RISK MANAGEMENT PLAN

Transcription

1 RISK MANAGEMENT PLAN Adpted at the Ordinary Meeting f Cuncil n 9 February 2010 G:\CEO\CEOs Sectin\Manuals Reprts\Risk Management\Risk Management Plan FINAL.dc

2 TABLE OF CONTENTS Ri sk Management PLAN... 3 Purpse... 3 Objectives... 3 Outcmes... 3 Risk Management Plicy... 4 Risk Management Guide Fr COUNCIL members... 6 Risk Management Crdinatr s/cmmittee Rle... 8 Twn f Vincent Risk Management Rles and Respnsibilities... 8 Risk Management Steering Cmmittee Terms f Reference... 9 Risk Management Organisatinal Structure...11 Ri sk Management Delegatins and Authrities...12 Delegatin f Risk Management Respnsibilities Prfrma...12 Risk Management Tl AS/NZS ISO 31000:2009 Risk Management...13 Risk Definitin and Classificatin...14 Cnsequence...14 Likelihd...15 Level f Risk...15 Scpe f Risk Management...16 Risk Management Systems...17 Implementatin Plan...18 Implementatin Actins...19 Establishing Effective Risk Management...20 Culture Building...21 The Risk Management Prcess...22 Identifying Risks...23 Evaluating Risks...24 Treating Risks...25 Ri sk Registers...26 Operatinal Risk Register...26 Strategic Risk Register...26 Ri sk Management in Apprval Services...27 The Decisin Making Prcess...27 Risk Management Key Perfrmance Measures P age

3 RISK MANAGEMENT PLAN PURPOSE T develp and implement a structure, systems and prcesses fr risk management incrprating the principles and practices f AS/NZS ISO 31000:2009, that is implemented acrss all aspects f the rganisatin. OBJECTIVES T develp a plicy, prcess and implementatin plan T develp audit tls fr initial rganisatin wide assessment and nging evaluatin T develp and implement a training and change management prgram T surce and intrduce a system fr risk prfiling and registratin T develp a prcess t include risk management as an integral part f rganisatinal perfrmance and each emplyee s Key Perfrmance Indicatrs (KPIs) and perfrmance criteria. OUTCOMES An Organisatin Wide Plicy implemented and cmmunicated t all emplyees and stakehlders An rganisatinal risk management structure Initial enterprise wide risk management systems audit Training and develpment prgram t fster a hazard and risk management culture Implementatin t all levels f emplyees and management cmmencing at inductin Intrductin f, and training n risk prfiling and registratin system Develpment f an evaluatin prcess linked t the planning cycle f the Organisatin. Page 3 f 28

4 RISK MANAGEMENT POLICY Intent The Twn f Vincent ( the Twn ) is cmmitted t rganisatin wide risk management principles, systems and prcesses that ensure cnsistent, efficient, and effective assessment f risk in all planning, decisin making and peratinal prcesses. Definitin f Risk : AS/NZS ISO 31000:2009 defines risk as effect f uncertainty n bjectives. A risk is ften specified in terms f an event r circumstance and the cnsequences that may flw frm it. Definitin f Risk Management : AS/NZS ISO 31000:2009 defines risk management as the culture, prcesses and structures that are directed twards realizing ptential pprtunities whilst managing adverse effects. Principles The Twn cnsiders risk management t be an essential management functin in its peratin as a prgressive Lcal Gvernment. The Twn recgnises that the risk management respnsibility lies with the persn wh has the respnsibility fr the functin, service r activity that gives rise t the risk. The Twn is cmmitted t the principles f m anaging risk as utlined in AS/ NZS ISO 31000:2009. The Twn will manage risks cntinuusly using a prcess invlving the identificatin, analysis, evaluatin, treatment, mnitring and review f risks. It will be applied t decisin making thrugh all levels f the Cuncil and the Twn in relatin t planning r executing any functin, service r activity. In particular it will be applied t: Expenditure f large amunts f mney New strategies and prcedures Managing prjects Intrducing significant change, and The management f sensitive issues. Risk Management Objectives The achievement f Organisatinal Gals and Objectives. The health and safety f all emplyees at the wrkplace is nt cmprmised. Public safety within the Twn s jurisdictin is nt cmprmised. Limited lss r damage t prperty and ther assets. Limited interruptin t business cntinuity. Psitive public perceptin f the Cuncil and the Twn. T apply Equal Opprtunity principles in the wrkfrce and the cmmunity. Page 4 f 28

