Академический Документы
Профессиональный Документы
Культура Документы
onsequence of inaction
Communication Consultation
Risk Management Further Inf
10 Improve controls; LinkedIn Group 'ISO 31000 Risk Manage
11 Effectively allocate and use resources for risk treatment; http://www.linkedin.com/groups/ISO-310
12 Improve operational effectiveness and efficiency; International Organisation for Standardiz
13 Enhance health & safety performance and environmental protection; http://www.iso.org/iso/home/standards/is
14 Improve loss prevention and incident management; Standards Australia Risk Management P
15 Minimize losses; http://sherq.org/31000.pdf
16 Improve organizational learning; and Concise Guide to Treasury Risk Manage
17 Improve organizational resilience. http://www.charteredaccountants.com.au
agement PROCESS
Risk Assessment
Risk Analysis
Risk Evaluation
Risk Treatment
1 loss of relevance of products to customer base changing market needs & sentiment
2 Risk 2
3 Risk 3
4 Risk 4
5 Risk 5
6 Risk 6
7 Risk 7
8 Risk 8
9 Risk 9
10 Risk 10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
IDENTIFY
What can happen How can it happen When & Where could Business Goals/Objectives
(consequences) (cause for hazard to occur) the Risk occur impacted by Risk
FY
Assumptions & key variables
Business Process Category
used to assess risk
Strategic Environmental
Link to Document Document Type Existing Controls
Duty to Act in Good Faith (sect 181 of Corporations Act) – A director must exercise their power in good faith
in the best interests of the corporation & for a proper purpose
Do Not Misuse Information or Position of Director - The law prohibits Board members from using their
position to gain an advantage for themselves or another, or to cause detriment to the entity they are governing
Do Not Abuse an Opportunity – if you become aware of an opportunity as a result of your position on a
board then you should not take up tht opportunity for personal benefit at the expense of the organisation
Duty to Act with Care & Diligence - Board members must exercise their powers and discharge their duties
with the care and diligence of a "reasonable person" in their position. Board members with a high level of
expertise will attract a higher standard of care than other members.
Avoid Conflict of Interest
Avoid Insolvent Trading
Avoid Fraud
Avoid Negligence
Tax – tax legislation including any obligations required for charitable income tax exempt status and/or
deductible gift recipient status (if applicable).
Conditions of funding – contractual obligations that exist to any funding bodies.
Occupational health and safety – must provide a safe workplace for employees, subcontractors, volunteers
and a range of others. For example training on fire evacuation procedures, electrical safety, first aid, no
smoking in workplace, etc.
Industry-specific – for example child care and safety in schools.
Organisation Constitutional compliance – for example rights of members, appointments to the board & their
tenure, etc.
Privacy – important to understand what data is considered to be private as this is subject to tight regulatory
controls as to its use, accesibility, accuracy & storage
Information Security
Environmental Sustainability such as EPA compliance
HR – for example pay rates, superannuation contribution amounts & frequency, Sick Leave, Overtime, Hiring
& Firing procedures
Trade Practices Act – for example misleading & deceptive conduct, Third Line Forcing, etc
Anti-Discrimination
Contracts Law
Defamation
Fund Raising
Manufacturing Industry
Are substances used in particular tasks suitable for the tasks?
Is there a register of hazardous substances, and an inventory of chemicals purchased or produced and material safety data sheet
(MSDS) for each substance?
Are hazardous substance containers adequately labelled?
Are hazardous substances stored according to respective MSDS?
Is plant and equipment suitable for the required tasks?
Are all moving parts of plant and equipment guarded to prevent contact with people and property to minimise the risk of injuries
and damage, such as crushing, stabbing, cutting, puncturing, shearing, and tearing?
Are there systems in place to prevent injury from fragmentation of or flying particles from plant and equipment?
Are there systems in place to prevent injury from falling plant and equipment?
Are there systems in place to prevent injury from performing a task with plant and equipment in a confined space?
