Removal of Gender Restrictions on Australian Defence Force Combat Role Employment Categories

Transcription

1 Removal of Gender Restrictions on Australian Defence Force Combat Role Employment Categories Risk Management Plan

2 INTENTIONALLY BLANK

3 1. Introduction The purpose of this Risk Management Plan (RMP) is to describe how risks will be managed within the Implementation Plan. The Removal of Gender Restrictions on Australian Defence Force (ADF) Combat Role Employment RMP describes the framework for identifying, assessing, treating, monitoring and reporting the risks inherent in the Service level activities that could prevent achievement in implementing this policy change. 2. Project Context 2.2 Risk Management Policy Each Service work breakdown structure (WBS) within the implementation plan will undertake a regular program of risk management activities, based on the requirements and processes set out in the AS/NZS 4360:2004 Risk Management and in their individual Service Risk Management governance arrangements. 2.3 Risk Management Responsibility The Service Chiefs are the Risk Managers for their respective Service risks and Head People Capability is the Risk Manager for the Defence risks. (see annex D). The Service Chiefs will allocate responsibility for managing their risks to senior personnel within their respective Service who will become Risk Owners. The Project/Business Change Managers nominated within each Service (outlined in Figure 1 of the Implementation Plan) will be responsible for undertaking and completing risk management activities as required under each Service WBS and by the Risk Manager and Risk Owners. 2.4 Communication Communication of risk management activities will be integrated with other Service WBS activities, and reported biannually within the reporting framework outlined in Figure 3 of the implementation plan. page 3 of 9

4 3. Risk Management Process 3.1 Overview Figure 1 shows the generic risk management process described in AS/NZS 4360:2004 risk management steps. Figure 1. Generic Risk Process Table 1 provides an overview of each step in the risk management process being used for the implementation of this policy change. While it is important to follow the steps in the process to ensure that risks are identified and managed in a structured manner, it is also important to realise that the process is not the whole picture. Effective risk management also requires a systematic approach and implementation from start to finish. The Service Project / Business Change Managers will ensure that all personnel support risk management and consider risks as an integral part of not just planning, but also decision making. page 4 of 9

5 Table 1. Risk Process Descriptions 3.1 Risk Identification Initial Service risks identification will be undertaken by the Service Project / Business Change Managers in consultation with their Service stakeholders, other Service stakeholders and organisational stakeholders (outlined in Figure 2 and table 3 of the implementation plan). Risk identification will be an ongoing activity for the Services and incorporated into various activities within their work breakdown structures. 3.2 Risk Log All identified risks will be documented in the Risk Log at annex A. Service Risk Logs will be held and managed by the Service Project / Business Change Managers. Updated Risk Logs will form part of the biannual reporting to the Defence People Committee (DPC) and the Defence Committee (DC). page 5 of 9

6 3.3 Risk Analysis Analysis criteria provide the basis for categorising the likelihood, or probability, and consequence, or impacts, of identified risks and then to combine these measures to gain an overall Risk Level for each risk. Table 2 below provides standard definitions for assigning likelihood ratings, which have been used by the Services within their respective Risk Logs. These are outlined in the Risk Definition and Matrix sheet at annex C. Table 2. Likelihood Ratings Rating Almost Certain Likely Possible Unlikely Rare Description Is expected to occur in most circumstances. Will probably occur in most circumstances. Might occur at some time. Not expect to occur. May occur only in exceptional circumstances. For the Removal of Gender Restrictions on ADF Combat Employment Categories Implementation Plan, the Services are required to assess their consequences against three sets of Critical Success Factors (CSFs), these are: a. Reputation; b. Stakeholder Acceptance and Engagement; and c. Dependencies and Interrelationships. Table 3 below provides the definitions to these CSFs. The CSF consequence ratings determined by the Services are reflected in the Risk Log at annex A and B. Note that the highest rating consequence is what determines the risk level for that risk. page 6 of 9