5 Respnsibilities Directrs, Managers and Supervisrs have the respnsibility and accuntability fr ensuring all emplyees manage risks within their wn wrk areas. In each f these areas, risks shuld be anticipated and reasnable prtective measures taken. All managers will encurage penness and hnesty in the reprting and escalatin f risks. All emplyees will be encuraged t alert management t the risks that exist within their area, withut fear f recriminatin. All emplyees will, after apprpriate training, adpt the principles f risk management and cmply with all plicies, prcedures and practices relating t risk management. All emplyees will, as required, cnduct risk assessments during the perfrmance f their daily duties. The level f sphisticatin f the risk assessment will be cmmensurate with the scpe f the task and the assciated level f risk identified. Failure by emplyees t bserve reasnable directins frm supervisrs regarding the management f risks and/r failure f emplyees t take reasnable care in identifying and treating risks in the wrkplace may result in disciplinary actin. It is the respnsibility f every department t bserve and implement this plicy in accrdance with prcedures and initiatives that are develped by management frm time t time. Cuncil is cmmitted mrally and financially t the cncept and resurcing f risk management. Mnitr and review The Organisatin will implement a rbust reprting and recrding system that will be regularly mnitred t ensure clseut f risks and identificatin f nging issues and trends. Risk management key perfrmance indicatrs, relating t bth Organisatinal and Persnal perfrmance will be develped, implemented and mnitred, by the Twn. Signed:.... Date / /2010 Jhn Girgi, JP Chief Executive Officer Page 5 f 28

6 RISK MANAGEMENT GUIDE FOR COUNCIL MEMBERS Crprate Gvernance can be defined as the system by which rganisatins are directed and cntrlled. It is cncerned with imprving perfrmance f the rganisatin fr the benefit f the sharehlders r stakehlders, wh in the case f a Lcal Gvernment wuld be the ratepayers. It fcuses n the cnduct f and the relatinship between the Bard f Directrs (in this case the Cuncillrs), Directrs, managers and the stakehlders. Crprate Gvernance generally refers t prcesses by which rganisatins are directed, cntrlled and held t accunt. Risk Management cntributes t gd crprate gvernance by prviding reasnable assurance t Cuncil and Senir Officers that the rganisatinal bjectives will be achieved within a tlerable degree f residual risk. Sund risk management nt nly cntributes t gd gvernance but als prvides sme degree f prtectin fr Cuncil Members and Officers in the event f adverse utcmes. Prvided risks have been managed in accrdance with the prcesses set ut in the Australian Standard fr risk management AS/NZS ISO 31000:2009 prtectin ccurs n tw levels. Firstly adverse utcmes may nt be as severe as they might therwise have been, secndly thse accuntable can, in their defence, demnstrate that they have exercised a prper level f diligence. In its fcus n psitive utcmes, risk management ffers reassurance and supprt t thse aspects f crprate gvernance directed t enhancing rganisatinal perfrmance. The use f the Risk Management Standard prvides a structure t facilitate cmmunicatin and cnsultatin between external stakehlders, gverning bdies, management and persnnel at all levels n defining and achieving rganisatinal gals. One f the key respnsibilities fr Cuncil Members, as the Crprate Gvernrs f the Twn, is t ensure respnsible and effective decisin making. Risk is inherent in all decisin making, whether relating t minr, majr, strategic r peratinal issues r smetimes in deciding nt t take any actin at all. Lcal Gvernment is an area where a member f the public can be elected t ffice and attend their first Cuncil meeting within days r weeks, where they participate in critical decisin making that can affect a cmmunity far int the future. This ften invlves great sums f mney and can have a significant impact affect n individuals r cmmunities either adversely r psitively depending n the quality f the decisins. T be able t take yur current knwledge and expertise, add it t infrmatin prvided by apprpriate prfessinals and apply it t areas yu may never have experienced befre requires a systematic apprach. This prvides cntext and criteria t review the quantity and quality f infrmatin against and ffers the pprtunity fr meaningful debate and infrmed decisin making that remves emtins and ptential fr bias. The respnsibility fr presenting the infrmatin primarily lies with the Officers, wh have been recruited and trained in their areas f prfessinal expertise, hwever it is the rle f Cuncil t evaluate that infrmatin and ensure that all relevant aspects are cnsidered and the best decisin pssible made. The benefits f risk management being implemented as a plicy statement f Cuncil with a frmal risk management structure and reprting prcess, is that it will ver time becme rganisatinal culture and as such reduce ptential lss and enhance utcmes as a matter f curse, practised by all members f Cuncil and all emplyees. Page 6 f 28