Are there systems in place to prevent injury from inadvertent movement of plant and equipment?
Are there systems in place to prevent injury from ‘stored energy' in plant and equipment, for example compressed air or hydraulic
pressure after turning off plant?
Are there systems in place to prevent injury resulting from failure of plant and equipment due to the loss of contents, loss of load,
unintended ejection of product, explosion, fragmentation or collapse of parts?
Does plant and equipment have adequate power isolation, noise insulation, ventilation and fume extraction?
Is the noise level of plant, equipment and the surrounding environment within the legislated noise level set down for your particular
workplace?
For people using vibrating hand-held equipment or operating vibrating controls (chain saws, sewing machines, grinders, pneumatic
drills, and so on) are exposure levels within values recommended by Australian Standard AS2763?
For drivers of vehicles and tractors, and helicopter and airplane pilots, are the vibration exposure levels within values recommended
by Australian Standard AS2670?
For operators of vibrating platforms on manufacturing/construction sites, are exposure levels within values as per Australian
Standard AS2670?
Are occupational exposures to Ionising radiation, such as X-rays, and gamma-rays equipment, within limits set by WorkSafe
Australia Network Health and Medical Research Council (National Standard Recommendations for limiting exposure to ionising
radiation)?
Is plant and equipment that generates UV radiation, such as photocopiers, lasers, UV cured inks in the printing industry, and
welding emissions enclosed?
Are radio frequency exposure levels from TV/FM radios transmitters, radio, microwaves, plastic moulders, induction heaters and so
on kept as low as practically possible?
Are outdoor workers provided with personal protective equipment and work systems as per WorkSafe Australia - guidance note on
the protection of workers from UV radiation in sunlight?
Are tasks performed at temperatures between 16°C and 24°C for sedentary work, 4°C and 24°C for light work and – 7°C and 24°C
for moderately heavy work?
Are tasks performed for more than 2 hours done so at humidity levels between 40% to 60%?
Is electrical wiring installed according to Australian Standard AS 3900?
Are electrical fixtures provided with adequate earthing or other residual current devices?
Are any signs of damage to either cable isolation or other electrical fixtures rectified?
Are there identified colour coded cable labelled isolators to all switchboards?
Are employees prevented from performing tasks in metal enclosures or damp places using electrical tools?
Is there a regular inspection of portable cords and extension leads?
Are ‘Danger' tags used by electricians when working on plant?
Does electrical equipment comply with Australian Standard AS3100 - General Requirements For Electrical Equipment?
Is adequate lighting provided according to Australian Standard AS1680 – lighting levels for different types of work?
Is employees' eyesight assessed every two years to determine their ability to continue performing their tasks?
Are hazardous conditions that are likely to arise during the use of plant and equipment as a result of friction, fire, explosion,
moisture, vapour, gases, dust and ice controlled?
Are access and egress arrangements for doorways, passageways, stairs, gangways and so on clear of obstructions, well lit, free of
slip hazards and secure?
Has lifting, carrying, pushing, and pulling been eliminated from all tasks?
Has frequent bending, twisting and stretching been eliminated from all tasks?
Has lifting of awkward loads been eliminated from all tasks?
Has repetitive work using awkward or constrained postures been eliminated from all tasks?
Have slip, trip and fall hazards been eliminated?
Are all walkways free of obstructions?
Are floors undamaged?
Are ladders checked regularly for any damage?
Are stairways well lit and properly maintained?
Are work stations and benches adjusted to suit the physical dimensions of workers?
Are safety devices and emergency back-up arrangements of plant equipment and systems suitable for the tasks being performed?
Are plant, equipment, building areas and fixtures maintained and repaired?
Are environmental conditions and terrain suitable for the plant and substances that are used?
Are hazardous elements, such as electricity, water and incompatible chemicals, segregated?
Are systems in place to address conflict between staff?
Are systems in place to address poor job satisfaction?
Are systems in place to address low job security?
