Risk Management. Policy

Similar documents
RISK MANAGEMENT POLICY

Risk Management Policy and Framework

Risk Management: Coordinated activities to direct and control an organisation with regard to risk.

Discipline: Technical Services Category: Procedure. Risk Management RM Applicability. ARTC Network Wide. Interstate Network.

Business Resilience and Risk Management

ENTERPRISE RISK MANAGEMENT FRAMEWORK

The anglo american Safety way. Safety Management System Standards

Compliance Management Framework. Managing Compliance at the University

The Lowitja Institute Risk Management Plan

Council Meeting Agenda 27/07/15

3 August 2012 Policy updated to reflect name changes and alignment with current Aurora Energy Group Policy standards.

Hazard Identification, Risk Assessment and Control Management

Risk Management Framework

Title: OHS Risk Management Procedure

University of New England Compliance Management Framework and Procedures

Bedford Group of Drainage Boards

Compliance Policy AGL Energy Limited

Health and Safety Management Standards

Managing Risk in Procurement Guideline

Business Continuity Management Framework

Version: 3.0. Effective From: 19/06/2014

River Stour (Kent) Internal Drainage Board Risk Management Strategy and Policy

WHS Risk Assessment and Control Form

Policy (Board Approved)

Title: Rio Tinto management system

The Risk Management strategy sets out the framework that the Council has established.

ERM Program. Enterprise Risk Management Guideline

SAFETY and HEALTH MANAGEMENT STANDARDS

Waveney Lower Yare & Lothingland Internal Drainage Board Risk Management Strategy and Policy

POL ENTERPRISE RISK MANAGEMENT SC51. Executive Services Department BUSINESS UNIT: Executive Support Services SERVICE UNIT:

Core Infrastructure Risk Management Plan

HORIZON OIL LIMITED (ABN: )

Business Continuity Management

Business continuity management policy

Health, Safety and Environment Management System

Risk Management Policy

Risk Management Framework

RISK MANAGEMENT STRATEGY

Risk management framework

ENTERPRISE RISK MANAGEMENT POLICY

Risk Management Policy Adopted by:

Risk Assessment Tool and Guidance (Including guidance on application)

APPENDIX 50. Enterprise risk management - Risk management overview

In accordance with risk management best practices, below describes the standard process for enterprise risk management (ERM), including:

ENTERPRISE RISK MANAGEMENT NARACOORTE LUCINDALE COUNCIL GUIDELINES

RISK MANAGEMENT STRATEGY

Human Services Quality Framework. User Guide

RISK MANAGEMENT STRATEGY

Enterprise Risk Management Framework Strengthening our commitment to risk management

NHS ISLE OF WIGHT CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY POLICY

Risk Management in the HSE; An Information Handbook

POLICY. Number: Title: Enterprise Risk Management. Authorization

Risk Management Policy

BUSINESS CONTINUITY POLICY

Queensland Government Human Services Quality Framework. Quality Pathway Kit for Service Providers

Analyzing Risks in Healthcare. February 12, 2014

WEST YORKSHIRE FIRE & RESCUE SERVICE. Business Continuity Management Strategy

6. Risk management plans for high risk activities and special events

APPLICATION OF THE KING III REPORT ON CORPORATE GOVERNANCE PRINCIPLES

RISK MANAGEMENT FOR INFRASTRUCTURE

How To Manage Risk In Ancient Health Trust

Revised Risk Management Policy and Framework. Report by Head of Finance

Global Health & Safety Policy and Management Standards

Logan City Council. Strategic Planning and Performance Management Framework

Solihull Clinical Commissioning Group

15 Guiding Principles

Guide to the National Safety and Quality Health Service Standards for health service organisation boards

Risk Management Policy

Policy (Board Approved)

Bridgend County Borough Council. Corporate Risk Management Policy

Global framework. Safety, health and security for work-related international travel and assignments

Avondale College Limited Enterprise Risk Management Framework

DIT HEALTH AND SAFETY OFFICE

Qualification details

JOB DESCRIPTION CONTRACTUAL POSITION

A GOOD PRACTICE GUIDE FOR EMPLOYERS

Birmingham CrossCity Clinical Commissioning Group. Business Continuity Management Policy