7 An Cuncil Member s persnal respnsibilities in risk management is t ensure that the strategic directin, plans and areas f principal activity r infrastructure planning have the Standard applied as a rutine part f the planning prcess, and that all prjects, tender dcuments and utsurcing activities have a risk management cmpnent. Executive fficers f Cuncil are respnsible fr managing the peratinal prcesses, including human resurce risk management, which must als be cnsidered in the lng term planning ff services and facilities. The key benefit f using the Standard in planning is that it allws all decisin making t take a lgical curse and remves emtive aspects by taking an apprach that requires facts, expertise and validatin. Figure ne belw utlines the Standard, which is used in cnjunctin with a likelihd and cnsequences matrix and a risk tlerance guideline apprved by each rganisatin s gverning bdy. C O M M U N I C A T E Establish the Cntext Identify Risks Analyse Determine Likelihd Risks Determine Cnsequence M O N I T O R A N D Fig. 1 Risk Management Prcess Reference: Standards Australia, AS/NZS ISO 31000:2009, Risk Management, A N D C O N S U L T Assess Risks Estimate Risk Level Evaluate Risks Accept Risks R E V I E W Treat Risks Page 7 f 28

8 RISK MANAGEMENT COORDINATOR S/COMMITTEE ROLE Twn f Vincent Risk Management Rles and Respnsibilities. Chief Executive Officer Prepares quarterly reprts fr the Twn s Audit Cmmittee, highlighting H igh and Extreme risks. Prmtes the risk management culture and mentrs management and risk management champins. Assist senir management and external stakehlders in the preparatin f risk assessments. Develps an internal audit system. Directrs Distribute risk management reprts Ensure risk management infrmatin is accessible t all emplyees Assist sectin management with the crdinatin f risk assessments, analysis and treatment ptins. Assist emplyees in the preparatin f risk assessments relevant t their tasks and functins Crdinate relevant training in cllabratin with the HR Manager and Sectin Managers. Risk Management Administrative Supprt Recrds all risk management cmmittee meetings and ensures minutes are distributed t all members f the Risk Management Steering Cmmittee. Prepares and distributes agenda fr meetings Ensures administrative arrangements fr meetings are met Maintains all cmmittee recrds Maintains the Central Risk Register and the Strategic Risk Register Crdinates and manages the recrds f all risk management prcesses. Page 8 f 28

9 RISK MANAGEMENT STEERING COMMITTEE TERMS OF REFERENCE SAMPLE RISK MANAGEMENT COMMITTEE TERMS OF REFERENCE 1. Title f Cmmittee The Twn s Audit Cmmittee shall be respnsible fr verseeing the Twn s Risk Management Plan and Plicy. 2. Authrity The actins and pwers f the Audit Cmmittee (in additin t the Audit rle) are t: T supprt the implementatin f the risk management and culture develpment prgram thrughut the Twn T make recmmendatin f the risk tlerance level fr Cuncil t cnsider an d adpt as apprpriate. Bring t the attentin f Cuncil the high t extreme identified risks, and their recmmended treatment Establish the Risk Management Plan, which is t be aligned with the strategic planning prcess. 3. Cmmittee Structure and Frmat Membership (nn vting) is t include the Executive Management Team and the Human Resurces Manager. Other emplyees can be c pted t the cmmittee as deemed apprpriate. 4. Entitlements Cmmittee members shuld have the fllwing entitlements: Training relevant t their functins and respnsibilities. Sufficient time allcated during nrmal wrk hurs t perfrm the cmmittee duties 5. Frequency f Meetings The Cmmittee will meet at least quarterly. 6. Qurum The minimum qurum fr scheduled and extrardinary meetings shall be the Chairpersn, ne Cuncil Member and 50% f the Executive management representatives. 7. Order f Meetings Discussin at the cmmittee meetings will be cntrlled thrugh an agenda. Any individual wishing a specific item t be included in the agenda shuld advise the Chief Executive Officer prir t the meeting date. Items t be cnsidered in the agenda are: Risk Management Plan Risk Management Training Requirements Risk Management Register/Annual Audit Risk Management Treatment actins Risk Management issues fr reslutin Risk Management Key perfrmance indicatrs. Cst benefit analysis f risk Page 9 f 28

