Risk Assessment & Management Plan

Risk Management Principles:

Risk Management should:
1 create value resources expended to mitigate risk should be less than the consequence of inaction - the gain should exceed the pain
2 be an integral part of organizational processes
3 be part of decision making
4 explicitly address uncertainty and assumptions
5 be systematic and structured
6 be based on the best available information
7 be tailorable
8 take human factors into account
9 be transparent and inclusive
10 be dynamic, iterative and responsive to change
11 be capable of continual improvement and enhancement
12 be continually or periodically re-assessed
Risk Management Process:
1 Identification
2 Assessment
3 Management / Action Plan
4 Ongoing Reviews
5 Reporting
Navigation of this tool
1 To Identify Risks Click Here
2 To Assess Risks Click Here
3 To Manage/Action Risks Click Here
4 To Review Risks Click Here
5 To Report on Risks Click Here
6 To View/Update Validation Rules Click Here
create value resources expended to mitigate risk should be less than the consequence of inaction - the gain should exceed the pain
Risk Assessment & Management Plan
# Hazard / Risk
1 Risk 1
2 Risk 2
3 Risk 3
4 Risk 4
5 Risk 5
6 Risk 6
7 Risk 7
8 Risk 8
9 Risk 9
10 Risk 10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
IDENTIFY
Cause or Source Business Process
IDENTIFY
Category Link to Document Document Type
IDENTIFY
Existing Controls Likelihood Consequence
Cost of Consequence
(if known)
Risk Priority
Almost Certain Major V High
Likely Moderate High
Possible Moderate Medium
Possible Moderate Medium
Possible Minor Medium
Possible Minor Medium
Unlikely Minor Low
Unlikely Minor Low
Rare Negligible Low
Rare Negligible Low
IDENTIFY ASSESSMENT
Assessment of Existing Controls Action
ASSESSMENT ACTION PLAN
Action Type Responsibility By When Residual Risk Rating
ACTION PLAN
Key Risk Indicators Reporting/Monitoring Last Reviewed
ONGOING REVIEWS Monitoring
Review Frequency (# Months) Next Review Due Responsibility
ONGOING REVIEWS
Top Risks by Category/Industry
Click on appropriate category to get a list of the common risks
Board level risks
Insurance Industry top 10 risks
Manufacturing Industry risks
Small Business risks
Procurement process risks, consequences & related actions
Insurance Industry
Climate change
Demographic shifts in core markets
Catastrophic events
Emerging markets
Regulatory intervention
Channel distribution
Integration of technology with operations and strategy
Securities markets
Legal risk
Geopolitical or macroeconomic shocks
Manufacturing Industry
Are substances used in particular tasks suitable for the tasks?
Is there a register of hazardous substances, and an inventory of chemicals purchased or produced and material safety data sheet
(MSDS) for each substance?
Are hazardous substance containers adequately labelled?
Are hazardous substances stored according to respective MSDS?
Is plant and equipment suitable for the required tasks?
Are all moving parts of plant and equipment guarded to prevent contact with people and property to minimise the risk of injuries
and damage, such as crushing, stabbing, cutting, puncturing, shearing, and tearing?
Are there systems in place to prevent injury from fragmentation of or flying particles from plant and equipment?
Are there systems in place to prevent injury from falling plant and equipment?
Are there systems in place to prevent injury from performing a task with plant and equipment in a confined space?
Are there systems in place to prevent injury from inadvertent movement of plant and equipment?
Are there systems in place to prevent injury from stored energy' in plant and equipment, for example compressed air or
hydraulic pressure after turning off plant?
Are there systems in place to prevent injury resulting from failure of plant and equipment due to the loss of contents, loss of
load, unintended ejection of product, explosion, fragmentation or collapse of parts?
Does plant and equipment have adequate power isolation, noise insulation, ventilation and fume extraction?
Is the noise level of plant, equipment and the surrounding environment within the legislated noise level set down for your
particular workplace?
For people using vibrating hand-held equipment or operating vibrating controls (chain saws, sewing machines, grinders,
pneumatic drills, and so on) are exposure levels within values recommended by Australian Standard AS2763 ?
