Risk Management2018-10-13T08:46:57+00:00

Risk is a fact of life. All organisations confront risk. Many risks are negative, such as the impact of a major economic downturn, a fire in company premises, an industrial injury or adverse action by a government regulator. But risk also has an upside – what new products and services can be developed, what new markets can be entered, what new plant and equipment can lead to significant cost savings?

Risk management is essentially strategic in nature and can be the source of considerable competitive advantage. Effective risk management supports better decision making because it develops a deeper insight into the risk-reward trade-off facing a company.

Risk is defined in the Australian Standard AS/NZ ISO 31000:2009 as the ‘effect of uncertainty on objectives’. Risk management is defined in the Australian Standard as ‘coordinated activities to direct and control an organization with regard to risk’.

Good risk management is an exercise in common-sense, structured thinking about what risks the organisation faces and how to take advantage
of these risks or reduce adverse impacts. In short, risk management is an integral part of good management practice. It is strategic by design because it is as much about identifying opportunities for improved returns with reduced risks, as it is about responding to catastrophic threats.

A risk management system should aim to:

  • Increase awareness and understanding of the real and significant risks and their impact;
  • Ensure that where cost effective methodologies exist to remove, reduce or ameliorate the impact of a risk, that these methodologies are being appropriately used;
  • To highlight those activities the organisation will not undertake due to the unacceptable risk involved;
  • Encourage due diligence in decision making;
  • Ensure the exercise of an appropriate duty of care is undertaken at all levels;
  • Promote innovation through the taking of calculated risks in pursuit of opportunities and excellence; and
  • Provide assurance that organisational risks are properly managed, commensurate with their level of threat or exposure.

The term Enterprise Risk Management (ERM) refers to a deliberate focus on all risks of an organisation and has become a popular way of
describing the application of risk management throughout an organisation, rather than only in selected areas or disciplines. For example, previously operations management may have used one approach to manage the risks around the organisation’s physical factories and offices, finance may have used another approach to manage financial risk, human resource management may have used a separate system to manage WHS and employee risks and so on. With an ERM, a common system is used throughout the organisation. Such a system needs to be scalable, suitable for use by all levels of management, the CEO and the board.

We offer a range of services related to risk management.

Risk program reviews

We review risk policies and procedures. Using the Australian Standard AS/NZ ISO 31000:2009 as the baseline, we undertake an audit of your enterprise risk management system. Risk management reviews provide a series of recommendations as to how the organisation’s risk management policies and procedures maybe improved.

Risk workshops

In a risk workshop we work with the board and/or senior management team to identify major strategic risks facing the organization, classify these with respect to likelihood and consequence before and after risk mitigation strategies are put in place and determine the pre and post risk levels. Using our proprietary risk workshop software, we can develop a sophisticated risk register for the organisation which complies with the Australian standard in a matter of hours.

Risk policies and procedures

We work with clients to establish and document risk policies, procedures and frameworks in accordance with the Australian standard and which also meet the requirements of the quality standard ISO 9001.

Risk appetite development

Working with the board, we have developed workshop methodologies to allow boards to develop a risk appetite statement. Risk appetite is the amount of risk exposure (or potential adverse impact from an event) the board is willing to accept/retain to meet its goals or objectives. As such they are an essential component of modern corporate governance as well as risk management.

Risk Professional Development

We have written material on risk management for the Australian Institute of Company Directors and have conducted many workshops on the topic. We can tailor-make an educational program on risk management ranging from a few hours to a whole day for your board and management team.