Have poor work conditions, such as noise, dust, lack of ventilation and so on been eliminated?
Are visitors to the workplace provided with relevant safety information and are they supervised?
Are the current work systems appropriate, for example, whether more or fewer people should be involved and whether work
procedures need to be revised?
Do workers hold the required competency requirements, such as licensing, certification and apprenticeships?
Is training and supervision provided to meet the needs of each individual worker?
Insurance Industry
Climate change
Demographic shifts in core markets
Catastrophic events
Emerging markets
Regulatory intervention
Channel distribution
Integration of technology with operations and strategy
Securities markets
Legal risk
Geopolitical or macroeconomic shocks
Small Business
Financial – includes cash flow, budgetary requirements, tax obligations, creditor and debtor management, remuneration
and other general account management concerns.
Equipment – extends to equipment used to conduct the business and includes everyday use, maintenance,
depreciation, theft, safety and upgrades.
Organisational – relates to the internal requirements of a business, extending to the cultural, structural and human
resources of the business.
Security – includes the business premises, assets and people. Also extends to security of company information,
intellectual property, and technology.
Legal & regulatory compliance – includes legislation, regulations, standards, codes of practice and contractual
requirements. Also extends to compliance with additional ‘rules’ such as policies, procedures or expectations, which
may be set by contracts, customers or the social environment.
Reputation – entails the threat to the reputation of the business due to the conduct of the entity as a whole, the
viability of products/services, or the conduct of employees or others associated with the business.
Operational – covers the planning, daily operational activities, resources (including people) and support required within
the a business that results in the successful development and delivery of products/services.
Project – includes the management of equipment, finances, resources, technology, timeframes and people involved in
the management of projects. Extends to internal operational projects, business development and external projects such
as those undertaken for clients.
Safety – including everyone associated with the business: individual, workplace and public safety. Also applies to the
safety of products/services delivered by the business.
Stakeholder management – includes identifying, establishing and maintaining the right relationships with both internal
and external stakeholders.
Client-customer relationship – potential loss of clients due to internal and external factors.
Strategic – includes the planning, scoping, resourcing and growth of the business.
Technology – includes the implementation, management, maintenance and upgrades associated with technology.
Extends to recognising critical IT infrastructure and loss of a particular service/function for an extended period of time.
It further takes into account the need and cost benefit associated with technology as part of a business development
strategy.
Treasury
Market Risk
(the movement in value due to a change in price, creating a positive or negative value for the organisation)
Credit Risk
(the risk that your counter party defaults before or on settlement date)
Liquidity Risk
(risk of not being able to deal in a market due to lack of liquidity, and funding risk, which is not having
adequate funds in place when they are needed)
(risk of not being able to deal in a market due to lack of liquidity, and funding risk, which is not having
adequate funds in place when they are needed)
Operational Risk
(loss due to failure of people, processes and systems, or an external event such
as fire, fraud, flood, earthquake or other natural phenomenom)
Project Risks
Executive Support
Cost Management
Change Management
Stakeholders
Communication
Architecture
Design
Technical
Integration
Requirements
Procurement
Authority
Organizational
External
Project Management
User Acceptance
Commercial
Risk Category
Planning
Negotiations
Contract management
Evaluating the procurement process
Disposals
Risk Category
Mechanical hazards
Chemical and biological hazards
Sources of energy
Body stressing or impact hazards
Gravity
Psychological
Are risks identified as early as possible to ensure adequate steps are taken to handle the exposure in a timely manner?
Do risk measurement methodologies measure the risks adequately and in a timely manner?
Are potential stress tests and ‘what if’ analyses undertaken monthly – (eg.measuring sensitivity of exposure to market risk (
Is there a suitable mix of floating and fixed interest rates?
What is the foreign exchange risk hedging policy?
What percentage of foreign exchange is hedged?
Is the audit committee informed of any breaches of market risk policy or limits?
Is there adequate capacity to measure credit exposure?