10 8. Recrding f Minutes Accurate and cncise minutes will be recrded at each meeting and all agreed actins shuld include the respnsible persn s name and an actin by date. The minutes will be distributed t each cmmittee member prir t the next meeting where they will be accepted as a true and accurate recrd at that meeting. Once the minutes have been accepted and signed by the Chairpersn they are t be placed n recrd and reprted t the Cuncil. 9. Decisin Making The cmmittee will, wherever pssible, reach any decisin by cnsensus. Where this is nt pssible the chair shall call fr a vte, a simple majrity shall be required t carry any mtin. Reasns fr any dissent shall be recrded in the minutes. 10. Respnsibilities f Office Bearers Chairpersn Apprve meeting time and venue Direct and guide discussin at meetings Ensure all agenda items are discussed and acted upn Review and sign minutes Ensure all members have an pprtunity t cntribute Ensure that all risk management prcesses have been recrded thrughut the Lcal Gvernment. Refer any unreslved issues t Cuncil Administrative supprt Prepares and distributes agenda fr meetings Makes administrative arrangements fr meetings Maintains all cmmittee recrds Ensures risk management infrmatin is accessible t all cmmittee members Assists with the preparatin f quarterly reprts fr the Audit & Risk Cmmittee, highlighting High and Extreme risks. Maintains the Central Risk Register. Maintains the Strategic Risk Management Planning Register Cmmittee Members Attend meetings Prepare and present reprts as requested by the cmmittee Review reprts f risks and cntrl measures Review reprts f risk identificatin, analysis, treatment and clseuts. Mnitr and review risk management cntrls fr effectiveness Develp strategies t imprve risk management prcesses. Identify existing and ptential risks in the Lcal Gvernment and perfrm risk assessments t priritise actins Undertake designated actins in a timely manner Actively prmte risk management thrughut the Twn. 11. Annual Evaluatin f Cmmittee s Effectiveness The Cmmittee will annually undertake a review t evaluate its effectiveness, and determine if: The Cmmittee s bjectives being met r need t be amended Cmmittee s effectiveness is imprving r deterirating Cmmittee members regularly attending meetings The Terms f Reference require review Page 10 f 28

11 RISK MANAGEMENT ORGANISATIONAL STRUCTURE Cuncil [Strategic Risk Management Plan] CHIEF EXECUTIVE OFFICER [Operatinal Risk Management] AUDIT COMMITTEE (RISK MANAGEMENT PLAN) MANAGER HUMAN RESOURCES (HR RISK MANAGEMENT) DIRECTOR DEVELOPMENT SERVICES DIRECTOR CORPORATE SERVICES DIRECTOR TECHNICAL SERVICES 11 P age

12 RISK MANAGEMENT DELEGATIONS AND AUTHORITIES It is essential that risk management is driven frm the tp dwn in an rganisatin; hwever it shuld als be recgnised that withut buy in frm the whle rganisatin it will nt be embedded in the day t day peratins. T cllect this infrmatin a questinnaire can be utilised as utlined belw and a chart cmpiled which can be ratified by the Executive Management Team. DELEGATION OF RISK MANAGEMENT RESPONSIBILITIES PROFORMA Name: Divisin: Psitin: Reprts t: Services / Functins / Facilities that yu are respnsible fr: Emplyees respnsible fr : Avenues available fr cmmunicatin f risk management (e.g. regular meetings, newsletters, reprts etc) Yur Relevant Training in Risk Management: Where risks are dcumented in yur area: 12 P age

13 RISK MANAGEMENT TOOL AS/NZS ISO 31000:2009 RISK MANAGEMENT Ref Standards Australia AS/NZS ISO 31000:2009 C O M ESTABLISH THE CONTEXT M O M U IDENTIFY RISKS N I N T I ANALYSE RISKS O C A ASSESS EVALUATE RISKS RISKS R T E TREAT RISKS Accept Risks Qualitative Analysis Matrix Likelihd Cnsequence Insignificant 1 Minr 2 Mderate 3 Majr 4 Catastrphic 5 Almst Certain A H H E E E Likely B M H H E E Pssible C L M H E E Unlikely Rare D E L L M H E L L M H H Legend E Extreme Risk Immediate actin required H High Risk Senir management attentin needed M Mderate Risk Management respnsibility specified L Lw Risk Operatinally addressed Ref Standards Australia AS/NZS ISO 31000:2009 Page 13 f 28

