On December 15th 2014, our small
unassuming office building suddenly came under threat, threat of entirely
unexpected type.
We turned on our computers and became glued
to the social media live updates, Youtube clips and news pieces flooding our
screens…
Our office was by Martin Place. The threat
was terrorism.
Risks to your business can exist anywhere
and it can be hard to predict when and in what form they will occur.
Mitigating risk is a vital part of any business,
and planning for risks well in advance is often the most effective way to do
this.
Hear 6 hot tips from our 3rd Annual Australian Risk Management Summit speakers on how to strengthen your risk management
strategy
Bettina McMahon
Head of Risk and Assurance
National E-Health Transition Authority (NEHTA)
Innovative
organisations don’t view risk management as a ‘framework’, but as lens on what
level of risk they need to take to deliver their strategic objectives. The
output isn’t a risk register, it’s an increased appetite to take calculated
risks and manage potential consequences.
2. Every management decision is underpinned by an
understanding of ‘acceptable’ risk
Formally defining a
risk appetite embeds risk taking into corporate culture. It articulates the
level of risk we’re comfortable taking, and aligns everyone’s risk tolerance.
The right level of risk taking then becomes part of the organisation’s DNA.
3. Risk controls span more parts of the
organisation than you think
Risks are managed by a
management plan (we’re all familiar with this) but also a range of other
controls; corporate structure, resource allocation, legal contracts, insurance,
and cash reserves. Seeing controls holistically gives an executive comfort that
a risky decision is moderated on many levels.
Tony Pooley
Associate Professor Risk Management
University of South Australia
Associate Professor Risk Management
University of South Australia
4. Set the expectations
from the very top.
If the Audit and Risk Committee of the
Board don't specify how they want to see risk reported to them, how can they
effectively overview the health of the business? For example, do the
Board want risk reported by value chain components or by region, on qualitative
heat maps or quantified bar charts, with Social and Financial risks assessed in
a common manner or differently? Should risks above a certain consequence
level be assessed differently to other risks? etc.
5. Define how you are going
to demonstrate cost/benefit in detail if you are using qualitative
risk assessment.
For example, many risk guidance documents
behind qualitative assessments use factor of 5 or 10 for likelihood steps which
means the risk may have to be cut by 80 or 90% to drop down a level - and not
many risk treatment plans can come close to achieving this so there is little
point in measuring benefit in terms of changing the qualitative rating.
Failure to tackle this tricky task for the organisation leads to entirely subjective
decisions, usually resulting in waste and sometimes in disaster.
6. Consider two levels of risk assessment
One for the majority of risks but a more in
depth methodology for high consequence events and for events that exceed a
pre-set level of risk rating from the lower level of assessment. Its a
simple fit-for-purpose situation where using too light a methodology for
everything will cause you to miss important weaknesses and too heavy will
consume excessive resources for little additional reward.
Luana comes from an experienced production
and management background. She has produced and topic generated events across
Asia and Australia.
Luana enjoys learning about emerging trends and drivers for change and loves the notion of the 'butterfly effect'- that change can start small but grow immeasurably through a ripple effect.
Luana enjoys learning about emerging trends and drivers for change and loves the notion of the 'butterfly effect'- that change can start small but grow immeasurably through a ripple effect.
No comments :
Post a Comment