For drivers of vehicles and tractors, and helicopter and airplane pilots, are the vibration exposure levels within values
recommended by Australian Standard AS2670 ?
For operators of vibrating platforms on manufacturing/construction sites, are exposure levels within values as per Australian
Standard AS2670 ?
Are occupational exposures to Ionising radiation, such as X-rays, and gamma-rays equipment, within limits set by WorkSafe
Australia Network Health and Medical Research Council (National Standard Recommendations for limiting exposure to ionising
radiation) ?
Is plant and equipment that generates UV radiation, such as photocopiers, lasers, UV cured inks in the printing industry, and
welding emissions enclosed?
Are radio frequency exposure levels from TV/FM radios transmitters, radio, microwaves, plastic moulders, induction heaters and
so on kept as low as practically possible?
Are outdoor workers provided with personal protective equipment and work systems as per WorkSafe Australia - guidance note
on the protection of workers from UV radiation in sunlight ?
Are tasks performed at temperatures between 16C and 24C for sedentary work, 4C and 24C for light work and 7C and
24C for moderately heavy work?
Are tasks performed for more than 2 hours done so at humidity levels between 40% to 60%?
Is electrical wiring installed according to Australian Standard AS 3900 ?
Are electrical fixtures provided with adequate earthing or other residual current devices?
Are any signs of damage to either cable isolation or other electrical fixtures rectified?
Are there identified colour coded cable labelled isolators to all switchboards?
Are employees prevented from performing tasks in metal enclosures or damp places using electrical tools?
Is there a regular inspection of portable cords and extension leads?
Are Danger' tags used by electricians when working on plant?
Does electrical equipment comply with Australian Standard AS3100 - General Requirements For Electrical Equipment ?
Is adequate lighting provided according to Australian Standard AS1680 lighting levels for different types of work ?
Is employees' eyesight assessed every two years to determine their ability to continue performing their tasks?
Are hazardous conditions that are likely to arise during the use of plant and equipment as a result of friction, fire, explosion,
moisture, vapour, gases, dust and ice controlled?
Are access and egress arrangements for doorways, passageways, stairs, gangways and so on clear of obstructions, well lit, free
of slip hazards and secure?
Has lifting, carrying, pushing, and pulling been eliminated from all tasks?
Has frequent bending, twisting and stretching been eliminated from all tasks?
Has lifting of awkward loads been eliminated from all tasks?
Has repetitive work using awkward or constrained postures been eliminated from all tasks?
Have slip, trip and fall hazards been eliminated?
Are all walkways free of obstructions?
Are floors undamaged?
Are ladders checked regularly for any damage?
Are stairways well lit and properly maintained?
Are work stations and benches adjusted to suit the physical dimensions of workers?
Are safety devices and emergency back-up arrangements of plant equipment and systems suitable for the tasks being
performed?
Are plant, equipment, building areas and fixtures maintained and repaired?
Are environmental conditions and terrain suitable for the plant and substances that are used?
Are hazardous elements, such as electricity, water and incompatible chemicals, segregated?
Are systems in place to address conflict between staff?
Are systems in place to address poor job satisfaction?
Are systems in place to address low job security?
Have poor work conditions, such as noise, dust, lack of ventilation and so on been eliminated?
Are visitors to the workplace provided with relevant safety information and are they supervised?
Are the current work systems appropriate, for example, whether more or fewer people should be involved and whether work
procedures need to be revised?
Do workers hold the required competency requirements, such as licensing, certification and apprenticeships?
Is training and supervision provided to meet the needs of each individual worker?
Board Legal Responsibilities (and therefore potential risks)
Fiduciary Duty (common law) act in good faith for the benefit of, or in the interests of, the organisation
Duty to Act in Good Faith (sect 181 of Corporations Act) A director must exercise their power in good
faith in the best interests of the corporation & for a proper purpose
Do Not Misuse Information or Position of Director - The law prohibits Board members from using their
position to gain an advantage for themselves or another, or to cause detriment to the entity they are
governing
Do Not Abuse an Opportunity if you become aware of an opportunity as a result of your position on a
board then you should not take up tht opportunity for personal benefit at the expense of the organisation
Duty to Act with Care & Diligence - Board members must exercise their powers and discharge their
duties with the care and diligence of a "reasonable person" in their position. Board members with a high
level of expertise will attract a higher standard of care than other members.