14 RISK DEFINITION AND CLASSIFICATION [The fllwing infrmatin is based upn AS/NZS ISO 31000:2009 Risk Management & infrmatin prvided by the West Australian Insurance Cmmissin] CONSEQUENCE LEVEL DESCRIPTION FINANCIAL IMPACT HEALTH REPUTATION OPERATION ENVIRONMENT 1 Insignificant Less than $1,000 N injuries Unsubstantiated, lw impact, lw prfile r n news item Little impact Little impact 2 Lw $1,000 t $10,000 First aid treatment Substantiated, lw impact, lw news prfile Incnvenient delays Minr damage r cntaminatin 3 Medium $10,000 t $50,000 Medical treatment Substantiated, public embarrassment, mderate impact, mderate news prfile Significant delays t majr deliverables Envirnmental damage requiring restitutin r internal cleanup 4 High $50,000 t $150,000 Death r extensive injuries Substantiated, public embarrassment, high impact news prfile, third party actins Nn achievement f majr deliverables. Minr Breach f legislatin / significant cntaminatin r damage requiring third party assistance 5 Extreme Mre than $150,000 Multiple deaths r severe permanent disablements Substantiated, public embarrassment, very high multiple impacts, high widespread multiple news prfile, third party actin. Nn achievement f key bjectives. Majr breach f legislatin r extensive cntaminatin and envirnmental damage requiring third party interventin 14 P age

15 LIKELIHOOD LEVEL DESCRIPTION EXAMPLES FREQUENCY A Almst Certain Expected t ccur in mst circumstances Mre than nce per year B Likely Will prbably ccur in mst circumstances At least nce per year C Pssible Shuld ccur at sme time At least nce in three years. D Unlikely Culd ccur at sme time At least nce in ten years E Rare May ccur, nly in exceptinal circumstances Less than nce in fifteen years. LEVEL OF RISK LIKELIHOOD INSIGNIFICANT MINOR MODERATE MAJOR CATASTROPHIC A Almst Certain High High Extreme Extreme Extreme B Likely Mderate High High Extreme Extreme C Pssible Lw Mderate High Extreme Extreme D Unlikely Lw Lw Mderate High Extreme E Rare Lw Lw Mderate High High Nte: The Executive Officers and The Cuncil need t set their Organisatin s level f risk tlerance, and nce set, this becmes the set f criteria that all risks and hazards in the rganisatin are measured against. It is critical t develping a risk management culture that all emplyees are aware f the risk tlerance f the rganisatin and that it is taken int accunt in decisin making at all levels. 15 P age

16 SCOPE OF RISK MANAGEMENT Risk Culture Established Crisis and Disaster Management, Emergency Preparedness Business Cntinuity Recvery Planning Uncertainty based risk Integratin Hazard based risk Opprtunity based risk Gvernance and Management systems Planning prcesses Business activities Prjects and prpsals MDH 2008 Public Safety Occupatinal Safety and Health Envirnment, Finances, Prperty and Assets Events and activities Liabilities 16 P age

17 RISK MANAGEMENT SYSTEMS ORGANISATIONAL PLANNING COMMUNICATIONS MANAGEMENT RESOURCE MANAGEMENT OPERATIONS MANAGEMENT Risk management systems Crprate Gvernance Structure Cuncil Plicy Lcal Laws Cde f Cnduct and Ethics Electin Prcess Delegatin Prcess Cnflict f Interest Cuncil members respnsibility Financial Management systems and Reprting Cmpliance Reprts Organisatinal perfrmance and reviews. Internal/External audit prcess Strategic Planning prcess External envirnment Plitical Envirnment Financial Resurces Infrastructure Capacity Capital requirements, Human Resurce requirements Organisatinal Plans/budgets Key Perfrmance Indicatrs linked t perfrmance management External and internal cmmunicatins and cnsultatin. Planning inputs External cmmunicatins Custmer Service/ Cmplaints Freedm frm Infrmatin Public Ntices/signs Disclaimers Events Management / Public access Internal cmmunicatins Plicy/Plan Style Manual Dcument Cntrl system Recrds Management Public Relatins, Crisis Management Plan, Media Management and Advertising Infrmatin Technlgy Electrnic Recrds Management Security/Cnfidentiality Sftware Licenses Cntingency Plans Five Year Financial Plan Financial Management Budgets linked t all peratinal plans Budget reprting systems Payrll System Legislative requirements Capital replacement Plan Capital wrks Asset Register Investment management Purchase and dispsal f assets Liabilities Management Lng Service Leave, Superannuatin Business Cntinuity Plans Human Resurce Management HRM Plan / HRM System Training and Develpment Training Registers / Skills Audit / Jb Safety Analysis EBA /Awards Cmpliance Sick Leave, LSL, Annual Leave Management / Industrial Relatins management Perfrmance Appraisal system Legal Cmpliance Regulatry/Cuncil Plicy Bylaws / Disclaimers/ FOI /Ad Business Risk/Organisatinal measurement KPI S / Plans Insurance Reviews Cntract Management Cmpliance Audits/ Service Delivery reviews Tender Prcess Prject Management Asset Management/Prgram maintenance/asset Capitalisatin Infrastructure Management/Capacity t perfrm Emergency Preparedness and Respnse / Business Cntinuity 17 P age

