RISK MANAGEMENT GUIDELINES

Similar documents
Risk management Principles and guidelines

Australian/New Zealand Standard

Australian/New Zealand Standard

Australian/New Zealand Standard

Australian/New Zealand Standard

AS/NZS 4505:1998 AS/NZS

AS/NZS ISO 9004:2011 Managing for the sustained success of an organization A quality management approach

Australian/New Zealand Standard

Australian Standard. Certification of welders and welding supervisors. AS (Incorporating Amendment No. 1) AS 1796

AS/NZS ISO 9001:2016. Quality management systems Requirements AS/NZS ISO 9001:2016. Australian/New Zealand Standard. Superseding AS/NZS ISO 9001:2008

AS/NZS ISO 9000:2000 Quality management systems Fundamentals and vocabulary

AS/NZS 4804:2001. Occupational health and safety management systems. General guidelines on principles, systems and supporting techniques

Australian Standard. Sampling procedures for inspection by attributes

Australian/New Zealand Standard

Technical Specification

Australian/New Zealand Standard

Australian/New Zealand Standard

Australian/New Zealand Standard

Australian/New Zealand Standard

AS/NZS 10002:2014. Australian/New Zealand Standard. Guidelines for complaint management in organizations AS/NZS 10002:2014

Australian Standard. Metal castings. Part 1: Ferrous sand moulded AS (Incorporating Amendment No. 1) AS

AS/NZS :2015. Scaffolding AS/NZS :2015. Part 3: Prefabricated and tube-and-coupler scaffolding. Australian/New Zealand Standard

Australian Standard. Power transformers. Part 1.2: Minimum Energy Performance Standard (MEPS) requirements for distribution transformers

HB This is a free 9 page sample. Access the full version online. The Service Industry Handbook

Australian/New Zealand Standard

Australian Standard. Atmospheric corrosivity zones in Australia AS AS

Australian Standard. Non-destructive testing Determination of thickness. Part 3: Use of ultrasonic testing AS AS 2452.

AS/NZS 3012:2003 AS/NZS

This is a free 15 page sample. Access the full version online. HB 90.1:2012 The Small Business Handbook Guide to ISO 9001:2008

Australian/New Zealand Standard

Australian Standard. Design and installation of sheet roof and wall cladding. Part 3: Plastic AS AS

AS/NZS :2014. Guide to the protection of structural steel against atmospheric corrosion by the use of protective coatings AS/NZS 2312.

Asset management Overview, principles and terminology

AS/NZS 3010:2005 AS/NZS

Australian/New Zealand Standard

AS AS Australian Standard. Installation of nailplated timber roof trusses

AS/NZS 2589:2007 AS/NZS

Australian/New Zealand Standard

Australian/New Zealand Standard

AS/NZS :2003. Plumbing and drainage AS/NZS :2003. Australian/New Zealand Standard. Part 3: Stormwater drainage

TECHNICAL GOVERNANCE AND ADVISORY STRUCTURES FOR THE STANDARDS DEVELOPMENT PROCESS

AS/NZS 2280:2012 AS/NZS

Australian Standard. Cement mortar lining of steel pipes and fittings AS AS 1281

Australian Standard. Equipment for the pasteurization of milk and other liquid dairy products Continuous-flow systems AS AS 3993

Australian Standard. Qualification of welders for fusion welding of steels AS AS

LICENCE. for WEB LINKS. Check if this document is current Find similar documents StandardsWatch (info and login) Visit our website

Australian/New Zealand Standard

Australian Standard. Pipelines Gas and liquid petroleum. Part 0: General requirements AS AS

ISO INTERNATIONAL STANDARD. Risk management Principles and guidelines. Management du risque Principes et lignes directrices

Australian Standard. Electroplated coatings of rhodium for general engineering applications AS AS 2429

AS/NZS 5131:2016. Australian/New Zealand Standard. Structural steelwork Fabrication and erection AS/NZS 5131:2016

Australian Standard. Sampling procedures and charts for inspection by variables for percent nonconforming AS ISO 3951:1989

AS/NZS 1477:2017. Australian/New Zealand Standard. PVC pipes and fittings for pressure applications. Superseding AS/NZS 1477:2006 AS/NZS 1477:2017

Standards Australia LICENCE

Risk Management Update ISO Overview and Implications for Managers

AS Residential timber-framed construction Part 2: Non-Cyclonic Areas

AS AS Australian Standard. Chain-link fabric security fences and gates. This is a free 7 page sample. Access the full version online.

