/IEC 31010 & ISO Guide 73:2009 - New Standards for the Management of Risk

ISO 31000:2009 - ISO/IEC 31010 & ISO Guide 73:2009 - New Standards for the Management of Risk Kevin W Knight AM CPRM; Hon FRMIA; FIRM (UK); LMRMIA: ANZIIF (Mem) ISO 31000:2009 - ISO/IEC 31010 & ISO Guide 73:2009 - New Standards for the Management of Risk History of the ISO and Risk Management Over

More information

Quality and Engagement Sub Committee

Quality and Engagement Sub Committee Quality and Engagement Sub Committee 12 June 2012 Corporate Risk Register and Risk Management Strategy Executive Summary As part of authorisation, Blackpool Clinical Commissioning Group (CCG) must identify

More information

Xavier Catholic College Risk Management. Policy

Xavier Catholic College Risk Management. Policy Xavier Catholic College Risk Management Policy 18 March 2013 Sourced from CSOHS Online. Source CSO Broken Bay 2012 Page 1 Risk Management Policy (Draft) PURPOSE Risk management is the culture, processes

More information

Insurance management policy and guidelines. for general government sector, September 2007

Insurance management policy and guidelines. for general government sector, September 2007 Insurance management policy and guidelines for general government sector September 2007 i Contents 1. Introduction... 2 2. Identifying risk is the first step... 2 3. What is risk?... 2 4. Insurance is

More information

13 ENVIRONMENTAL AND SOCIAL MANAGEMENT SYSTEM

13 ENVIRONMENTAL AND SOCIAL MANAGEMENT SYSTEM 13 ENVIRONMENTAL AND SOCIAL MANAGEMENT SYSTEM This ESIA has identified impacts (both positive and negative) to the physical, natural and socio-economic environments, as well as to community and worker

More information

GUIDELINE NO. 22 REGULATORY AUDITS OF ENERGY BUSINESSES

GUIDELINE NO. 22 REGULATORY AUDITS OF ENERGY BUSINESSES Level 37, 2 Lonsdale Street Melbourne 3000, Australia Telephone.+61 3 9302 1300 +61 1300 664 969 Facsimile +61 3 9302 1303 GUIDELINE NO. 22 REGULATORY AUDITS OF ENERGY BUSINESSES ENERGY INDUSTRIES JANUARY

More information

Group Risk Management Policy

Group Risk Management Policy Group Risk Management Policy Originator: Approval date: Policy and Strategy Team Sovini Board PCHA Board OVH Board/EMT 6 th December 2013 31 st October 2013 14 th October 2013 Review date: December 2014

More information

Business Planning, Risk Management and Quality. Mike Harris Immediate Past Chairman, AOQ-QLD Manager Business Systems, AECOM

Business Planning, Risk Management and Quality. Mike Harris Immediate Past Chairman, AOQ-QLD Manager Business Systems, AECOM Business Planning, Risk Management and Quality Mike Harris Immediate Past Chairman, AOQ-QLD Manager Business Systems, AECOM Australian Organisation for Quality A Professional Member based Incorporated

More information

APPENDIX 50. Enterprise risk management - Risk management overview

APPENDIX 50. Enterprise risk management - Risk management overview APPENDIX 50 Enterprise risk management - Risk management overview Energex regulatory proposal October 2014 ENTERPRISE RISK MANAGEMENT Risk Management Overview (RMO) 06 11 2013 Table of Contents 1. INTRODUCTION...

More information

Risk assessment. made simple

Risk assessment. made simple Risk assessment made simple July 2015 1 Sayer Vincent LLP Chartered accountants and statutory auditors Invicta House 108 114 Golden Lane London EC1Y 0TL Offices in London, Bristol and Birmingham 020 7841

More information

HEALTH SAFETY & ENVIRONMENT MANAGEMENT SYSTEM

HEALTH SAFETY & ENVIRONMENT MANAGEMENT SYSTEM HEALTH SAFETY & ENVIRONMENT MANAGEMENT SYSTEM September 2011 OUR HEALTH, SAFETY AND ENVIRONMENT POLICY OUR PRINCIPLE OF DUE CARE We care about the wellbeing of our people and our impact on the environment.