18 IMPLEMENTATION PLAN Present Cncept t Cuncil Agree t prceed Identify resurces required t implement plicy Cnduct internal Risk Management Systems Audit as baseline (ptinal) Determine Risk Management plicy structure and Human Resurces Risk Management Plicy and Structure ratified by Cuncil Identify all functins f the Business Cmmunicate Plan Plicy, Structure t all emplyees Plan ratified by Cuncil Develp Strategic Risk Management Plan including Risk tlerance levels Train Senir Management &Risk Crdinatr in AS/NZS ISO 31000:2009 Identify wh is respnsible fr thse functins and their management Include risk management in psitin descriptins and perfrmance appraisal prcesses Train the Secnd tier in the risk management prcess Identify risk in each functin and recrd Analyse risk in each functin and recrd Include Risk Management in all prjects and new business activities Implement risk register, strategic and peratinal then link t budget Develp mnitr and review prcess and recrd review dates Treat risk in each functin and recrd Evaluate risk in each functin and recrd Include Risk Management in all purchasing prcesses Review rganisatinal risk culture annually Include risk management in annual strategic and peratinal Review risk management cmmittee perfrmance Cnduct annual internal and r external third party risk audit annually Ensure Cntinuus Imprvement 18 P age

19 IMPLEMENTATION ACTIONS Timeline Phase 1 6 mnths Phase 2 12 mnths Phase 3 12 mnths Phase 4 nging Actin Meeting with Executive Management Team t present plan, scpe timeframes and ratify strategy Establish Risk Management Cmmittee, as part f the Audit Cmmittee Establish Terms f Reference fr the Cmmittee. Establish risk reprting, recrding and clse ut system Train the Risk Management Cmmittee and develp Risk Management Plicy fr ratificatin by Cuncil Nminate Senir Executive respnsible fr driving the risk Management prgram Cnduct a Risk Management Systems audit t establish a baseline Review OSH audit results Cnduct prperty, facility and infrastructure audits Identify all the functins f the Twn and relevant persnnel fr risk management training Develp a Risk Management Plan fcusing n the results f the initial audit, and schedule f risk assessments fr the functins f the Twn. Launch the Risk Management Prgram and cmmunicate t all Stakehlders Facilitate initial wrkshps with each Directr and key Managers t scpe services and identify majr risks and treatment ptins Train the identified persnnel in Risk Management Include Risk Management respnsibilities in all psitin descriptins/ and perfrmance appraisal system as part f next annual review prcess Develp and implement rientatin prgram fr risk management All persnnel t cnduct a risk management assessment f their service/business unit and implement crrective actins r strategies Including new services r prjects Analyse, evaluate, and implement treatment ptins. Review Risk Management Plan / include in Strategic Planning prcess and financial plan. Cmmunicate the Plan t all stakehlders Mnitr and review prgram Cnduct internal and external audits Review dcumentatin trail and recrds Review the Risk Management Cmmittee perfrmance Review Risk Management Plan/ Implement Cntinuus imprvement Cnduct internal audit schedule and mnitr prgram n an nging basis 19 P age

20 ESTABLISHING EFFECTIVE RISK MANAGEMENT EVALUATE EXISTING PRACTICES AND NEEDS The review shuld deliver a structured appreciatin f: The maturity, characteristics and effectiveness f existing business and risk management culture and systems; The degree f integratin and cnsistency f risk management acrss the rganisatin and acrss different types f risk; The prcesses and systems that shuld be mdified r extended; Cnstraints that might limit the intrductin f systematic risk management; Legislative r cmpliance requirements; and Resurce cnstraints. RISK MANAGEMENT PLANNING Develp risk management plans Ensure the supprt f senir management Develp and cmmunicate the risk management plicy Establish accuntability and authrity Custmise the risk management prcess Ensure adequate resurces Surce: HB 436:2004 Risk Management Guidelines Cmpanin t AS/NZS ISO 31000: The challenge fr managers leadership The challenge fr Directrs and managers is t supprt and encurage prudent risk management by: Playing an active part, and nt simply mandating prductin f reprts; Empwering subrdinates and emplyees t manage risks effectively; Acknwledging, rewarding and publicising gd risk management; Having prcesses that prmte learning frm errrs, rather than punishing; Encuraging discussin and analysis f unexpected results, bth psitive and negative; and Nt ver respnding t prblems by intrducing restrictive r blanket cntrls. Page 20 f 28