LICENCE. for WEB LINKS. Check if this document is current Find similar documents StandardsWatch (info and login) Visit our website

Australian/New Zealand Standard

IT and Enterprise Governance By Michael J. A. Parkinson, CISA, CIA, and Nicholas J. Baker, CPA

ISO 31000:2009 IEC/ISO 31010:2009 & ISO Guide 73:2009 International Standards for the Management of Risk

RAISING THE STANDARD THE NEW ISO RISK MANAGEMENT STANDARD

Controlled environments

ISO Environmental management systems Requirements with guidance for use

Australian Standard. Part 3 SEAT INDEX POINT AS /ISO EARTH-MOVING MACHINERY HUMAN DIMENSIONS

This document is a preview generated by EVS

Waters Examination for Legionella spp. including Legionella pneumophila

Standard on Assurance Engagements ASAE 3500 Performance Engagements

BODY OF KNOWLEDGE DOMAIN 6 GOVERNANCE

KING IV APPLICATION REGISTER. We do it better

PERFORMANCE STANDARDS FOR SELF-INSURED EMPLOYERS

Asset management Overview, principles and terminology

HOW TO BRING YOUR ERM FRAMEWORK INTO LINE WITH ISO

Australian Standard. Non-destructive testing Radiography of welded butt joints in metal. Part 1: Methods of test AS

Information technology Security techniques Information security management systems Overview and vocabulary

Performance Auditing

Voluntary code for a. self-financed housing revenue account

Governance Principles

ISO/PC Occupational health and safety management systems Requirements with guidance for use

ABC Refinery - Responsible Gold Guidance Compliance Report

Audit Comm. ser ttee es. The benefits of assuring greenhouse gas emissions: Why it is important and how to get the most value from it

Australian Standard. Guide to the sampling of particulate materials. Part 1: Sampling procedures AS

DIGNITY AND RESPECT POLICY AND GUIDELINES ON PREVENTING AND MANAGING WORKPLACE BULLYING

Temporary Works Forum (TWf) Chairman: Bill Hewlett MA CEng FICE Secretary: John Carpenter CEng, FICE, FIStructE, CFIOSH

Australian Standard. Acoustics Road traffic noise intrusion Building siting and construction AS

AUSTRALIAN GAAS 2007 AUDITING STANDARDS CHECKLISTS

Planning Construction Procurement. A guide to health and safety and employment standards at work

Australian Standard. Thermal insulation of dwellings Bulk insulation Installation requirements AS

PRINCE Update. Changes to the manual. AXELOS.com. April 2017 PUBLIC

ISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Information security management systems Requirements

KING III CHECKLIST. We do it better

Asset management Overview, principles and terminology

Australian Standard. Specification for general purpose corrugated fibreboard boxes and blanks AS

QUEENSLAND RUGBY UNION LIMITED (ACN ) DIRECTOR S REPORT 2013 CORPORATE GOVERNANCE STATEMENT

Dynamic Risk Assessment

Ethical leadership and corporate citizenship. Applied. Applied. Applied. Company s ethics are managed effectively.

This fact sheet covers:

Position Titles also reporting to the Supervisor: Sport Services Manager Development Manager Development Officer

Strategic Planning for Recovery Director s Guideline for Civil Defence Emergency Management Groups [DGL 20/17]

Managing Successful Programmes 2011 Glossary of Terms and Definitions

Transcription:

HB 436:2004 RISK MANAGEMENT GUIDELINES

HB 436:2004 (Incorporating Amendment No. 1) Handbook Risk Management Guidelines Originated as HB 142 1999 and HB 143:1999. Jointly revised and redesignated as HB 436:2004. Reissued incorporating Amendment No. 1 (December 2005). COPYRIGHT Standards Australia/Standards New Zealand All rights are reserved. No part of this work may be reproduced or copied in any form or by any means, electronic or mechanical, including photocopying, without the written permission of the publisher. Jointly published by Standards Australia International Ltd, GPO Box 5420, Sydney, NSW 2001 and Standards New Zealand, Private Bag 2439, Wellington 6020 ISBN 0 7337 5960 2

