RISK MANAGEMENT PROCEDURE Section 1 – Annexure 3 Date of Issue: January 2013 Date of Review: January 2015
Risk Management Procedure Strategic risks will generally relate, but not be limited to the general function and objectives of the organisation including:
Overall client service delivery
Management of other stakeholder expectations (including organisational relationships)
Organisational and business development opportunities
Asset and resource management.
Operational risks will generally relate, but not be limited to the day to day operations of the organisation including:
Staff and individual service management
Staff recruitment, training and education
Community engagement
Maintenance of assets and equipment
Managing of resources
Financial and budget management
Information management and technology
Corporate governance and Legal Compliance
Contracting and purchasing
Responsibilities
The BINSA COM, Executive Officer (EO) and staff are to be competent in the application of BINSA’s Risk Management Policy, and are accountable for the delivery of the policy within their areas of responsibility.
Specifically the responsibility for the management of risk is as follows:
The COM is responsible for the organisational co-ordination of the Risk Management Policy and system, whilst Staff at all levels are responsible for the application of the risk management system
The EO is responsible to ensure that risk management is integrated into all policies, procedures, training and other relevant documents
The EO and COM are required to promote a culture where managing risk is an accepted responsibility of each employee
All staff are required to be aware of the risks associated with their position and work environment and follow BINSA policy and procedure in relation to risk management.
G:\Policies & procedures\BINSA POLICY AND PROCEDURES MANUAL 2013\Section 1 - Governance\Section 1- Annexure 3 Risk Management Jan 2013 Procedure.doc
Page 1 of 5
As part of the organisation’s risk management structure BINSA has adopted the following as policy to support comprehensive and relevant contextual risk management by:
Allowing only four permissible options when managing risk through: 1.
Avoiding the risk entirely by eliminating the risk producing activity
2.
Implementing steps to reduce the risk to an acceptable level that is consistent with BINSA’s risk management standards (i.e. appropriate treatment plan that mitigates the impact of the risk should it occur, or lowering the likelihood of it occurring)
3.
Transferring some of the risk to a third party (e.g. financing the risk through insurance, or by outsourcing)
4.
Make a conscious and documented decision to formally accept the risk by an appropriate delegated authority based on the size and type of risk.
Formally identifying, assessing, analysing, prioritising and considering treatments for all significant risk issues potentially impacting on the organisation
Building risk management practices into the organisation’s strategic planning process.
Complying with all relevant legislation and statutory requirements
Managing risk with practical responses that achieve a balance between cost and anticipated benefits
Developing and maintaining an organisational wide risk management system relevant to all areas of operation and remaining current with the changing needs and activities of the organisation
Developing and maintaining organisational procedure in relation to BINSA’s policy on risk management and accepted risk management standards
Ensuring that members of the COM have an appropriate understanding of relevant risk management issues for the organisation and are in a position to confidently make informed strategic and business decisions based on risk assessment
Ensuring that the EO and COM are competent and have appropriate knowledge in the area of risk management both at strategic and operational levels
Ensuring that staff are familiar with, and competent in the application of BINSA’s Risk Management Policy and Procedure, and are accountable for the policy within their areas of responsibility
Ensuring that all project work is managed in line with BINSA’s Risk Management process
Promoting a culture and awareness of risk management with staff, and across the organisation
Reviewing BINSA’s Risk Management system on a periodic basis to ensure ongoing relevance and capabilities.
Risk management process – Committee of Management level The COM will fulfil its strategic oversight of risk management by:
Proactively identifying and addressing risks that arise from its role (eg succession planning, conflict of interest, strategic planning) and from COM meetings
Supporting the EO to implement organisation-wide risk management
Ensuring the risk management framework and strategies are consistent with recognised business, ethical and professional standards.
G:\Policies & procedures\BINSA POLICY AND PROCEDURES MANUAL 2013\Section 1 - Governance\Section 1- Annexure 3 Risk Management Jan 2013 Procedure.doc
Page 2 of 5
A Risk Register will be developed and maintained by the EO The EO will report on progress and control measures to the COM on an annual basis. The COM will:
Report on the organisation’s risk management performance in its Annual Report
Make provision for identified risk controls in the preparation of the annual budget
Include risk management as part of its strategic and business planning processes.
Risk management system – Operational level The EO will lead and promote a culture of risk awareness and continual improvement across the organisation. In addition the EO will:
Ensure the integration of risk management into all aspects of BINSA operations and services
Design and implement a risk management system consisting of: 1. A risk register containing a. Identification b. Likely impact c. Likely occurrence d. Adequacy of existing measures and any additional risk reduction measures e. Responsibility and action taken 2. An annual report of progress and control measures to the COM 3. Processes for staff to identify and report risks 4. Demonstrated commitment to staff training and education regarding risk management and organisational expectations
Ensure that major business initiatives will only proceed after a risk assessment is undertaken
Newly identified risks will be reported to the COM as identified.
