Chapter 2.6 – Risk Management

Home 9 Policy 9 Chapter 2.6 – Risk Management
Back to Policies & Procedures
[ivory-search id="40" title="AJAX Search Form"]

Purpose and Objectives ​

Our company’s philosophy towards risk is not to be unduly risk averse but to enable risks to be identified, discussed, mitigated and monitored in a balanced manner. Our company is committed to establishing and integrating our risk management systems and processes to support this philosophy without creating an unnecessary burden on the business.

Our company  recognises that risk management is a critical and integral part of good management and corporate governance practice and that, in relation to commercial strategy, an element of risk is inevitable and in some cases encouraged.

This policy supports a structured and focused approach to managing risk to complement the strategies adopted by our to achieve its corporate objectives, in order to increase confidence and enhance the value the company provides to its stakeholders.

To help ensure the strength of our company’s decision-making processes:

  • a full risk assessment must be completed by the Risk Management Committee, and the completed Risk Assessment must be considered by the company before any resolution is voted on by our company for all activities where the whole-of-life costing may exceed costing indicator.

The principles behind this policy are based on ISO 31000:2009 Risk Management – Principles and guidelines.

Our Company is committed to:

  • Behaving as a responsible corporate citizen protecting employees, clients, contractors, visitors and the general public from injury and unnecessary loss or damage;
  • Achieving its business objectives by minimising or eliminating the impact of risks it can realistically control;
  • Creating an environment where all our company’s employees will take responsibility for managing risk (by developing and maintaining a strong risk management culture)

Scope

This policy and procedure govern the entire scope of activities and duties performed by employees of our company.

Policy Statement

Our company  will apply a risk management framework which will:

  • Incorporate a consistent, systematic process to identify, analyse, mitigate and monitor the key strategic, operational, financial, environmental and compliance risks impacting on the company;
  • Align risk management with business objectives identified in our company’s corporate and operational plans;
  • Integrate and align existing risk systems to ensure no duplications or overlap;
  • Ensure integration of information systems used for reporting on risk to enable aggregation and reporting at a corporate level;
  • Allow the necessary controls and policies to be implemented to deliver an appropriate approach to governance and best practice;
  • Will embed a culture of risk management throughout the company.

Our company‘s risk management processes are based on the following key risk activities:

  • Risk Identification: identify all reasonably foreseeable risks associated with its activities, using the agreed risk methodology detailed in the company’s risk protocols.
  • Risk Evaluation: evaluate those risks using the agreed Council criteria.
  • Risk Treatment / Mitigation: develop mitigation plans for risk areas where the residual risk is greater than our tolerable risk levels.
  • Risk Monitoring and Reporting: report risk management activities and risk-specific information in accordance with the risk protocols. ​

Procedure

The scope of the work undertaken by all of these functions and the reviews by external agencies will be considered in conjunction with our company’s risk profile at least annually. This will assess the independent monitoring of key risk areas within the company’s risk profile. The WHS Act (and Regulations) requires:

  • Persons who have a duty to ensure health and safety to manage risks by eliminating health and safety risks so far as is reasonably practicable, and if it is not reasonably practicable to do so, to minimise those risks so far as is reasonably practicable.
  • Consultation so far as is reasonably practicable with workers who carry out work or are likely to be directly affected by a work health and safety matter.
  • If the workers are represented by an HSR the consultation must involve the HSR.
  • Consultation, co-operation and co-ordination of activities with all other persons who have a work health or safety duty in relation to the same matter, so far as is reasonably practicable (e.g. other PCBUs, workplace management).
  • The Directors shall through the Management Committee and workplace consultation establish a complete hazard and risk identification audit. Supervisors and the Safety Coordinator shall meet and consult with their workers and HSRs. Each division of the company shall document all hazards within their area of work eg office workers shall meet to discuss hazards and risk assessment in their office. Supervisors should use the approved Hazard register.
  • After identifying all hazards the Management Committee will use ‘Log a Hazard’. The outcomes of the hazard identification and risk assessment will then be considered (refer Code of Practice – How to Manage Work Health and Safety Risks). In risk assessment consider not only regular work hours and processes but after hours or emergency situations.

Five Basic Steps to Risk Management

  • Identify hazard – what could cause harm
  • Assess risks that may result because of the hazards and the likelihood of occurrence
  • Decide on the most effective control measures (reasonably practicable in the circumstances) to prevent or minimise the level of risk
  • Implement control measures
  • Monitor and review the effectiveness of measures – ensure they are working as planned

Control Measures

Control measures are used to manage exposure to identified risks. The ‘Hierarchy of Control’ for risk should be used with 5 Level controls being used as a last resort.

  • Level 1 - Eliminate the hazard
  • Level 2 - Substitute the hazard with something safer (less hazardous substance, process or equipment)
  • Level 3 – Isolate the hazard from people / Reduce the risks through engineering controls (redesigning equipment or work processes)
  • Level 4 - Reduce exposure to the hazard using administrative actions (detailed rules or restrictions)
  • Level 5 – Use appropriate PPE

Recording of Outcomes

Th​​e next step is to record the outcomes or decisions. These decisions will be included in the System Manual, in the Management System Register, and then the Manual amended to include changes to procedures.

Con​​siderations for Training

Efficient us​e of equipment and personnel, risk management identification, hazards, controls, monitor and review.

Amendments to Policy

A work procedure should be written for all hazardous or high-risk activity. It may be a Risk Assessment and state control measures or be a detailed document that provides step by step procedures.

These work procedures shall be included in the construction safety plan and referred to the Management Committee as potential policy changes.

This policy and organisation’s risk management framework will be reviewed at least annually by our company’s Management Team to review their effectiveness and to ensure their continued application and relevance.

Responsibilities

  • Our company adopts this policy and retains the ultimate responsibility for risk management and for determining the appropriate level of risk that it is willing to accept in the conduct of the company’s business activities. Our company will review the effectiveness of the risk management systems.
  • Chief Executive Officer - is responsible for identifying, evaluating and managing risk in accordance with this policy through a formal enterprise-wide risk management framework. Formal risk assessments must be performed at least once a year as part of the business planning and budgeting process.
  • Management Team - is responsible for the accuracy and validity of risk information reported to the company. In addition, it will ensure clear communication throughout company of the company’s and senior management’s position on risk.
  • Employees - are responsible for management of risks within their areas of responsibility as determined under any risk treatment plans. Employees will be responsible for the timely completion of activities contained within these risk treatment plans. Awareness sessions will be conducted routinely to ensure that employees are familiar with risk management and how it is applied within the organisation.
  • Risk Monitoring - Our company utilises a number of functions, including its Risk and Audit Committee, to perform independent and objective monitoring over its risk areas, including if necessary, conducting reviews over Council’s operations and risk areas by external agencies.

Documentation

Integrat​​ed Risk Management System