More information

Policy and Procedure Statement

Policy and Procedure Statement Policy and Procedure Statement SUBJECT: Enterprise Risk CATEGORY: General Administration NO. 502-G PREAMBLE Risk exists in all activities and cannot be avoided, nor can it always be eliminated. However,

More information

RISK MANAGEMENT FRAMEWORK. 2 RESPONSIBLE PERSON: Sarah Price, Chief Officer

RISK MANAGEMENT FRAMEWORK. 2 RESPONSIBLE PERSON: Sarah Price, Chief Officer RISK MANAGEMENT FRAMEWORK 1 SUMMARY The Risk Management Framework consists of the following: Risk Management policy Risk Management strategy Risk Management accountability Risk Management framework structure.

More information

V1.0 - Eurojuris ISO 9001:2008 Certified

V1.0 - Eurojuris ISO 9001:2008 Certified Risk Management Manual V1.0 - Eurojuris ISO 9001:2008 Certified Section Page No 1 An Introduction to Risk Management 1-2 2 The Framework of Risk Management 3-6 3 Identification of Risks 7-8 4 Evaluation

More information

Version: 3.0. Effective From: 19/06/2014

Version: 3.0. Effective From: 19/06/2014 Policy No: RM66 Version: 3.0 Name of Policy: Business Continuity Planning Policy Effective From: 19/06/2014 Date Ratified 05/06/2014 Ratified Business Service Development Committee Review Date 01/06/2016

More information

Risk Management Framework

Risk Management Framework Risk Management Framework THIS PAGE INTENTIONALLY LEFT BLANK Foreword The South Australian Government Risk Management Policy Statement 2009 advocates that consistent and systematic application of risk

More information

Policy 10.105: Enterprise Risk Management Policy

Policy 10.105: Enterprise Risk Management Policy Name: Responsibility: Complements: Enterprise Risk Management Framework Coordinator, Enterprise Risk Management Policy 10.105: Enterprise Risk Management Policy Date: November 2006 Revision Date(s): January

More information

Hazard Identification, Risk Assessment and Management Procedure. Documentation Control

Hazard Identification, Risk Assessment and Management Procedure. Documentation Control Hazard Identification, Risk Assessment and Management Procedure Reference: Date approved: Approving Body: Implementation Date: Version: 3 Documentation Control GG/CM/007 Trust Board Supersedes: Version

More information

Removal of Gender Restrictions on Australian Defence Force Combat Role Employment Categories

Removal of Gender Restrictions on Australian Defence Force Combat Role Employment Categories Removal of Gender Restrictions on Australian Defence Force Combat Role Employment Categories Risk Management Plan INTENTIONALLY BLANK 1. Introduction The purpose of this Risk Management Plan (RMP) is to

More information

London Legacy Development Corporation s Statement of Risk Appetite September 2015

London Legacy Development Corporation s Statement of Risk Appetite September 2015 London Legacy Development Corporation s Statement of Risk Appetite September 2015 Appendix 1 1. INTRODUCTION 1.1 Her Majesty s Treasury uses the Orange Book definition of risk management The amount of

More information

RISK MANAGEMENT. Authors: Phil McNaull / Lorraine Loy Approved By: PME and Court Date: December 2008 Version: 4.0 1

RISK MANAGEMENT. Authors: Phil McNaull / Lorraine Loy Approved By: PME and Court Date: December 2008 Version: 4.0 1 RISK MANAGEMENT 1 Contents Introduction 2 Corporate Governance 2 Purpose of this policy 2 Policy Objectives 2 Policy Statement 3 Scope of the policy 3 What is Risk? 4 The University s Approach 4 Description

More information

CONTROLLED DOCUMENT. Number: Version Number: 4. On: 25 July 2013 Review Date: June 2016 Distribution: Essential Reading for: Information for:

CONTROLLED DOCUMENT. Number: Version Number: 4. On: 25 July 2013 Review Date: June 2016 Distribution: Essential Reading for: Information for: CONTROLLED DOCUMENT Risk Management Strategy and Policy CATEGORY: CLASSIFICATION: PURPOSE: Controlled Number: Document Version Number: 4 Controlled Sponsor: Controlled Lead: Approved By: Document Document

More information

Risk Management - Enterprise-Wide Risk Management Policy and Framework NSW Health

Risk Management - Enterprise-Wide Risk Management Policy and Framework NSW Health Policy Directive Ministry of Health, NSW 73 Miller Street North Sydney NSW 2060 Locked Mail Bag 961 North Sydney NSW 2059 Telephone (02) 9391 9000 Fax (02) 9391 9101 http://www.health.nsw.gov.au/policies/