Preface This Handbook provides generic guidance for establishing and implementing effective risk management processes in any organization. It demonstrates how to establish the proper context, and then how to identify, analyse, evaluate, treat, communicate and monitor risks. This Standard incorporates Amendment No. 1 (December 2005). The changes required by the Amendment are indicated in the text by a marginal bar and amendment number against the clause, note, table, figure or part thereof affected. This Handbook is based on the Joint Australian/New Zealand Standard, AS/NZS 4360:2004, Risk management (the Standard). Each Section contains an extract from the Standard, followed by practical advice and relevant examples. This basic guide provides a generic framework for managing risk. It may be applied in a very wide range of organizations including: public sector entities at national, regional and local levels; commercial enterprises, including companies, joint ventures, firms and franchises; partnerships and sole practices; non-government organizations; and voluntary organizations such as charities, social groupings and sporting clubs. It provides a reference for directors, elected officials, chief executive officers, senior executives, line managers and staff when developing processes, systems and techniques for managing risk that are appropriate to the context of their organization or their roles. The contents are intended to provide only a broad overview of risk management. Organizations are expected to interpret this guide in the context of their own environments and to develop their own specific risk management approaches. Ultimately it is up to the risk makers and the risk takers to develop and manage their own risk management programmes. Attributions Standards Australia International acknowledges, with thanks, the contribution of the following organizations in the development of this Handbook: Australian Computer Society Australian Customs Service Australia New Zealand Institute of Insurance and Finance ii

CSIRO (Commonwealth Scientific and Industrial Research Organisation) Department of Defence (Australia) Department of Finance and Administration Emergency Management Australia Environmental Risk Management Authority (New Zealand) Institute of Chartered Accountants (Australia) Institution of Engineers Australia Institution of Professional Engineers New Zealand Local Government New Zealand Massey University (New Zealand) Minerals Council of Australia Ministry of Agriculture and Forestry (New Zealand) Ministry of Economic Development (New Zealand) NSW Treasury Managed Fund New Zealand Society for Risk Management Risk Management Institution of Australasia Safety Institute of Australia Securities Institute of Australia University of New South Wales Victorian WorkCover Authority Water Services Association of Australia iii

Contents 1 Scope and general...1 Commentary...7 1.1 Background to risk management...7 1.2 Benefits of risk management...8 1.3 Applications of risk management...9 1.4 Corporate governance...10 2 Risk management process overview... 13 Commentary...16 3 Communication and consultation...19 Commentary...20 3.1 General...20 3.2 What is communication and consultation?...20 3.3 Why communication and consultation are important...21 3.4 Developing a process for communication and consultation...24 4 Establish the context...27 Commentary...30 4.1 Context...30 4.2 Objectives and environment...30 4.3 Stakeholder identification and analysis...31 4.4 Criteria...32 4.5 Consequence criteria...33 4.6 Key elements...34 4.7 Documentation of this step...36 iv

5 Risk identification...37 Commentary...38 5.1 Aim...38 5.2 Components of a risk...38 5.3 Identification process...39 5.4 Information for identifying risks...39 5.5 Approaches to identifying risks...40 5.6 Documentation of this step...41 6 Risk analysis...43 Commentary...46 6.1 Overview...46 6.2 Consequence and likelihood tables...52 6.3 Level of risk...55 6.4 Uncertainty...57 6.5 Analysing opportunities...58 6.6 Methods of analysis...60 6.7 Key questions in analysing risk...60 6.8 Documentation of the analysis...61 7 Risk evaluation...63 Commentary...64 7.1 Overview...64 7.2 Types of evaluation criteria...64 7.3 Evaluation from qualitative analysis...64 7.4 Tolerable risk...65 7.5 Judgement implicit in criteria...66 7.6 Evaluation criteria and historical events...66 v

