Risk is a fact of life. All organisations confront risk. Many risks are negative, such as the impact of a major economic downturn, a fire in company premises, an industrial injury or adverse action by a government regulator. But risk also has an upside – what new products and services can be developed, what new markets can be entered, what new plant and equipment can lead to significant cost savings?
Risk management is essentially strategic in nature and can be the source of considerable competitive advantage. Effective risk management supports better decision making because it develops a deeper insight into the risk-reward trade-off facing a company.
Risk is defined in the Australian Standard AS/NZ ISO 31000:2009 as the ‘effect of uncertainty on objectives’. Risk management is defined in the Australian Standard as ‘coordinated activities to direct and control an organization with regard to risk’.
Good risk management is an exercise in common-sense, structured thinking about what risks the organisation faces and how to take advantage
of these risks or reduce adverse impacts. In short, risk management is an integral part of good management practice. It is strategic by design because it is as much about identifying opportunities for improved returns with reduced risks, as it is about responding to catastrophic threats.
A risk management system should aim to:
- Increase awareness and understanding of the real and significant risks and their impact;
- Ensure that where cost effective methodologies exist to remove, reduce or ameliorate the impact of a risk, that these methodologies are being appropriately used;
- To highlight those activities the organisation will not undertake due to the unacceptable risk involved;
- Encourage due diligence in decision making;
- Ensure the exercise of an appropriate duty of care is undertaken at all levels;
- Promote innovation through the taking of calculated risks in pursuit of opportunities and excellence; and
- Provide assurance that organisational risks are properly managed, commensurate with their level of threat or exposure.
The term Enterprise Risk Management (ERM) refers to a deliberate focus on all risks of an organisation and has become a popular way of
describing the application of risk management throughout an organisation, rather than only in selected areas or disciplines. For example, previously operations management may have used one approach to manage the risks around the organisation’s physical factories and offices, finance may have used another approach to manage financial risk, human resource management may have used a separate system to manage WHS and employee risks and so on. With an ERM, a common system is used throughout the organisation. Such a system needs to be scalable, suitable for use by all levels of management, the CEO and the board.
We offer a range of services related to risk management.