Avoid Conflict of Interest
Avoid Insolvent Trading
Avoid Fraud
Avoid Negligence
Tax tax legislation including any obligations required for charitable income tax exempt status and/or
deductible gift recipient status (if applicable).
Conditions of funding contractual obligations that exist to any funding bodies.
Occupational health and safety must provide a safe workplace for employees, subcontractors,
volunteers and a range of others. For example training on fire evacuation procedures, electrical safety, first
aid, no smoking in workplace, etc.
Industry-specific for example child care and safety in schools.
Organisation Constitutional compliance for example rights of members, appointments to the board &
their tenure, etc.
Privacy important to understand what data is considered to be private as this is subject to tight regulatory
controls as to its use, accesibility, accuracy & storage
Information Security
Environmental Sustainability such as EPA compliance
HR for example pay rates, superannuation contribution amounts & frequency, Sick Leave, Overtime,
Hiring & Firing procedures
Trade Practices Act for example misleading & deceptive conduct, Third Line Forcing, etc
Anti-Discrimination
Contracts Law
Defamation
Fund Raising
Small Business
Financial includes cash flow, budgetary requirements, tax obligations, creditor and debtor management,
remuneration and other general account management concerns.
Equipment extends to equipment used to conduct the business and includes everyday use, maintenance,
depreciation, theft, safety and upgrades.
Organisational relates to the internal requirements of a business, extending to the cultural, structural and human
Security includes the business premises, assets and people. Also extends to security of company information,
Legal & regulatory compliance includes legislation, regulations, standards, codes of practice and contractual
requirements. Also extends to compliance with additional rules such as policies, procedures or expectations, which
may be set by contracts, customers or the social environment.
Reputation entails the threat to the reputation of the business due to the conduct of the entity as a whole, the
viability of products/services, or the conduct of employees or others associated with the business.
Operational covers the planning, daily operational activities, resources (including people) and support required
within the a business that results in the successful development and delivery of products/services.
Contractual meeting obligations required in a contract including delivery, product/service quality,
guarantees/warranties, insurance and other statuatory requirements, non-performance.
Service delivery relates to the delivery of services, including the quality of service provided, or the manner in which
a product is delivered. Includes customer interaction and after-sales service.
Commercial includes risks associated with market placement, business growth, product development,
diversification and commercial success. Also to the commercial viability of products/services, extending through
establishment, retention, growth of a customer base and return. Project includes the management of equipment, finances, resources, technology, timeframes and people involved
in the management of projects. Extends to internal operational projects, business development and external projects
such as those undertaken for clients.
Safety including everyone associated with the business: individual, workplace and public safety. Also applies to the
safety of products/services delivered by the business.
Stakeholder management includes identifying, establishing and maintaining the right relationships with both
internal and external stakeholders.
Client-customer relationship potential loss of clients due to internal and external factors.
Strategic includes the planning, scoping, resourcing and growth of the business.
Technology includes the implementation, management, maintenance and upgrades associated with technology.
Extends to recognising critical IT infrastructure and loss of a particular service/function for an extended period of
time. It further takes into account the need and cost benefit associated with technology as part of a business
development strategy.
Procurement - common risks & management approaches
Risk Category
Developing the specification
Planning
Developing the specification
Selecting the purchasing method
Purchasing documentation
Inviting, clarifying and closing offers
Selecting the successful tenderer
Inviting, clarifying and closing offers
Evaluating offers
Negotiations
Negotiations
Evaluating the procurement process
Disposals
Contract management
Risk Likely consequences
Purchase of unsuitable product or service
Money wasted
Need not satisfied
Greater expense
Poor competition
Totally unacceptable purchase or not most suitable product or service
Time lost
Increased costs
Possible downtime
Delay in making the purchase
Additional costs for re-tender
Inadequate responses from tenderers
Reduced competition
Delivery schedule not met
Increased procurement costs
Misuse of resources
Most suitable product not obtained
Fewer alternatives
Most suitable product or service may not be obtained
Increased costs
Need not satisfied
Time lost
Increased costs
Possible downtime
Inadequate responses from tenderers
Claims of unfair dealings
Unethical conduct
Narrow definition or
commercial specification (eg.