13 ENVIRONMENTAL AND SOCIAL MANAGEMENT SYSTEM

HEALTH SAFETY & ENVIRONMENT MANAGEMENT SYSTEM

Dodo Power & Gas Complaint Management Policy

Policy. VBA Enterprise Risk Management. Governance Unit

South West Lincolnshire NHS Clinical Commissioning Group Business Continuity Policy

RISK MANAGEMENT REPORTING GUIDELINES AND MANUAL 2013/14. For North Simcoe Muskoka LHIN Health Service Providers

SOUTHERN RURAL WATER POLICY RISK MANAGEMENT POLICY

ING Group Compliance Risk Management Charter and Framework

CORP RISK MANAGEMENT POLICY & METHODOLOGY

APPLICATION OF KING III CORPORATE GOVERNANCE PRINCIPLES 2014

RISK MANAGEMENT POLICY. Version 3

Risk Management Policy and Process Guide

MARCH Strategic Risk Policy Update March 2012 v1.10.doc

TRANSPORT FOR LONDON SAFETY, HEALTH AND ENVIRONMENT ASSURANCE COMMITTEE

Information Security Guideline for NSW Government Part 1 Information Security Risk Management

Transcription:

Policy Risk Management Endorsed: 26 February 2014 Brief description The GPC Risk Management Policy and its supporting standards and procedures provide a framework to ensure that risks arising from our business are appropriately identified, assessed and managed. Disclaimer: Printed copies of this document are regarded as uncontrolled Page 1 of 12

This document is a POLICY. A POLICY is a concise statement that clearly sets out GPC s commitment to GPC Board directives, legislative requirements, Government directives and good business practice. A POLICY translates the vision and values reflected in GPC s Corporation Charter, into ethical and responsible expectations as required by all employees and contractors conducting business activities for the Corporation. A POLICY is approved by the Board. The document hierarchy provides a visual representation of Gladstone Ports Corporation s approved Governance Document Hierarchy Framework. Policy Tier 1 Documents in this tier will explain WHY we are going to do what we say we are going to do. Standard Tier 2 Documents in this tier will explain WHAT we are going to do. Specification Procedure Tier 3 Documents in this tier will explain HOW we are going to do what we say we are going to do. Work Instruction Form Template Tier 4 Documents in this tier are the tools WITH which we ensure we do the things we say we are going to do. This document contains confidential material relating to the business and financial interests of Gladstone Ports Corporation Limited. Gladstone Ports Corporation is to be contacted in accordance with Part 3, Division 3 Section 37 of the Right to Information Act 2009 should any Government Agency receive a Right to Information application for this document. Contents of this document may either be in full or part exempt from disclosure pursuant to the Right to Information Act 2009. 2013 Gladstone Ports Corporation Limited ABN 96 263 788 242 Disclaimer: Printed copies of this document are regarded as uncontrolled Page 2 of 12

Table of Contents 1. Policy purpose... 4 2. Policy statement... 4 2.1 Gladstone Ports Corporation Charter... 4 2.2 Risk and Resilience Management... 5 3. Policy scope... 6 4. Policy monitoring and review... 6 5. More information... 6 6. Document history... 7 6.1 Document information... 7 6.2 Document accountability... 7 6.3 Document version control... 7 7. Appendices... 8 Appendix 1 Related Documents... 8 Appendix 2 GPC Risk Breakdown Structure... 9 Appendix 3 - GPC Risk Matrix... 10 Disclaimer: Printed copies of this document are regarded as uncontrolled Page 3 of 12

1. Policy purpose The purpose of this Risk Management Policy is to: recognise and address threats to achievement of our objectives; enhance internal business resilience; and develop and maintain capacity to efficiently respond to, and recover from, an emergency, major business disruption and/or crisis event. 2. Policy statement 2.1 Gladstone Ports Corporation Charter This policy supports the achievement of GPC s Corporation Charter through focused risk management practices. Our Corporation Charter clearly articulates the vision, mission and values of the organisation. Vision: To be the most respected Ports Corporation in the Nation. Mission: To responsibly manage, develop, and operate port facilities and services for the sustainable economic growth and social prosperity of our region, Queensland and Australia. Values SUSTAINABILITY: We preserve the inherent worth of Port assets for future generations. We protect the health and safety of our people, the environment and our community. We engage with and contribute to the communities in which we operate. EXCELLENCE: We continually strive for excellence in all that we do and constructively challenge for a better way. We are open to learning and appreciate that shared knowledge and innovation are essential to our growth. CUSTOMERS: We serve our customers and the Port community with pride and passion. We respond with urgency, anticipate their needs, and exceed their expectations. RESPECT: We build relationships based on equality, dignity, honesty and trust. In all our dealings we strive to be friendly and courteous, as well as fair and compassionate. EMPOWERMENT: We support and empower people to give their best and reach their potential. We fully apply our skills and capacity, are accountable in our actions, and perform to the best of our ability. TEAMWORK: We are one company, one team. We work together to achieve our objectives. Disclaimer: Printed copies of this document are regarded as uncontrolled Page 4 of 12

2.2 Risk and Resilience Management Principle 7 of the Queensland Government s Corporate Governance Guidelines for Government Owned Corporations (2009) is to Recognise and Manage Risk. GPC s risk management approach reflects recommendations drawn from these Guidelines while conforming to the international risk management Standard (ISO 31000). Our risk management approach is tailored to GPC s business context. The identification and management of risk is an integral component of GPC s governance structure and informs program and activity prioritisation and organisational / operational decision making. Through engagement of relevant internal stakeholders GPC will: establish and maintain an integrated and systematic approach to the identification, assessment and management of corporate, business, major project and activity risks; adopt proactive approaches to enhancing internal business resilience through planning, design, procurement and management of change; and develop and maintain internal capability to efficiently respond to, and recover from, an emergency, major business disruption and/or crisis. GPC s Risk Breakdown Structure (Appendix 2) details a hierarchy of risks which are to be continually identified reviewed and managed using the GPC Risk Matrix (Appendix 3) i.e. Corporate risks related to achievement of our strategic objectives; Departmental and Major Project risks recognising and managing threats to achievement of business and operational objectives; and; Hazard and activity risk identification, assessment, authorisation and management which are integral to conduct of our activities and tasks. Emergency Response Procedures and capabilities are to be developed and maintained for each GPC Department and for each Major Project commissioned by GPC. These Procedures are to be tailored to reflect their most foreseeable emergency events. Business Continuity Plans are to be developed and maintained for business functions that are critical to GPC s core business roles, namely: Management of Port infrastructure at the Port of Gladstone, Port of Rockhampton and Port of Bundaberg; Providing shipping services and shipping support facilities in accordance with a port authority s charter; Management of cargo handling operations for coal and other bulk products; and Development, management and leasing of strategic and non-strategic Port land. Business Continuity Plans are to reflect the most foreseeable major business disruptions for each critical business function. Implementation of this Policy will be evidenced by the: establishment and management of a hierarchy of Corporate, Departmental and Major Project risk registers; risks informing and reflecting strategic and operational planning, and enhancing decision making; Disclaimer: Printed copies of this document are regarded as uncontrolled Page 5 of 12

establishment and maintenance of emergency response and business continuity plans and capabilities; ongoing development of change management procedures which enhance business resilience; and establishment and maintenance of GPC s crisis management procedure. 3. Policy scope This Policy applies to all GPC employees. Risk management requirements for external entities engaged by GPC will be defined in contractual arrangements or rest with contractors to appropriately identify, assess, notify and manage risks related to GPC sites and site based activities. 4. Policy monitoring and review Conformance to this policy will be monitored through external and internal audit processes. Formal review, consultation and authorisation processes are to be led by the Safety, Environment and Risk General Manager on a two year cycle (or earlier as required) to ensure the Policy remains current and fit for purpose. 5. More information This Policy will be available to all employees, contractors and consultants. This document is uncontrolled when printed. The current version of this Policy is located on Gladstone Ports Corporation s Intranet. If you require any further information, please contact the Facilitator, listed under Document Accountability, section 6.2. Disclaimer: Printed copies of this document are regarded as uncontrolled Page 6 of 12

6. Document history 6.1 Document information Current version 1.0 First released 01.07.13 Last updated 12.03.14 Effective by 30 August 2013 Review frequency Within two (2) years Review before 9 July 2015 Audience Board, CEO and Executive, all employees, and contractors. 6.2 Document accountability Term Definition Position Owner Custodian Facilitator Accountable for approval and authorised discretion to implement or significantly change the system Accountable for monitoring the application of the system and advising the owner of the monitoring outcomes Accountable for proposing system design or redesign and facilitation of conformance GPC Board Chief Executive Officer (Level of Work V) Safety, Environment & Risk General Manager (Level of Work IV) 6.3 Document version control Version Date Author Change description 1.0 9.07.13 John Sherriff New document in alignment with GPC Governance Document Hierarchy Framework. Disclaimer: Printed copies of this document are regarded as uncontrolled Page 7 of 12