21 CULTURE BUILDING T implement risk management, a systematic apprach is best. STRATEGY Gain Cuncil and Executive Management Team supprt Cmplete audit t ascertain perceptin f current prfile f Risk Management Cmplete an Organisatin Structure Chart Cmplete Delegatin f Respnsibility Frms Develp a strategy fr Implementatin cmmencing with Key stakehlders within each management unit, and fllwed by General emplyees Examples f Whle f Organisatin Training 1. Training in AS/NZS ISO 31000:2009 fr Cuncillrs 2. Training fr Executive Management Grup in AS/NZS ISO 31000:2009 (e.g. 2 hurs) 3. Divisinal Managers and Supervisrs training AS/NZS ISO 31000:2009 (e.g. 2 hurs) 4. Training in OSH, IM and AS/NZS ISO 31000:2009 fr Admin and Inside Emplyees (e.g. 2 hurs) 5. Training in OSH, IM and AS/NZS ISO 31000:2009 fr Outside Emplyees (e.g. 2 hurs) 6. Training in Events Risk Management fr Cmmunity members (e.g hurs) Determine key persnnel t manage the sftware based r manual risk registers Implement hazard reprting system acrss all divisins, functins and services Include RM training in Inductins fr nging culture management Page 21 f 28

22 THE RISK MANAGEMENT PROCESS Cmmunicate and cnsult with relevant Risk Management Stakehlders Establish the cntext Establish the external and internal cntext Establish the risk management cntext Develp risk criteria Define the structure fr the rest f the prcess Identify risks What can happen, where and when? Why and hw it can happen? Tls and techniques Analyse risks Evaluate existing cntrls Cnsequences and likelihd Types f analysis Qualitative analysis Semi quantitative analysis Quantitative analysis Sensitivity analysis Evaluate risks using Organisatinal Risk Tlerance Guidelines Treat risks Identifying ptins fr the treatment f risks with psitive utcmes Identifying ptins fr treating risks with negative utcmes Assessing risk treatment ptins Preparing and implementing treatment plans Recrd the risk management prcess, mnitr and review regularly Page 22 f 28

23 IDENTIFYING RISKS Identify where, when, why and hw events r issues culd: Prevent, dwn grade, delay, r enhance the achievement f the rganisatinal r divisinal bjectives. Or Cause harm t emplyees, cntractrs, vlunteers r public Or Cause financial lss r damage t prperty r assets Or Cause envirnmental damage Or Breach legislative cmpliance requirements T identify hazards initially use a brainstrming exercise and list the m in the table belw. D nt discuss treatments at this stage, but acknwledge if treatments are in place. Hazard Ptential Outcme Cntrl in place? Effective Y/N /PART Page 23 f 28

24 EVALUATING RISKS Use likelihd and cnsequence tables frm pages 16 and 17 t determine the apprpriate level f likelihd and cnsequences fr each risk, which will determine the verall risk level. Qualitative Analysis Matrix Likelihd Cnsequence Insignificant 1 Minr 2 Mderate 3 Majr 4 Catastrphic 5 Almst Certain A H H E E E Likely B M H H E E Pssible C L M H E E Unlikely Rare D E L L M H E L L M H H Legend E Extreme Risk Immediate actin required H High Risk Senir management attentin needed M Mderate Risk Management respnsibility specified L Lw Risk Operatinally addressed Ref Standards Australia AS/NZS ISO 31000:2009A Page 24 f 28

25 TREATING RISKS RISK TREATMENT ACTION PLAN DEPARTMENT DATE Functin / Activity RISKS IDENTIFIED POTENTIAL TREATMENTS PREFERRED OPTION RISK RATING AFTER TREATMENT COST / RESOURCES REQUIRED RESPONSIBLE OFFICER DUE DATE 25 P age