8 Risk treatment...69 Commentary...72 8.1 Introduction...72 8.2 Identify options...73 8.3 Evaluate treatment options...78 8.4 Selecting options for treatment...81 8.5 Preparing treatment plans...86 8.6 Residual risk...86 9 Monitoring and review...87 Commentary...88 9.1 Purpose...88 9.2 Changes in context and risks...88 9.3 Risk management assurance and monitoring...89 9.4 Risk management performance measurement...91 9.5 Post-event analysis...93 10 Recording the risk management process...95 Commentary...96 10.1 Overview...96 10.2 Compliance and due diligence statement...97 10.3 Risk register...97 10.4 Risk treatment schedule and action plan...97 10.5 Monitoring and audit documents...97 10.6 Incident data base...98 10.7 Risk Management Plan...98 vi

11 Establishing effective risk management...103 Commentary...107 11.1 Policy...107 11.2 Management commitment...107 11.3 Responsibility and authority...108 11.4 Resources and infrastructure...108 11.5 Culture change...109 11.6 Monitor and review risk management effectiveness...109 11.7 The challenge for leaders Integration...110 11.8 The challenge for managers Leadership...110 11.9 The challenge for all Continuous improvement...111 11.10 Key messages and questions for managers...111 12 References...113 12.1 Standards and Handbooks...113 12.2 Further reading...115 vii

Introduction Risk management is a key business process within both the private and public sector around the world. Sound and effective implementation of risk management is part of best business practice at a corporate and strategic level as well as a means of improving operational activities. This Handbook states in Clause 4.2 that risk is the chance of something happening that will have an impact on objectives. In English, usage of the word risk usually has negative connotations, and risks are regarded as something to be minimized or avoided. In our more general definition, it is recognized that activities involving risk can have positive as well as negative outcomes. The processes described here can be used to identify and exploit opportunities for enhancing organizational outcomes as well as reducing negative consequences. Risk management, as described here, is a holistic management process applicable in all kinds of organizations at all levels and to individuals. Readers should be aware that this usage of the term differs from a more restricted usage in some sectors. For example, in some areas the terms risk management or risk control are used to describe ways of dealing with identified risks, for which we use the term risk treatment. Some other terms used in this document also have different usages. For example the terms risk analysis, risk assessment and risk evaluation are variously used in risk management literature. They often have overlapping and sometimes interchangeable definitions, and they sometimes include the risk identification step. We have selected terminology that forms the basis of international standards. Other handbooks have been developed that address applications of AS/NZS 4360 in specific areas (see Section 12). In some areas there is a division of responsibility between those who carry out the analytical process of identifying and analysing risk and those who make the decisions about risk evaluation and the selection of actions to deal with identified risks. This is beneficial where it is important that risk analysis be seen to be independent, and possibly undertaken by technical specialists, with decision aspects of risk evaluation and selection of risk treatment options being the responsibility of senior decision makers. This guide does not deal with such divisions of responsibility, but they are compatible with the processes described here. viii

1 Scope and general AS/NZS 4360:2004 1.1 Scope and application This Standard provides a generic guide for managing risk. This Standard may be applied to a very wide range of activities, decisions or operations of any public, private or community enterprise, group or individual. While the Standard has very broad applicability, risk management processes are commonly applied by organizations or groups and so, for convenience, the term organization has been used throughout this Standard. This Standard specifies the elements of the risk management process, but it is not the purpose of this Standard to enforce uniformity of risk management systems. It is generic and independent of any specific industry or economic sector. The design and implementation of the risk management system will be influenced by the varying needs of an organization, its particular objectives, its products and services, and the processes and specific practices employed. This Standard should be applied at all stages in the life of an activity, function, project, product or asset. The maximum benefit is usually obtained by applying the risk management process from the beginning. Often a number of discrete studies are carried out at different times, and from strategic and operational perspectives. The process described here applies to the management of both potential gains and potential losses. 1.2 Objective The objective of this Standard is to provide guidance to enable public, private or community enterprises, groups and individuals to achieve a more confident and rigorous basis for decision-making and planning; better identification of opportunities and threats; gaining value from uncertainty and variability; pro-active rather than re-active management; more effective allocation and use of resources; improved incident management and reduction in loss and the cost of risk, including commercial insurance premiums; improved stakeholder confidence and trust; improved compliance with relevant legislation; and better corporate governance. Copyright 1

The remainder of this document is available for purchase online at www.saiglobal.com/shop SAI Global also carries a wide range of publications from a wide variety of Standards Publishers: Click on the logos to search the database online.

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback