Specialists in Strategic, Enterprise and Project Risk Management

Similar documents
Specialists in Strategic, Enterprise and Project Risk Management. PROJECT RISK MANAGEMENT METHODS Dr Stephen Grey, Associate Director

Specialists in Strategic, Enterprise and Project Risk Management. Enterprise Risk Management. the effect of uncertainty on objectives.

PROJECT MANAGEMENT PLAN CHECKLIST

Effective consultation The ACMA s guide to making a submission NOVEMBER 2015

The Advanced Certificate in Performance Audit for International and Public Affairs Management. Workshop Overview

Section 2 - Key Account Management - Core Skills - Critical Success Factors in the Transition to KAM

Risky Business: an Introduction to Procurement Risk Management

Project Risk Management

AER reference: 52454; D14/54321 ACCC_09/14_865

RISK APPETITE STATEMENT

EXECUTIVE CENTRAL. Leader Sales Management

NSPCC JOB DESCRIPTION. Database Training and Support Manager. (Grade 5 - Senior Business Support Officer)

Good2Give. Building a more giving society. Making it easy for businesses and donors to give to charities they care about.

EMBEDDING BCM IN THE ORGANIZATION S CULTURE

A social marketing approach to behaviour change

Copeland Borough Council. Communications Strategy 2006/7

The Purpose of PR 2016

TOOL D14 Monitoring and evaluation: a framework

august09 tpp Internal Audit and Risk Management Policy for the NSW Public Sector OFFICE OF FINANCIAL MANAGEMENT Policy & Guidelines Paper

This is a free 9 page sample. Access the full version online. AS/NZS ISO 31000:2009 Risk management Principles and guidelines

BUSINESS CONTINUITY MANAGEMENT

Pocket Guide to Clinical Risk Management

IMPLEMENTING BUSINESS CONTINUITY MANAGEMENT IN A DISTRIBUTED ORGANISATION: A CASE STUDY

RISK MANAGEMENT OVERVIEW - APM Project Pathway (Draft) RISK MANAGEMENT JUST A PART OF PROJECT MANAGEMENT

Total Asset Management Capability Tool

THE ETHICS OF TRANSLATING AND INTERPRETING

Version Adoption by Council: 2013 Resolution Number: 2013/177 Current Version: V1.0 Administered by: Governance Coordinator

Procurement driving better value for money. Evaluation Panels. A guide for evaluation-panel Chairs

Business Continuity Management

National Disability Insurance Scheme Carer Capacity Building Project

Collaborative development of evaluation capacity and tools for natural resource management

RISK MANAGEMENT GUIDANCE FOR GOVERNMENT DEPARTMENTS AND OFFICES

Safety Management Systems (SMS) guidance for organisations

TEACHING AND LEARNING STRATEGY

User research for information architecture projects

Quality Assurance Checklist

Corporate Risk Management Policy

Sector Development Ageing, Disability and Home Care Department of Family and Community Services (02)

Queensland recordkeeping metadata standard and guideline

Market Research. Market Research: Part II: How To Get Started With Market Research For Your Organization. What is Market Research?

A quality assurance and benchmarking framework in an academic library

the discipline has real value to offer managers

DO CHILDREN AND PRISON GO TOGETHER? Cheryl Clay Adelaide Women s Prison and Ann Burfitt Department for Correctional Services, SA

Project Risk Management Single Subject Certificate Syllabus Levels 1&2 4 th Edition

Institute of Chartered Accountants Ghana (ICAG) Paper 2.2 Management Accounting

Quality Assurance. Policy P7

Spatial Information Data Quality Guidelines

How to achieve excellent enterprise risk management Why risk assessments fail

THE NATIONAL STANDARDS FOR VOLUNTEER INVOLVEMENT

THE NATIONAL STANDARDS FOR VOLUNTEER INVOLVEMENT

Helping consumers to manage their money

How to audit your business strategy

Insurance management policy and guidelines. for general government sector, September 2007

Coaching the team at Work

Digital Industries Apprenticeship: Assessment Plan. Cyber Security Technologist. April 2016

Internal Quality Assurance Arrangements

Key Steps to a Management Skills Audit

ScottishPower Competency Based Recruitment Competency Guidelines External Candidate. pp ScottishPower [Pick the date]

STRATEGIC PLAN FRAMEWORK. A guide for arts organisations

Strategic Plan to Working Together for Australian Sport

Central bank corporate governance, financial management, and transparency

Housing Association Regulatory Assessment

DEVELOPING A PERFORMANCE MONITORING FRAMEWORK FOR COMMUNITY LEGAL CENTRES

Communications Strategy

Risk management systems of responsible entities

RISK MANAGEMENT FOR INFRASTRUCTURE

Extra help where it is needed: a new Energy Company Obligation

Updating the New Zealand Emissions Trading Scheme: Consultation Document

FINDINGS AND RECOMMENDATIONS OF THE SURVEY OF ENGINEERING ENTERPRISE LEADERS GROUP ENERGY EFFICIENCY AND GREENHOUSE GAS REDUCTIONS

Improving business performance: Taking the pain out of document management

Management Competencies Assessment

An Introduction to Risk Management. For Event Holders in Western Australia. May 2014

Evaluating teaching. 6.1 What is teacher evaluation and why is it important?

THE ROLE OF MARKET RESEARCH IN THE MODERN SHOPPING CENTRE

Project Risk Management Guideline. Version 3.3

Conducting Formative Research

Reporting Service Performance Information

SFJCCAD2 Promote business continuity management

Measuring the Impact of Volunteering

CONTENTS 1. INTRODUCTION 1 2. EQUALITY 1. - Part-time posts 1 - Equality proofing JESP scores 1 3. CABINET OFFICE ROLE 1 4. TRADE UNION ROLE 2

Risk Management and Dependability Standards

Safety Regulation Group SAFETY MANAGEMENT SYSTEMS GUIDANCE TO ORGANISATIONS. April

The Contract Scorecard

Evaluation of the first year of the Inner North West London Integrated Care Pilot. Summary May In partnership with

the role of the head of internal audit in public service organisations 2010

Extending the Risk Process to Manage Opportunities

Unit 5/LD 205(K): Principles of positive risk taking for individuals with disabilities

Achieve. Performance objectives

Implementing an Effective Change Management Strategy. Neryl East

EARLY MID CAREER FELLOWSHIPS ( ) APPLICATION GUIDELINES

Our Mission in Action

Westpac Kids and Money Report FINDINGS

Relationship Manager (Banking) Assessment Plan

Section Five Learning Module D:

Digital Continuity Plan

Barriers to the implementation of Integrated Marketing Communications: The client perspective.

Australian National Audit Office. Report on Results of a Performance Audit of Contract Management Arrangements within the ANAO

HUNTER WATER CORPORATION. Greenprint For Sust ainable Urb an Wat er Managem ent

TRAINING CATALOGUE ON IMPACT INSURANCE. Building practitioner skills in providing valuable and viable insurance products

Stakeholder Analysis toolkit

Transcription:

BROADLEAF CAPITAL INTERNATIONAL PTY LTD ABN 24 054 021 117 23 Bettowynd Road Tel: +61 2 9488 8477 Pymble Mobile: +61 419 433 184 NSW 2073 Fax: + 61 2 9488 9685 Australia www.broadleaf.com.au Cooper@Broadleaf.com.au Specialists in Strategic, Enterprise and Project Risk Management TUTORIAL NOTES: THE AUSTRALIAN AND NEW ZEALAND STANDARD ON RISK MANAGEMENT, AS/NZS 4360:2004 1 Introduction Dr Dale F Cooper, a Director of Broadleaf, is a founding member of the joint Standards Australia and Standards New Zealand Technical Committee OB-007 that developed the Australian and New Zealand Standard on risk management, AS/NZS 4360:2004 [7], and the associated Handbook [8], and Grant Purdy, an Associate Director of Broadleaf, is currently Chair of the Committee. Dennis Goodwin is also a member of the committee. The Standard was developed in response to a perceived need for practical assistance in applying risk management in public sector and private sector organisations. It has since become one of the most popular Standards in publication, and a range of supporting handbooks has been prepared. At least part of the focus on the importance of risk management and the drive for a Standard was stimulated by the release of the NSW Government Risk Management Guidelines in 1993 [6] and their designation as NSW Government policy for all capital works expenditure above $5 million. Dr Cooper made substantial contributions to the NSW Guidelines, whose structure is very similar to that of the Standard. The approach of the Standard has since been adopted by the Australian Government [2, 3, 4], a range of large public companies [1, for example] and the UK National Health Service. A more detailed description of the approach and its practical implementation is provided in our recent book [5]. 2 Approach The risk management process set out in the Standard is illustrated in the diagram. Communicate and consult Establish the context Identify Analyse Evaluate Treat Objectives Stakeholders What can happen? Review controls Likelihoods Evaluate risks Rank risks Criteria Define key elements How can it happen? Consequences Level of risk Identify options Select the best responses Develop risk treatment plans Implement Monitor and review Broadleaf Capital International Pty Ltd, 2007 Page 1 of 6

The key features of each stage are described below. 3 Context Risk identification is often seen as the heart of risk management, but as the diagram shows, it is not the first step in the process. To be able to recognise a risk it is necessary to know what is at risk. The first step in the standard process is to define the context of the risk assessment, which falls into two parts, one descriptive and the other creative. 3.1 Descriptive To ensure that all significant risks are captured, it is necessary to know the objectives of the enterprise within which risks are to be managed. This is the descriptive part of the context analysis. Where the enterprise is part of a larger organisation, it is common sense as well as good practice to understand the relationship between its objectives and those of the larger organisation. Checking the alignment between objectives at various levels in the organisation ensures that no important assumptions or unspoken objectives are ignored. In addition to checking with the level above, an enterprise s objectives must be reconciled with those of any stakeholders who have a say in its operations. Stakeholder analysis can play an important part in demonstrating the integrity of the process, but it has a vital functional role too. If objectives are defined without reference to the concerns of individuals or groups with influence over the enterprise s operations, it is likely that issues will be left out which will disrupt the risk management process when they do eventually come to light. These may be stakeholders objectives which could have been accommodated, or inevitable conflicts which could have been managed if they were addressed early enough. Objectives lie at the heart of the context definition, and they are linked into the risk management process via criteria for measuring success. Success criteria are the basis for measuring the achievement of objectives, and so are used to measure the impact of anything which might jeopardise those objectives, the consequences of risks. To be effective, success criteria must: Be concise, providing the smallest number of measures which allows all significant impacts to be assessed; Cover all aspects of success, so that no significant impacts will go unmeasured; Define how measurements are to be made, whether in qualitative or quantitative terms; Separate the impact of a risk from the likelihood of its occurrence. Success criteria are generally associated with a clear preference for the direction in which they are to be driven. All else being equal, costs and response times are to be minimised, service levels and revenue are to be maximised. In contrast with this, a KPI need not necessarily be driven up or down to assure success. It might simply represent useful information. To summarise, the descriptive part of context analysis produces: A concise set of objectives for the enterprise; A note of the stakeholders whose concerns must be taken into account to ensure success; A summary of the stakeholders objectives; A small set of success criteria by which the achievement of the enterprise s objectives and so the significance of risks can be measured, giving separate consideration to the likelihood or frequency of an outcome and its impact. Broadleaf Capital International Pty Ltd, 2007 Page 2 of 6

3.2 Creative The second part of the context analysis is creative rather than descriptive. Risk identification will generally be unproductive if an attempt is made to consider an enterprise as a whole. It is much more cost-effective to break it into components for risk identification. The components are described as key elements in the Standard. Key elements are a set of topics to be considered one by one during risk identification. Each topic is somewhat narrower than the concept of the enterprise as a whole, allowing those performing the identification to focus their thoughts and go into more depth than they would if they tried to deal with the whole enterprise in one go. A well designed set of key elements will stimulate creative thought, and ensure that all important issues are put before those responsible for identifying risks. The construction of an effective set of key elements can be a demanding task. The set must be complete, in that it covers all significant issues. However, as the number of key elements tends to drive the duration of the risk identification activity, it must also be contained to an appropriate scale. Finally, it must balance sufficient specific language to stimulate the identification of risks against enough generality to avoid prejudging the identification process. 4 Identification Risk identification itself is typically addressed in two ways, one prescriptive and the other creative. Both have a role to play, but they must be carefully managed to ensure that the process is costeffective. Efforts to simplify the identification of risks and minimise the demands on those who perform this function, often lead to the use of checklists of standard risks which are known to arise in a particular context. Checklists are quick to use, but tend to precondition the expectations of those involved, and block the identification of risks which go beyond the experience encapsulated in the list. The temptation to use checklists can be strong, but if they are to have a role it is best that they be reserved for reviewing the identification process, and ensuring that no known issues have been left out. The preferred approach to identifying risks is brainstorming in a group workshop This is a little more demanding on the participants than the use of checklists but significantly more effective. Brainstorming allows the identification process to draw on the creative capacity of the participants, reducing the danger that insufficient attention will be given to new and emerging issues, as can happen with checklist techniques. A structured workshop is the most effective format for a brainstorming process. If this is impractical, alternatives such as structured interviews by skilled consultants, or questionnaires and written surveys can be used. The cost-effectiveness of these alternatives is likely to be lower than the preferred approach though. Whatever form of brainstorming is adopted, it is imperative that any checklists, or other predetermined views of which might arise, be excluded from consideration until after the brainstorming, or at least that attention should not be drawn to them in advance. Experience and knowledge will always form a valuable part of the risk identification process. The way the process is managed must ensure that this historical information does not block out a creative assessment of the future, where matters which have never been seen before might arise, and the balance between familiar risks might shift dramatically. Broadleaf Capital International Pty Ltd, 2007 Page 3 of 6

5 Risk Analysis The analysis stage assigns each risk a significance rating taking into account any existing factors which will operate to control the risk. For simple risk statements, where the risk can be expressed as an uncertain event, this can be accomplished with qualitative impact and likelihood scales and a matrix defining the significance of various combinations of these. Where risks are complex in themselves, possibly involving several related events and influences, some form of modelling may be necessary. Some uncertainties do not lend themselves to being described as events. For instance, a particular type of behaviour in relation to a public service leading to unplanned costs might be expressed as an event for a single user; the user will or will not engage in a certain practice. However, where there is a large number of similar users and it is impracticable to address each one separately in the risk assessment, the risk might be best described by an estimate of the total level of such behaviour, not an uncertain event but an uncertain quantity. Uncertain quantities are generally described by their minimum and maximum values, and the most likely value within that range. The significance of a risk associated with a well defined event will be a combination of its likelihood and impact, as mentioned above. The significance of an uncertain quantity will be a function of its three characteristic values, the minimum, maximum and most likely values. No matter how risks are described in detail, the outcome of this stage is an initial view of the significance of the identified risks. It is recognised that, particularly with simple scoring schemes, risks can be honestly assigned too high or too low a significance on the first pass. The next stage is designed to review this assignment and adjust it where necessary. 6 Risk Evaluation Where there are only a few risks at work, the evaluation stage might be relatively light weight. However, in complex situations and where there are many risks to consider, it is a crucial step towards achieving an agreed view of the relative importance of the identified risks. Evaluation takes the initial analysis and reviews it against the organisation s known priorities and requirements. Any risks which have been accorded too high or too low a significance are adjusted, with a record of the fact being retained for tracing purposes. It is common to find a large number of minor risks being identified, and during evaluation these can be removed from the process, after due consideration. This screening avoids the process being bogged down by the sheer volume of information it can generate. 7 Risk Treatment Risk treatment consists of determining what will be done in response to the identified risks. Any plans which were in place before the risk management process began, are augmented with measures to deal with risks before they arise and contingency plans with which to recover if a risk comes to pass. In addition to these supplementary plans, treatment might also include alteration of the base plans of an organisation. Occasionally the best way to treat a risk might be to adopt an alternative strategy all together, to avoid a risk or make the organisation less vulnerable to its consequences. Broadleaf Capital International Pty Ltd, 2007 Page 4 of 6

8 Monitoring and Review There are two levels to the underlying monitoring and review component of the process. The outputs of the other five stages must be kept under review as time moves on. Changes in the environment or simply the discovery of better information might make the original assessment out of date. It is not generally necessary to begin the whole process over again when this happens, unless the change is particularly profound, but those parts which are directly affected by changing circumstances must be brought up to date. The second component of this part of the process, is the monitoring of the operation of the other five stages. The execution of the risk management process absorbs resources and must be managed to ensure that it is conducted cost-effectively. 9 Communication and Consultation Consultation and communication is both a key component of the risk management process and a major beneficial side effect. Successful risk management relies on achieving a high level of creative input and involving all parties with a role to play in achieving a successful outcome for the project or business process being addressed. In both the planning and execution of the risk management process, it is important to ensure that all those who need to be involved are given adequate opportunity to do so and are kept informed of developments in the understanding of risks and the measures taken to deal with them. The operation of the risk management process offers many opportunities for cost-effective communication between people working on a project or business. The context statement is a concise summary of the most important features of the task; its objectives and scope, who is involved, how success will be assessed and how it can be broken into parts for analysis. Participation in a risk workshop offers opportunities for focussed communication and naturally directs attention towards the highest priority issues. A risk register based on the workshop output and subsequent treatment planning provides a concise summary of the major uncertainties being addressed and once again ensures a focus on high priority issues. 10 References 1. BHP (1996) Risk Management Guidelines for BHP. The Broken Hill Proprietary Company Ltd, Melbourne. 2. Commonwealth of Australia (1996) Guidelines for Managing Risk in the Australian Public Service. MAB/MIAC Report 22, AGPS, Canberra. 3. Commonwealth of Australia (1996) Managing Risk in Procurement a Handbook. AGPS, Canberra. ISBN 0 644 36295 2. 4. Cooper, DF (1997) Applying Risk Management Techniques to Complex Procurement. Purchasing Australia, AGPS, Canberra. ISBN 0 642 26803 7. 5. Cooper, DF, SJ Grey, GA Raymond and PR Walker, Project Risk Management Guidelines: Managing Risk in Large Projects and Complex Procurements, John Wiley & Sons, Chichester, 2004. ISBN 0 470 02281 7. 6. New South Wales Government (1993) Risk Management Guidelines. NSW Public Works Department, Sydney, November. ISBN 0 7310 2704 3. 7. Standards Australia and Standards New Zealand (2004) AS/NZS 4360:2004, Risk Management, Sydney, NSW. ISBN 0 7337 5904 1. 8. Standards Australia and Standards New Zealand (2004) HB 436:2004, Risk Management Guidelines: Companion to AS/NZS 4360:2004, Sydney, NSW. ISBN 0 7337 5960 2. Broadleaf Capital International Pty Ltd, 2007 Page 5 of 6

Contact: Dr Dale F Cooper Cooper@Broadleaf.com.au Dennis Goodwin Goodwin@Broadleaf.com.au Dr Stephen Grey Grey@Broadleaf.com.au Geoffrey Raymond Raymond@Broadleaf.com.au Grant Purdy Purdy@Broadleaf.com.au Phil Walker Walker@Broadleaf.com.au Mike Wood Wood@Broadleaf.co.nz Pauline Bosnich Bosnich@Broadleaf.com.au Broadleaf Capital International Pty Ltd, 2007 Page 6 of 6

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information