7 Table 3. Critical Success Factors - Consequence Ratings Reputation Rating Severe Major Moderate Minor Insignificant Rating Severe Major Moderate Minor Insignificant Description Would cause serious enhancement/damage to Defence reputation. Ministerial, Sec/CDF and media attention almost certain. Would cause significant enhancement/damage to Defence reputation. Service Chiefs and/or Group Head attention likely. Would have a moderate affect on Defence reputation. Deputy Chiefs and equivalent attention likely May have a minor affect on Defence reputation. DGPERs and equivalent attention likely. Effect on Defence reputation insignificant. Can be addressed by the Project / Business Change Manager. Stakeholder Acceptance and Engagement Description Required at the Sec/CDF level or the Defence Committee. Required at the Service Chief level or the Defence Committee. Required at the DGPERSs and equivalent level or the Personnel Steering Group. Required at the DGPERSs and equivalent level or the Personnel Steering Group. Required at the Project / Business Change Manager level. Dependencies and Interrelationship Rating Severe Major Moderate Minor Insignificant Description Has direct impact, dependency or interrelationship with other Service implementation plans. May have direct impact, dependency or interrelationship with other Service implementation plans. May have moderate impact, dependency or interrelationship with other Service implementation plans. May have minor impact, dependency or interrelationship with other Service implementation plans. Has no dependencies or interrelationship with other Service implementation plans. Table 4 provides the Risk Matrix used by the Services for qualitative analysis in the form of a five-by-five matrix. This gives five measures of likelihood, ranging from Rare to Almost Certain and five measures of consequence from Insignificant to Critical. The Likelihood and Consequence ratings are combined to produce a risk level or rating for each risk. These ratings are used to gain an indication of the importance of each risk relative to the other risks. The Risk Matrix is outlined within the Risk Definition and Matrix sheet at annex C. page 7 of 9

8 Table 4. Risk Rating Matrix Likelihood Consequence Insignificant Minor Moderate Major Severe Almost Certain M M H H E Likely M M M H E Possible L M M H H Unlikely L L M M H Rare L L L L M 3.4 Risk Evaluation Risk evaluation is about making decisions on future actions based on the understanding gained from risk analysis. Evaluating criteria provide the basis for determining whether risks are acceptable or need to be treated. Risks will be prioritised according to their risk rating, with multiple risks at one level considered as equal. There will be two prioritised risk lists, the initial risk rating list and the residual risk rating list (see annex A and B). Table 5 outlines the risk rating to be used to determine what risk management actions are to be undertaken for identified risks. These are also outlined in the Risk Definition and Matrix sheet at annex C. Table 5. Risk Management Actions Risk Rating Extreme High Medium Low Risk Rating Definition An unacceptable risk that required immediate action ie, the activity must not proceed with the threatened activity until countermeasures have been instigated. Significant risk that requires notification to senior management before proceeding. Moderate risk. Low risk. 3.5 Risk Treatment The outcome of the risk evaluation will be a prioritised list of risks that require treatment. Risk treatment options, within the Risk Log at annex A and B, fall into the following categories: a. Accept the risk. In cases where it is decided to not determine, or set limited, mitigation strategies, the risk will be accepted. b. Reduce the risk. Mitigation strategies can be employed to reduce the likelihood of the risk occurring and therefore its consequence also. Each Service has selected the relevant treatment option for each risk. Inclusive of this treatment stage is the Mitigation Strategy which is outlined within the Mitigation page 8 of 9

9 Strategy column. Services have included introduced new risks as a result of the mitigation strategy that are also required to be managed. Once the mitigation strategy has been determined, Services will conduct further analysis to determine and measure the residual risk. 3.6 Monitor, Review and Reporting The purpose of risk monitoring and review is to ensure that: a. the details of risks, including the assessment of their likelihood and consequences, are current; b. risks that are no longer applicable are retired. Resources should not be wasted on managing risks that are no longer assessed as risks; c. any new risks are identified and subsequently managed, as early as possible; d. risk treatments have been implemented and are effective; and e. the risk management processes are effective. Risk Owners, through the Service Project / Business Change Managers, are responsible for the on-going monitoring of the risks that have been identified. Service Project / Business Change Managers are responsible for conducting a formal review of risks at the end of each phase of the implementation plan. Risks are to be reported within the biannual reporting process outlined in Figure 3 of the Implementation Plan, whether they have been reviewed or not. page 9 of 9