More information

Risk Management Policy

Risk Management Policy Risk Management Policy Risk Management Policy Record Number D14/79827 Responsible Manager Manager Strategy and Governance Last reviewed 10 March 2015 Adoption reference Council Resolution number 90.5 Previous

More information

RISK MANAGEMENT TOOLKIT

RISK MANAGEMENT TOOLKIT RISK MANAGEMENT TOOLKIT (OPERATIONAL) This toolkit has been adapted from the toolkit prepared by the Finance Facilities and Planning Services Branch of the Department of Education and the University of

More information

1.20 Appendix A Generic Risk Management Process and Tasks

1.20 Appendix A Generic Risk Management Process and Tasks 1.20 Appendix A Generic Risk Management Process and Tasks The Project Manager shall undertake the following generic tasks during each stage of Project Development: A. Define the project context B. Identify

More information

Risk assessment. made simple. sayer vincent consultants and auditors. Introduction 3. step1 Identifying the risks 4. step2 Assessing the risks 7

Risk assessment. made simple. sayer vincent consultants and auditors. Introduction 3. step1 Identifying the risks 4. step2 Assessing the risks 7 Risk assessment made simple Introduction 3 step1 Identifying the risks 4 step2 Assessing the risks 7 step3 Establishing action points 11 step4 Developing a risk register 13 Monitoring and assessment 14

More information

Business Continuity Management Policy

Business Continuity Management Policy Business Continuity Management Policy May 2009 Document Document drafted by Office of Quality and Risk Reference Number OQR032 Document approved by Ms. E. Dunne, Head of Quality and Risk Revision Number

More information

Risk Management - Board & Management Responsibilities Murray Short, MBA, CPA CA Not-for-Profit Partner RLB LLP

Risk Management - Board & Management Responsibilities Murray Short, MBA, CPA CA Not-for-Profit Partner RLB LLP Risk Management - Board & Management Responsibilities Murray Short, MBA, CPA CA Not-for-Profit Partner RLB LLP 2 AGENDA About RLB / About Our Not-for-Profit Team Defining Risk Types of Organizational Risk

More information

St Patrick s Catholic School

St Patrick s Catholic School St Patrick s Catholic School Risk Management Policy Date 2012 Version No 1 Responsible Person Rodney Linhart Approved By Rodney Linhart Review Date 2016 Related Documents 2a WHS Hazard and Risk Register,

More information

MANAGING LEGAL RISK IN AN INTEGRATED GRC FRAMEWORK A BRIEFING PAPER. www.claytonutz.com

MANAGING LEGAL RISK IN AN INTEGRATED GRC FRAMEWORK A BRIEFING PAPER. www.claytonutz.com MANAGING LEGAL RISK IN AN INTEGRATED GRC FRAMEWORK A BRIEFING PAPER www.claytonutz.com BACKGROUND Organisations are finding that their stakeholders (particularly Boards) are seeking greater assurance of

More information

MARCH 2012. Strategic Risk Policy Update March 2012 v1.10.doc

MARCH 2012. Strategic Risk Policy Update March 2012 v1.10.doc MARCH 2012 Version 1.10 Strategic Risk Policy Update March 2012 v1.10.doc Document History Current Version Document Name Risk Management Policy Statement and Strategic Framework Last Updated By Alan Till

More information

Risk Assessment and Risk Register Policy. Contents

Risk Assessment and Risk Register Policy. Contents Classification: Policy Lead Author: Paul Dodd Head of risk management Additional author(s): N/A Authors Division: Corporate Unique ID: RM6(06) Issue number: 3 Expiry Date: January 2017 Contents Section

More information

In accordance with risk management best practices, below describes the standard process for enterprise risk management (ERM), including:

In accordance with risk management best practices, below describes the standard process for enterprise risk management (ERM), including: Enterprise Risk Management Process and Procedures Scope In accordance with risk management best practices, below describes the standard process for enterprise risk management (ERM), including: Risk identification

More information

Procurement of Goods, Services and Works Policy

Procurement of Goods, Services and Works Policy Procurement of Goods, Services and Works Policy Policy CP083 Prepared Reviewed Approved Date Council Minute No. Procurement Unit SMT Council April 2016 2016/0074 Trim File: 18/02/01 To be reviewed: March

More information