Does the organisation have a process for handling and valuing collateral received or paid?
Does the organisation have settlement limits?
What reliance is placed on credit ratings provided by a credit rating agency?
Is credit risk appropriately managed?
Is the audit committee informed of any breaches of credit or settlement limits immediately?
What processes are in place to determine credit limits?
What processes are in place to measure liquidity risk?
What impact do financial instruments have on cash flow?
Are appropriate cash limits in place?
Are secured funding lines in place?
What level of security do these funding lines have?
Is close contact kept with funders, shareholders and bankers?
Are there diversified sources of funds?
Is there a spread of products and maturities so that maturities do not build up?
Is there liquidity in all the various financial instruments eg. any exotic or structure products?
What stress scenarios are run and are they stressful enough?
Is the audit committee informed of liquidity stress issues in a timely manner?
Are all staff who are responsible for monitoring derivative transactions well trained and qualified?
What is the culture of staff and management toward risk and controls?
Have staff adequate expertise for the roles that they perform?
Are bonuses paid based on the results of any risk management or treasury activities?
Is there an independent system for calculating and reporting to calculate and report results?
Are treasury operations handled by internal staff with the appropriate treasury skills?
Are front and back office systems adequate and appropriately segregated to ensure the completeness and accuracy of proc
Are valuation and spreadsheet models independently reviewed?
Are all back office staff adequately trained and do they understand the products used?
Are the organisation’s systems capable of producing adequate disclosure information for users of the financial statements?
Are accounting results routinely calculated and regularly reported?
Do the external auditors have a clear understanding of their role in verifying the financial transactions?
Are the policies and procedures reviewed at least annually?
Risk
Insufficient funding
Impractical timeframe
Probity issues
Biased specification
Breaches of security
Breaches of security
Fraud
Risk
Plant, equipment and items (and parts of them) that have the potential to cut, rip, tear, abrade, crush, penetrate, produce pr
Chemicals, compounds, materials, powders, dusts and vapours that have the potential to impair health, have adverse effec
A range of sources of energy that have the potential to cause harm, including electricity, heat, cold, noise, high powered ligh
Activities that cause stress to the muscles and/or skeleton, including manual handling of people, animals, goods or material
Activities that are carried out where a person can fall or an object can fall onto people.
Hazards Events, systems of work or other circumstances that have the potential to lead to psychological and associated illn
as possible to ensure adequate steps are taken to handle the exposure in a timely manner?
dologies measure the risks adequately and in a timely manner?
d ‘what if’ analyses undertaken monthly – (eg.measuring sensitivity of exposure to market risk (VAR) and scenario analysis?
ting and fixed interest rates?
e risk hedging policy?
exchange is hedged?
med of any breaches of market risk policy or limits?
o measure credit exposure?
a process for handling and valuing collateral received or paid?
settlement limits?
redit ratings provided by a credit rating agency?