26 RISK REGISTERS OPERATIONAL RISK REGISTER The peratinal risk register is where hazards are listed and the utcmes f the risk analysis recrded. It is the respnsibility f thse listed as accuntable fr functins, services r facilities t ensure the risks are clsed ut and the audit trail recrded. Sftware ptins are the best way t d this but fr this t happen sund systems and prcess need t be in place t keep them updated and all emplyees trained in these systems. Where electrnic systems are nt available t a grup f emplyees r an rganisatin their must be a manual prcess that has a designated manager and representatives in each Divisin t ensure it is kept up t date. The fllwing infrmatin shuld be recrded: ID Number: Date reprted: Wh reprted by : Risk rating befre treatment: Treatment recmmended: Risk Rating after treatment: Actins required: Persns respnsible fr actins: Cst f actins (if knwn) Due date f actins: Date actins cmpleted: Further actins r recmmendatins if nt clsed ut: (this infrmatin must be transferred t a Strategic Risk Register). STRATEGIC RISK REGISTER This register is the ne that links t the rganisatinal planning cycle and budget prcesses. It may nt be pssible t clse ut all risks in a given financial year, but if reviewed and prcessed thrugh the AS/NZS ISO 31000:2009 Risk Number and risk identified frm rganisatinal risk register Risk Assessment and classificatin Lcatin Interim Actin Taken Ttal cst t date Lng term actin required Prjected csts Included in strategic plan? Budget year Review Date Reasns fr nt including it in budget (if unable t fund) Date Actined Evaluatin & Clse Out Dates 26 P age

27 RISK MANAGEMENT IN APPROVAL SERVICES Public Liability and Prfessinal Indemnity issues are fremst in mst peple s minds as a key risk area when in the psitin f plicy and prcess develpment and in carrying ut apprvals as part f daily duties. In defending such claims there are ften many grey areas and ften due t the time elapsing frm apprval t a claim, infrmatin is nt readily available t enable the legal teams t rigrusly defend them. This means that a practive apprach must be taken in all aspects f apprvals, frm legislative interpretatin thrugh t interactin with applicants. Review f Lcal Laws may be relevant as part f crprate Gvernance risk management. THE DECISION MAKING PROCESS If yur psitin in the Twn entails facilitating in, and/r issuing frmal apprvals, there are three areas that shuld be cnsidered befre delivering decisins and/r prviding advice t the client/custmer: 1. What must I d t meet legislative cmpliance, the requirements f Cuncil and persnal prfessinal accuntability? 2. What can I d t assist the client / custmer / ratepayer t meet their respnsibilities r accuntabilities withut ging utside my legislative r prfessinal bundaries? 3. What wn t I d due t skills, knwledge, legal r bundary issues? Dcumentatin is f utmst imprtance with all apprvals; there shuld be clear apprval criterin cmpiled frm the abve 3 pints, and ntes f any verbal discussins that may take place with the applicants r parties representing them must be recrded. The bvius message fr Twn emplyees invlved in the apprval services is t understand their rle, be aware f its limitatins and hw their decisins apply t lcal laws and legislatin. It is paramunt t ensure that there is a clear and cncise written prcess fr all apprval rles, and these dcumented prcesses are available as public recrd fr all custmers r clients. Page 27 f 28

28 RISK MANAGEMENT KEY PERFORMANCE MEASURES Key Perfrmance Indicatrs 1 (KPIs) These indicatrs are a quantitative measure f the level f perfrmance f a business functin r activity. It will be a requirement t measure the KPIs f the Risk Management bjectives f the Twn, t ensure accuntability and cntinuus imprvement f each business unit. Belw are sme examples f bjectives fr which KPIs that may be develped and linked t the strategic bjectives f the Organisatin: 1. The achievement f Organisatinal and individual Gals and Objectives 2. All management and emplyees are infrmed abut Risk Management and hw it affects their rle. 3. Managers and emplyees are cmpetent in the use f relevant risk management systems and prcesses 4. All departmental areas are cmplying with the requirements f the risk management plicy 5. The number f wrking days lst due t emplyees absenteeism stemming frm injury r wrk related illnesses are reduced belw r by X% 6. The number f incidents resulting in injuries t emplyees are reduced belw r by Y% 7. The number f incidents resulting in injuries r financial lss t vlunteers, cntractrs and general public are reduced belw r by Z% 8. There is limited lss r damage t prperty and ther assets. 9. Prjects are nt apprved until a risk assessment is cmpleted and signed ff by Senir Management, and there is a prcess t review prjects fr schedule and cst ver runs 10. Limited interruptin t business cntinuity 11. Psitive public perceptin f Cuncil 12. Equal Opprtunity principles are applied in the wrkfrce and the cmmunity Examples f Individual KPIs Risk Management is included in the strategic meeting agendas and minutes The number f emplyees in each Manager s team that have had RM training The number f hazards and near misses reprted Risk assessments f prjects, services and functins perfrmed 1 Key Perfrmance Indicatrs are Measures f perfrmance that are central t the success f an rganisatin, department, prgram, prject r individual. They are measures and cme in fur types: $ value ; # (Number f); ; % Pints (e.g. 10% 12% is a 2% pints change) r a % value Page 28 f 28