use of brand name)
Definition of inappropriate
product or service
Biased specification
Understatement of the need
Overstatement of the need
Misinterpretation of user
needs
Insufficient funding
Impractical timeframe
Probity issues
Variety of offers
Insufficient responses
Products offered not meeting needs
Difficult to evaluate
Lack of offers from suitable tenderers
Need to seek offers again
Possible cost variations
Failure to obtain value for money
Loading of costs in offers
Having to modify tender terms and conditions
Disruption
Low response
Loading of costs in offers
Variations in offers
Having to provide clarifying information, causing delays in tender closing
Additional costs
Claims of unfair practices
Offers with qualifications by tenderers
Withdrawal of offers
Complaints from tenderers
Withdrawal of offers
Complaints from tenderers
Mistrust by tenderers
Need to undertake process again
Inadequate statement of
requirements
Failure to identify potential
sources
Selecting inappropriate
method
Terms and conditions
unacceptable to tenderers
Providing inadequate
information
Failure to adequately address
enquiries from tenderers
Actual or perceived
favouritism in providing
information
Actual or perceived breach of
confidentiality
Insufficient number of
responses
Increased costs
Delayed delivery to the client
Poor value for money due to limited competition
Reduced competition
Increased costs of products or services
Inconsistent evaluations
Possible complaints from tenderers
Subjective not objective evaluation of offers
Claims of unethical or unfair practices
Loss of faith with tenderers
Need to call tenders again
Additional costs
Delay in delivery
Failure to identify a clear
winner
Claims of unethical and unfair behaviour
Complaints from tenderers
Failure to fulfil the contract
Failure to meet the client's need
Contract disputes
Delivery delays
Cost variations
Reduction in value for money
Purchase of less suitable product
Inefficient use of resources
Delays in delivery
Need to restart procurement
Possible cost of legal action
Inability to finalise contract
Delays in delivery
Variations in cost
Inefficient use of resources
Contract disputes
Invalidity of contract
Legal action
Poor supplier/customer relationship
Contract disputes
Selecting an inappropriate
supplier
Selecting inappropriate
product
Insufficient number of
responses
No response from known
quality suppliers
Failure to follow effective
evaluation procedures
Breaches of security
Offers fail to meet needs
Decision made on subjective
grounds
Not matching the expectations
of buyer and tenderer
Deadlock on details of
agreement
Failure to secure mandatory
conditions
Unfair or onerous
requirements on the tenderer
in the contract conditions
Failure to reflect the terms
offered and agreed in the
contract
Legal action
Poor supplier/customer relationship
Expense of negotiating out of the contract and paying damages
Committing to other associated work prior to main contract existing
Cost overruns
Delays in delivery
Need to restart procurement
Contract disputes
Failure to satisfy needs
Delays in delivery
Downtime
Legal action
Cost increases
Failure of contract
Full benefits not achieved
Delivery of unsatisfactory product
Contract/supply disputes
Potential liability to pay for unauthorised work
Possibility of legal action for perceived breach of contract
Unanticipated cost increases
Contract disputes
Loss of commercial opportunity
Unwarranted reliance on supplier for product support
Legal action
Damage to the agency's professional reputation
Delays in delivery
Downtime
Liability disputes
Misuse of resources
Legal action
Disruption to procurement activities
Progress on project disrupted
Less expertise
Failure to evaluate
procurement and
management processes
Failure to improve procurement and management processes
Procurement objectives not achieved
Possible failure in the future
Not achieving best return
Claims of unethical and unfair practices
Claims of bias and favouritism to organisations or individuals
Reduction in value for money
Loss or damage to goods in
transit
Failure to reflect the terms
offered and agreed in the
contract
Inadvertently creating a
contract without the delegate's
prior approval
Fraud
Key personnel not available
Failure to identify and address
problems
Collusive bidding at auction
Inadequate tender
management
Variations in price and foreign
exchange
Unwillingness of the supplier
to accept the contract
Failure of either party to fulfil
the conditions of the contract
Inadequately administering
the contract
Commencement of work by
the supplier before contract is
exchanged or letter of
acceptance issued
Unauthorised increase in
scope of work
Loss of intellectual property
Failure to meet liabilities of
third parties (eg. royalties or
third party property insurance)
