Risk Management Powerpointx

More than OH&S
Definitions of Risk
“Risk is virtually anything that threatens or limits the
ability of a community or non-profit organisation to
achieve its mission.”
OR
“Effect of uncertainty on objectives”
Reference: AS/NZS/ISO 31000 Risk Management 2009
Definitions continued
“It can be unexpected and unpredictable events such as
destruction of a building, the wiping of all your
computer files, loss of funds through theft or an injury
to a member or visitor who trips on a slippery floor and
decides to sue.
Any of these or a million other things can happen, and
if they do they have the potential to damage your
organisation, cost you money, or in a worst case
scenario, cause your organisation to close.”
5 Key steps in Risk Assessment
1. Establish the context
2. Identify risk/s
3. Analyse Risk (Likelihood and Consequence)
4. Evaluating Risk
5. Monitor and Review
The Risk Management Process
Establishing a context
 What relationships does the organisation have and how






important are these?
What laws, regulations, rules or standards apply to your
organisation?
What are the aims and objectives of the organisation?
Who is involved with the organisation - internally and
externally?
What are your organisation's capabilities?
What are you currently doing for risk management either
formally or informally?
Have you established some criteria for your organisation
that defines what level of risk is acceptable?
Identifying Risk
Whole of organisation Brain Storm:
 What is at risk and what will the effect be?
 What can happen? When, where, why and how might
this occur?
 Who and what might be involved?
 What and the effects and who is affected? What are we
doing about this now?
Analysing Risk
 What is the likelihood of the risk occurring and what is the
consequence of that outcome?
High probability /Low impact
High Probability /High Impact
Low probability /Low impact
Low Probability /High Impact
 Likelihood rating
 A - Frequent - Likely to occur frequently
B - Probable - would occur but not frequently
C - Occasional - could happen occasionally
D - Remote - Rare, not likely but possible
E - Improbable - Highly unlikely but still possible





Consequence/Severity rating
A - Catastrophic - may result in death or loss of bodily functions
B - Critical - may cause severe injury, illness
C - Marginal - may cause injury or illness resulting in loss of work as an example
D - Negligible - may cause minor injury or illness
Evaluating Risk
 It’s about “determining whether the level of risk is
acceptable or unacceptable”.
 It “enables priorities to be established that equate to an
appropriate level of risk.”
 Options include: Treating, accepting, avoiding,
reducing and/or transferring the risk
Monitor and Review
Monitoring = “Continual assessment of what has been
implemented”
Review = “A periodic assessment of the effectiveness
and environment”
E – Extreme risk – detailed action plan required
H - High risk – needs senior management attention
M – Medium risk – specify management responsibility
L – Low risk – manage by routine procedures
High or Extreme risks must be reported to Senior
Management and require detailed treatment plans to
reduce the risk to Low or Medium.
Probability:
Insignificant
Minor
Moderate
Major
Catastrophic
1
2
3
4
5
M
H
H
E
E
Historical:
Is expected
to occur in
>1 in 10
most
5
circumstanc
Almost
Certain
es
Will probably
1 in 10 - 100
occur
4
Likely
M
M
H
H
E
3
Possible
L
M
M
H
E
2
Unlikely
L
M
M
H
H
1
Rare
L
L
M
M
H
Likelihood
Might occur
1 in 100 –
1,000
1 in 1,000 –
10,000
at some
time in the
future
Could occur
but doubtful
May occur
but only in
1 in 10,000 –
exceptional
100,000
circumstanc
es
Consequence
Injuries or ailments not
People
requiring medical
treatment.
Reputation
Internal Review
Minor errors in systems or
Business Process &
Systems
processes requiring
corrective action, or minor
delay without impact on
overall schedule.
Financial
Minor injury or First Aid
Treatment Case.
Serious injury causing
Life threatening injury or
hospitalisation or multiple
multiple serious injuries
medical treatment cases.
causing hospitalisation.
Scrutiny required by
Scrutiny required by external
internal committees or
committees or ACT Auditor
internal audit to prevent
General’s Office, or inquest,
escalation.
etc.
Policy procedural rule
occasionally not met or
services do not fully meet
needs.
One or more key
accountability requirements
not met. Inconvenient but
not client welfare
threatening.
Death or multiple life
threatening injuries.
Intense public, political and
Assembly inquiry or
media scrutiny. Eg: front
Commission of inquiry or
page headlines, TV, etc.
adverse national media.
Strategies not consistent
Critical system failure, bad
with Government’s agenda.
policy advice or ongoing
Trends show service is
non-compliance. Business
degraded.
severely affected.
1% of Budget
2.5% of Budget
> 5% of Budget
> 10% of Budget
>25% of Budget
or <$5K
or <$50K
or <$500K
or <$5M
or >$5M
An example of risk assessment not solely focussed on OHS
Identifying and Analysing Risks
THE RISK
SOURCE
IMPACT
CURRENT CONTROL STRATEGIES
WHAT CAN HAPPEN?
HOW CAN THIS HAPPEN
FROM EVENT HAPPENING
AND THEIR EFFECTIVENESS
CURRENT RISK LEVEL
(A) –Adequate
ACCEPTABILITY (A/U)
CURRENT RISK LEVEL
CONSEQUENCE
(I) – Indadequate
LIKELIHOOD
RISK REFERENCE
(M) – Moderate
Risk Treatment Schedule and Action Plan
POTENTIAL TREATMENT OPTIONS
COSTS &
BENEFITS
IS THE TREATMENT TO
BE
TARGET RISK
IMPLEMENTED
RESPONSIBLE PERSON
LEVEL
(Y/N)
TIMETABLE
MONITORING
For
strategies to
implementation
measure
TARGET LEVEL
CONSEQUENCE
Treatments
LIKELIHOOD
RISK REFERENCE
effectiveness of Risk