7. Appendices Appendix 1 Related Documents Legislation and regulation Key relevant legislation and regulation, as amended from time to time, includes but is not limited to: Type What Federal Acts Corporations Act (Cth) 2001 State Acts Government Owned Corporations Act (1993) Other AS/NZS ISO 31000:2009 Risk management Principles and guidelines AS/NZS 5050:2010 Business continuity - Managing disruption-related risk Guiding principles The following guiding principles relate to this Policy: Type GOC Principles GPC Principles What Government Owned Corporation Guidelines Foundations of management and oversight Recognise and manage risk Gladstone Ports Corporation Values Sustainability Excellence Customer Respect Empowerment Teamwork Gladstone Ports Corporation documents The following documents relate to this Policy: Type Policy Standard Specification/Procedure What Workplace Health & Safety Environment Security Risk Management Business Resilience Crisis Management Emergency Response Business Continuity Disclaimer: Printed copies of this document are regarded as uncontrolled Page 8 of 12

Appendix 2 GPC Risk Breakdown Structure RISK LEVEL RISK FOCUS RISK OWNERS REVIEW & REPORTING OUTPUT Corporate Risks Threats to achievement of: - Corporate Plan objectives - Statement of Corporate Intent commitments Escalated risks: - Business risks Owner: GPC Board - Bi-annual risk review Custodian: CEO Facilitator: General Managers - Quarterly status reports to Board via Executive Leadership Team - Corporate Risk Register Business Risks Threats to achievement of each GPC Department s: - Business & operational expectations - Regulatory obligations - Regulatory conformance Identification of foreseeable events: Owners: General Managers - Annual risk review Custodians: Managers, Supervisors, Specialists - Quarterly reports to Executive Leadership Team via GM - Risk Register per GPC Department - Emergency events - Business disruption (critical business functions) Escalated risks: - Hazards and activity risks - Job risk assessments (JRAs) Facilitators: Managers, Supervisors, Specialists Major Project Risks - Major project performance - Regulatory conformance Hazard & Activity Risks Risks that threaten the safety, security and well being of workers, the environment and/or GPC assets. Owners: CEO / General Managers Custodians: Project Managers Operational Managers & Supervisors Subject matter experts - Quarterly status reports to Executive Leadership Team - Annual review of safety & environment hazard registers - Major Project Risk Register - Site Safety Hazard Registers - Aspect & Impact Environment Registers - JRAs Policy: Risk Management Version: 1.0 Disclaimer: Printed copies of this document are regarded as uncontrolled Page 9 of 12