Action
Analyse need accurately
Analyse need accurately
Use functional and performance requirements
Improve consultation with users
Obtain clear statement of work and definition of need
Obtain appropriate approvals before undertaking process
Improve planning
Improve forecasting, planning and consultation with users
Improve communication with potential tenderers
Implement best practice policies, guidelines and practices
Maintain ethical environment
Improve training of personnel
Put suitable controls and reviews in place
Consider using a probity adviser
Improve communication with potential tenderers
Define the specification in terms of required outputs
Use functional and performance specifications
Ensure specification is consistent with needs analysis
Improve market knowledge
Use functional and performance specifications
Use functional and performance specifications
Implement a control mechanism to review specification before release
Be familiar with requirements
Use functional and performance specifications
Use an Expression of Interest or Request for Information to clarify requirements (be careful not to infringe
intellectual property rights or copyright)
Improve procurement planning processes
Improve market knowledge
Seek industry participation
Use the Industry Capability Network (ICN)
Improve implementation of procurement policies, guidelines and practices
Improve tender documentation and clearly identify the evaluation criteria in Request for Tenders
Provide staff with appropriate training and experience
Use standard documentation prepared by Crown Law
Select appropriate documentation for purchase type (ie. goods, services, goods and services, or
information technology related)
Improve tender planning
Assess and allocate risks appropriately
Consult with Crown Law
Use commercially acceptable terms
Provide staff with appropriate tender planning and procurement skills
Ensure staff have appropriate tender planning and documentation training and experience
Improve tender planning and preparation
Review tender documents before issuing them and ensure evaluation criteria contain the critical factors
on which assessment of tenders will be based
Implement standardised procedures for responding to enquiries
Provide staff with appropriate tender management training and experience
Respond in a timely manner to enquiries
Allow adequate time for tenderers to respond
As above
Answer queries in writing and provide copies to all potential tenderers
Ensure that all potential tenderers are provided with any addenda
Establish formal security procedures
Train staff in their obligations
Perform regular audits and reviews of security processes
Advise tenderers of security measures
Use appropriate tender advertisement strategy to increase competition (eg. consider advertising tenders
in other publications as well as the local paper)
Consult with the ICN to identify potential tenderers
Provide potential tenderers with advance notice of tender requests
Improve tender documentation and specifications
Allow sufficient time for tenderers to respond
Actions as above for insufficient number of responses
Improve your market knowledge
Review specifications or conditions
Seek feedback from known suppliers on their non-response
Provide staff with appropriate tender assessment and evaluation training and experience
Improve tender assessment and evaluation processes
Maintain, audit and review evaluation procedures
Ensure that Evaluation Committee members declare any conflicts of interest
Maintain, audit and review security procedures
Provide staff with appropriate training and experience and monitor performance
Ensure that Evaluation Committee members understand and sign Confidentiality Agreements
Improve market knowledge
Improve tender documentation
Conduct market research
Develop functional and performance specifications
Ensure evaluation criteria contain the critical factors on which the assessment of tenders will be based
and that they are clearly identifiable to tenderers in tender documents
Ensure evaluation criteria are appropriate and measurable
Ensure that Evaluation Committee members sign Declaration of Conflict and Confidentiality Agreements
Provide staff with appropriate tender evaluation, financial and technical skills training and commercial
expertise
Improve evaluation procedures
Improve evaluation criteria and clearly identify them to tenderers in tender documents
Reject unacceptable offers
Perform financial, technical and company evaluations before awarding contract
Procurement Review Committee to review tender and selection process prior to awarding contract
Ensure users are involved in the evaluation/selection process
Improve technical evaluation procedures and train staff as appropriate