proposed changes
t failed because of changes
ement system
ement process
with requirements
urate expectations
and requirements
m functional managers
governance processes
documentation
out of support
aren't maintainable
can't be operationalized
l problems & issues
business processes
n with strategy
n with business processes
n with systems
pliance issues
easonable price for contracts
s to project issues
s leads to project issues
o meet requirements
nagement processes
ss productivity
cts reputation
Likely consequences
Purchase of unsuitable product or service
Money wasted
Need not satisfied
Greater expense
Poor competition
Totally unacceptable purchase or not most suitable product or service
Time lost
Increased costs
Possible downtime
Delay in making the purchase
Additional costs for re-tender
Inadequate responses from tenderers
Reduced competition
Delivery schedule not met
Increased procurement costs
Misuse of resources
Most suitable product not obtained
Unethical conduct
Fewer alternatives
Most suitable product or service may not be obtained
Increased costs
Need not satisfied
Time lost
Increased costs
Possible downtime
Inadequate responses from tenderers
Claims of unfair dealings
Variety of offers
Insufficient responses
Difficult to evaluate
Lack of offers from suitable tenderers
Disruption
Low response
Additional costs
Claims of unfair practices
Increased costs
Delayed delivery to the client
Poor value for money due to limited competition
Reduced competition
Increased costs of products or services
Inconsistent evaluations
Contract disputes
Delivery delays
Cost variations
Reduction in value for money
Purchase of less suitable product
Inefficient use of resources
Delays in delivery
Need to restart procurement
Possible cost of legal action
Inability to finalise contract
Delays in delivery
Variations in cost
Inefficient use of resources
Contract disputes
Invalidity of contract
Legal action
Poor supplier/customer relationship
Contract disputes
Legal action
Poor supplier/customer relationship
Expense of negotiating out of the contract and paying damages
Committing to other associated work prior to main contract existing
Cost overruns
Delays in delivery
Need to restart procurement
Contract disputes
Delays in delivery
Downtime
Legal action
Cost increases
Failure of contract
Full benefits not achieved
Delivery of unsatisfactory product
Contract/supply disputes
Potential liability to pay for unauthorised work
Possibility of legal action for perceived breach of contract
Delays in delivery
Downtime
Liability disputes
Misuse of resources
Legal action
Disruption to procurement activities
Progress on project disrupted
Less expertise
and parts of them) that have the potential to cut, rip, tear, abrade, crush, penetrate, produce projectiles or cause sudden impact.
erials, powders, dusts and vapours that have the potential to impair health, have adverse effects on human reproduction, cause disease
y that have the potential to cause harm, including electricity, heat, cold, noise, high powered light and damaging radioactive sources.
o the muscles and/or skeleton, including manual handling of people, animals, goods or materials and things or circumstances that can c
where a person can fall or an object can fall onto people.
work or other circumstances that have the potential to lead to psychological and associated illness, including work-related stress, bullyin
ket risk (VAR) and scenario analysis?
cy of processing, settlement and verification of the value of outstanding transactions?
Action
Analyse need accurately
Analyse need accurately
Use functional and performance requirements
Improve consultation with users
Obtain clear statement of work and definition of need
ciated illness, including work-related stress, bullying, workplace violence and work-related fatigue.
e of outstanding transactions?
ave explosive, fl ammable, toxic or corrosive properties.
High 0 1 0 1 2 4
Medium 0 0 0 3 3
Low 0 0 0 4 4
3
Totals 0 1 0 9 10
Consequence
Catastrophic Major Moderate Minor Negligible Totals 1
Almost Certain 0 1 0 0 0 1
Likely 0 0 1 0 0 1 0
Likelihood
Page 56 of 60
Term Definition
Risk Effect of uncertainty on objectives (either positive or negative deviation from what is expected). Often expressed as a combination of the consequences of an event & associated likelihood of occurrence
Any measure or action that modifies risk. Includes any policy, procedure, practice, process, technology, technique, method or device that modifies or managed risk.
Control Risk treatments become Controls or modify existing Controls once they have been implemented.
Residual Risk Risk left over after you’ve implemented a risk treatment option.
Hazard Source of potential harm. Present condition, event, object, or circumstance that could lead to or contribute to an unplanned or undesired event such as an accident.
Issue Risk with probability of 100%. Ie. it has eventualised into an existing issue.
Risk Identification Process of finding, recognising and describing risks involving identification of risk sources, events, causes and potential consequences
Risk Analysis Process to comprehend the nature of risk and to determine the level of risk
Risk Evaluation Risk with probability of 100%. Ie. it has eventualised into an existing issue.
Process to modify risk that can involve:
Risk Treatment - avoidance, taking or increasing a risk, removing the risk source, changing the likelihood, changing the consequences, sharing the risk (eg. Contracts), retaining the risk by informed decision,
Residual Risk Risk remaining after risk treatment
Note: Risk is different to a Hazard in that Risk is the future impact of a hazard that is not controlled - it can be viewed as future uncertainty created by the hazard.