Staff responsibilities
Maintain an awareness of the risks that relate to their area of responsibility
Actively support and contribute to risk management initiatives
Advise the EO of risk issues they believe require attention
Report possible and potential risks identified through the established organisational reporting systems
Embrace a culture of risk awareness and continual improvement.
G:\Policies & procedures\BINSA POLICY AND PROCEDURES MANUAL 2013\Section 1 - Governance\Section 1- Annexure 3 Risk Management Jan 2013 Procedure.doc
Page 3 of 5
Areas for Risk Management at BINSA Fraud Risk / Transaction Card/Credit Card/Petrol Card Usage Refer to the Governance Policy: Delegation of Authority – Procurement Section / Authorisation to incur expenditure. Social Media All defamatory postings will be removed by BINSA’s Web Coordinator at the direction of the EO. Defamatory postings include, but are not limited to, those that are: racist, sexist, threatening, insulting, unlawful and threatening to another’s privacy. Other (See Risk Register)
Financial risk management including ongoing and new sources of funding to support operations, fraud/manipulation of accounts, taxation, insurance
Legal Risk Management including release of confidential information, EO’s liability, contracts
Environmental including waste management
Occupational Health and Safety including unsafe work practices, occupationally induced stress
Information technology including loss and corruption of data, software/hardware failure
Human Resources including staff shortages, industrial relations issues, discrimination and harassment
Political including change of government and policy, budget allocation, community pressure
Risk to be considered because of the particular client group.
The aim of analysing the risk is to separate the minor acceptable risks from the major risks and to provide strategies to minimise the risk from occurring and to ensure that the initiative is successful. Assessment and Management The Risk Management Planning session(s) will determine:
What can happen
What is the real effect
Determination of likelihood / consequence
Prioritisation of risks
Identification and evaluation of risk mitigation strategy options
Re-prioritisation of risks
Establishment of Risk Management Plans
Preparation of the Risk Management summary documents using the Risk Assessment Format.
Complaints Management BINSA recognises that complaints management is integral to risk management. All issues and complaints will be dealt with as per the Grievance and Complaints Policy (staff and clients), (refer to Section 2 - Client Policies No 6).
G:\Policies & procedures\BINSA POLICY AND PROCEDURES MANUAL 2013\Section 1 - Governance\Section 1- Annexure 3 Risk Management Jan 2013 Procedure.doc
Page 4 of 5
Any issues that are deemed to have a likelihood of risk will be dealt with using the Risk Assessment Format. Monitoring Risk Management will form part of the regular agenda for COM meetings and staff meetings to review risk management plan summaries and monitor progress. Definitions The following definitions, unless otherwise specified are taken from AS/NZS 4360:1999. Risk: “the chance of something happening that will have an impact upon objectives”. It is measured in terms of consequences and likelihood. Risk Acceptance: “an informed decision to accept the consequences and the likelihood of a particular risk” The Management Committee may from time to time determine and review financial and other levels of acceptable risk. Risk Analysis: “a systematic use of available information to determine how often specified events may occur and the magnitude of their consequences”. Risk Avoidance: “an informed decision not to become involved in a risk decision”. Risk Reduction: “a selective application of appropriate techniques and management principles to reduce either likelihood of an occurrence or its consequences, or both”. Risk Transference: “shifting the responsibility or burden for loss to another party through legislation, contract, insurance or other means”. Risk Treatment: “selection and implementation of appropriate options for dealing with risk”. Residual Risk: “the remaining level of risk after risk treatment measures has been taken”. Risk Control: “that part of risk management which involves the implementation of policies, standards, procedures and physical changes to eliminate or minimise adverse risks”. Risk Management Process: “the systematic application of management policies, procedures and practices to the tasks of establishing the context, identifying, analysing, evaluating, treating, monitoring and communicating risk”. Risk Evaluation: “the process used to determine risk management priorities by comparing the level of risk against predetermined standards, target risk levels of other criteria”. See Annexure 3a for BINSA RISK ASSESSMENT FORMAT and BINSA RISK REGISTER 2013-2015.
G:\Policies & procedures\BINSA POLICY AND PROCEDURES MANUAL 2013\Section 1 - Governance\Section 1- Annexure 3 Risk Management Jan 2013 Procedure.doc
Page 5 of 5