Procurement Review Committee to review tender and selection process prior to awarding contract
Improve communication, including ensuring that Conditions of Contract form part of the Request for
Tender
Provide staff with training in contract planning and management
Define terms carefully
Record each party's obligations
Clarify all ambiguities before signing the contract
Look at alternatives to share risk
Distinguish between essential and non-essential goals and requirements
Establish baseline before negotiations
Distinguish essential goals from others
Consider variations to contract
Provide negotiators with adequate training
Provide negotiators with adequate training and support
Negotiate commercial terms
Terms should be fair and reasonable
Check final draft of contract with successful tenderer
Keep records of all negotiations and agreements
Procedure in place to ensure delegate's approval obtained first
Provide negotiators with adequate training
Agree on prices and the basis of prices
Agree on a formula for calculating variations
Seek legal redress if non-acceptance causes loss
Negotiate but retain integrity of the contract
Ensure good contract administration and performance management
Hold regular inspections / meetings and ensure progress reports
Ensure all staff know responsibilities and conditions
Ensure good record keeping and documentation
Maintain up-to-date agency procedures and practices
Ensure all staff are suitably trained and experienced in contract planning and management
Confirm verbal acceptance of contract with written advice
Accept all contracts in writing
Ensure approvals are received before allowing work to start
Ensure all contract amendments are issued in writing
Record all discussions and negotiations
Confirm instructions in writing
Ensure suitable clauses are included in the contract
Check that all obligations are covered in the contract
Agree on responsibilities
Implement appropriate safety standards and programs
Include appropriate packaging instructions in specification
Agree on insurance cover for supplier to provide
Accept delivery only after inspection
Know when title of goods is transferred to buyer
Maintain an ethical environment
Follow and maintain fraud control procedures
Include requirement in specification and ensure compliance in post-tender negotiation
Know the market
Accept risk and manage possible delay
Develop systematic evaluation methods, techniques and evaluation criteria
Agree on performance criteria (with supplier and customer)
Develop good relationships with suppliers
Include evaluation clause in the contract
Implement performance management strategies
Set reserve prices
Deal with reputable firms
Include disposal clause in initial contract
Maintain ethical environment
Sell by open tender
Document reasons for decision
Provide staff with appropriate training
Risk Reporting AS AT 01-Jun-14
Adequate
Opportunities for
Improvement
Inadequate No Assessment Totals
V High 0 0 0 1 1
High 0 0 0 1 1
Medium 0 0 0 4 4
Low 0 0 0 4 4
Totals 0 0 0 10 10
Catastrophic Major Moderate Minor Negligible Totals
Almost Certain 0 1 0 0 0 1
Likely 0 0 1 0 0 1
Possible 0 0 2 2 0 4
Unlikely 0 0 0 2 0 2
Rare 0 0 0 0 2 2
Totals 0 1 3 4 2 10
Colour Code V High
High
Medium
Low
R
i
s
k

P
r
i
o
r
i
t
y
Assessment of Existing Controls
L
i
k
e
l
i
h
o
o
d
Consequence
0
1
2
3
4
5
V High High Medium Low
Risks - # by Priority
Term Definition
Risk Uncertainty on objectives - can be either positive or negative deviation from what is expected
Control
Any measure or action that modifies risk. Includes any policy, procedure, practice, process, technology, technique, method or
device that modifies or managed risk.
Risk treatments become Controls or modify existing Controls once they have been implemented.
Residual Risk Risk left over after youve implemented a risk treatment option.
Hazard Potential to cause uncertainty. Risk includes the likelihood of it happening.
Issue Risk with probability of 100%. Ie. it has eventualised into an existing issue.
Business Category Risk Category Controls
Asset Management Business Continuity Adequate
Infrastructure Management Liability Opportunities for Improvement
Finance Environmental Inadequate
Clinical Governance Financial
Regulatory Compliance Political
Service Delivery OH&S
Corporate Governance Infrastructure, Assets & Systems
Operational Reputation
Market / Environmental
Strategic
Document Type Action Type Consequence
Strategic Plan Accepted Likelihood Negligible
Business Continuity Plan Reduced (eg. P&P, Training) Almost Certain Medium
OH&S Policies & Procedures Transferred (eg. Insurance) Likely Medium
Other Avoided Possible Low
Unlikely Low
Rare Low
Consequence
Minor Moderate Major Catastrophic
Medium High V High V High
Medium High High V High
Medium Medium High High
Low Medium Medium High
Low Medium Medium Medium