Appendix 3 - GPC Risk Matrix Consequence Minor (1) Moderate (2) Significant (3) Major (4) Critical (5) WH&S (Injury or illness) First aid treatment, low level short term physical effects. No medical treatment. Short term reversible disability; or impairment & /or medical treatment injury. Reversible disability or impairment; &/or medical treatment injuries requiring hospital admission. Moderate irreversible disability; or impairment requiring specialist treatment &/or intensive care. Single or multiple fatality; or severe or total irreversible disability & severe impairment. Environment Localised & controlled incident with nil or rapidly reversible harm / nuisance. Localised & controlled with short term reversible harm / nuisance requiring no additional resources. Significant, localised incident requiring additional resources to remediate harm / nuisance on site; or off site short term reversible harm. Large uncontrolled event requiring additional resources. Residual onsite harm; or medium term remediation / recovery offsite. Large offsite event triggering significant response by external agencies; or major onsite residual environmental harm requiring permanent dedicated resources. Security Regulatory Compliance Financial Impact GPC Reputation Repeated breaches of GPC site - no identified intent for disruption or damage. Regulatory non-conformance warning; or penalty <$10,000 Intentional breach of site some intent to cause damage but no interruption to operations. Court action resulting in fine $10,000 to $75,000. Intentional breach of restricted access area - intent to disrupt operations. Court action resulting in fine $75,000 to $250,000. Intentional breach of restricted access area - intent to cause major damage / business disruption; or poses threat to workers, customers or public. Court action resulting in fine >$250,000. Extensive damage to critical infrastructure & personnel by terrorist attack or issue motivated groups. Court action resulting in jail sentence; or order to cease major component of GPC operations. Losses of <$100,000 Losses of $100,000 to $500,000 Losses of $500,000 - $2 million Losses of $2 million to $3 million Losses of greater than $3 million Repeated complaints from single complainant Multiple complaints on issue / activity; &/or issue reported in local media. Multiple complaints or interest group concerns reported in state media. Influence of interest groups result in major delay to operations or approvals; or feature in national/ international media. Influences of interest groups curtail critical business operations or major development proposals. Cargo Handling / Service Delivery Unplanned event causes loss of one loading or unloading stream for < 4 hours. Unplanned event causes loss of the equivalent of one loading or unloading stream for 4-24 hours. Unplanned event causes loss of the equivalent of one loading or unloading stream for 24 hrs to 1 week. Unplanned event causes loss of the equivalent of one loading or unloading stream for 1 to 3 weeks. Unplanned event causes loss of the equivalent of one loading or unloading stream for > 3 weeks. Marine Operations Project Delivery (< $10m) Marine operation disruption 6 to 12 hours. Project cost overrun < 2%; or < 3% delay. Impact value < $100k. Marine operation disruption 12 to 24 hours. Project cost overrun 2-5%; or 3-8% completion delay. Impact value $100k to $500k. Marine operation disruption 24 to 48 hours. Project cost overrun 5 10%; or 8 17% completion delay. Impact value $500k to $2 million. Marine operation disruption 48 to 72 hours Project cost overrun 10 15%; 17 50% completion delay. Impact value $2m to $3 million. Marine operation disruption > 72 hours. Project cost overrun > 15%; or >50% completion delay. Impact value >$3 million. Policy: Risk Management Version: 1.0 Disclaimer: Printed copies of this document are regarded as uncontrolled Page 10 of 12

LIKELIHOOD 6.2. LIKELIHOOD TABLE Appendix 3: GPC Risk Matrix (cont) 3.2 LIKELIHOOD TABLE Likelihood rating (to level of assessed consequence) Almost Certain (5) Likely (4) Possible (3) Unlikely (2) Rare (1) Based on analysis of history, trends and intelligence.. The risk is expected to occur in most circumstances The risk will probably occur in most circumstances (Most likely to occur in 1 to 2 years) The risk might occur at some time (Most likely to occur in the next 2 to 5 years) The risk could occur at some time (Most likely to occur once in the next 25 years) The risk may only occur in exceptional circumstances (Not likely to occur within the next 25 years) 3.3 RISK MAPPING MATRIX 3.3. RISK MAPPING MATRIX CONSEQUENCE Minor (1) Moderate (2) Significant (3) Major (4) Critical (5) Almost Certain (5) Medium (6) Medium (7) High (8) High (9) Extreme (10) Likely (4) Low (5) Medium (6) Medium (7) High (8) High (9) Possible (3) Low (4) Low (5) Medium (6) Medium (7) High (8) Unlikely (2) Very Low (3) Low (4) Low (5) Medium (6) Medium (7) Rare (1) Very Low (2) Very Low (3) Low (4) Low (5) Medium (6) Policy: Risk Management Version: 1.0 Disclaimer: Printed copies of this document are regarded as uncontrolled Page 11 of 12

Appendix 3: GPC Risk Matrix (cont) 3.4 RISK TOLERANCE - AUTHORISATION & ESCALATION TABLE RISK AUTHORISATION / ESCALATION VERY LOW (2-3) LOW (4-5) MEDIUM (6-7) HIGH (8-9) EXTREME (10) Strategic Risks (Corporate Risk Register) Business / Operational Risks (Departmental Risk Registers) Hazard / Activity Risks - Can be undertaken at any time. - No escalation. - May continue with Manager / Supervisor approval - No escalation. - GM approval required to proceed. - Quarterly changed status report to Board. - GM approval or GM approved procedure required to proceed. - Consider escalation for Executive awareness. - GM approval or GM approved procedure required to proceed. - Consider escalation for operational assessment. - Board approval required to proceed. - Quarterly status report to Board. - CEO Approval to proceed. - Escalate for Executive & Board awareness - inclusion in Corporate Risk Register. - Quarterly status report to Executive. - Escalate for operational assessment / inclusion in Departmental Risk Register. - GM approval to proceed. - Board approval required to proceed. - Monthly status report to Board. Policy: Risk Management Version: 1.0 Disclaimer: Printed copies of this document are regarded as uncontrolled Page 12 of 12

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information