Risk Management Procedure – Template
Table of Contents
Risk Management Procedure 1 Template 1 Table of Contents 2 Introduction 3 Definitions 3 Objectives of Risk Management 4 Benefits of Risk Management 4 Roles and responsibilities 5 Risk Management Governance Structure 5 Relationship with other processes 7 Key Process Steps 8 One: Communicate and Consult 9 Two: Establish the Context 10 Three: Identify Risks 11 Four: Analyse Risks 12 Five: Evaluate Risks 13 Six: Treat Risks 14 Seven: Monitor and Review 15 Risk Reporting 18 Risk Management Reporting Responsibilities 18 Risk Escalation 19 Risk Reports and Recipients 19 Review and Approval 20 Access to Risk Management Reporting Framework 20 References 20 Appendix: Risk Control Likelihood Consequence Rating 18 Control Effectiveness Rating Criteria 18 Likelihood Rating Criteria 18 Consequence Rating Scale 18 Appendix: Risk assessment templates and heat map 18 Risk Assessment Template 18 Risk Assessment Treatment Plan Template 18 Appendix: Risk Reporting – potential risk reports 1 Templates (Examples) 18 Risk Profile 18 Risk Treatment Actions Status – Detailed 18 Assurance Coverage of Key Risks 19 Risk Management Annual Activity Schedule and Improvement Initiatives 20 New and Emerging Threats and Opportunities 21 Detailed Risk Register 21
The role of this risk management procedure is to provide staff with guidance in how to apply consistent and comprehensive risk management. This procedure provides information on how to identify, analyse, evaluate and treat risks.
In addition, it identifies other key activities needed for an effective risk management approach. The risk management process contained in this procedure aligns with the Australian Standard for Risk Management (AS/NZS ISO31000:2009).
Risk is the chance of something happening that will have an impact on objectives. It is important that we manage risks in order that the negative impact of risks upon achievement of our objectives is minimised and our ability to realise potential opportunities is maximised.
Set out below is a diagram illustrating how this procedure interacts with other key risk management documents:
Risk Management is the culture, processes and structures that are directed towards realising potential opportunities whilst managing adverse effects (AS/NZS ISO31000:2009).
A risk is the chance of something happening that will have an impact on objectives (AS/NZS ISO31000:2009).
A control is a process, affected by an entity’s board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives.
Objectives of Risk Management
Risk management is a responsibility of all, with specific risk responsibilities being allocated to different groups and levels within the organisation. It is important to have complete and current risk information available as this information assists the to make more informed decisions around both strategic direction and operational objectives.
Risk management is not a stand-alone discipline but requires integration with existing business processes such as business planning and Internal Audit, in order to provide us with the greatest benefits.
The objectives of a risk management framework are to:
• Provide a systematic approach to the early identification and management of risks; • Provide consistent risk assessment criteria; • Make available accurate and concise risk information that informs decision making including business direction; • Adopt risk treatment strategies that are cost effective and efficient in reducing risk to an acceptable level; and • Monitor and review risk levels to ensure…