![Page 1: Appendix H: Risk training slides (sample). What is Risk? “ Risk is the effect of uncertainty on objectives ” AS/NZS ISO31000:2009](https://reader034.vdocuments.site/reader034/viewer/2022051614/551b4247550346dd1a8b5744/html5/thumbnails/1.jpg)
Appendix H:
Risk training slides (sample)
![Page 2: Appendix H: Risk training slides (sample). What is Risk? “ Risk is the effect of uncertainty on objectives ” AS/NZS ISO31000:2009](https://reader034.vdocuments.site/reader034/viewer/2022051614/551b4247550346dd1a8b5744/html5/thumbnails/2.jpg)
What is Risk?
“Risk is the effect of uncertainty on objectives ”
AS/NZS ISO31000:2009
![Page 3: Appendix H: Risk training slides (sample). What is Risk? “ Risk is the effect of uncertainty on objectives ” AS/NZS ISO31000:2009](https://reader034.vdocuments.site/reader034/viewer/2022051614/551b4247550346dd1a8b5744/html5/thumbnails/3.jpg)
Risk Management
Risk Management is the process of
identifying, analysing and
evaluating risks with a view to
ensuring the effective management
of potential opportunities while
reducing or avoiding adverse
effects.
![Page 4: Appendix H: Risk training slides (sample). What is Risk? “ Risk is the effect of uncertainty on objectives ” AS/NZS ISO31000:2009](https://reader034.vdocuments.site/reader034/viewer/2022051614/551b4247550346dd1a8b5744/html5/thumbnails/4.jpg)
Risk Management Framework
Provides:
Systematic approach to risk identification & management.
Consistent risk assessment criteria.
Accurate and concise risk information, for decisions.
Cost effective and efficient risk treatment strategies.
Ensure risk exposure remains within acceptable level.
![Page 5: Appendix H: Risk training slides (sample). What is Risk? “ Risk is the effect of uncertainty on objectives ” AS/NZS ISO31000:2009](https://reader034.vdocuments.site/reader034/viewer/2022051614/551b4247550346dd1a8b5744/html5/thumbnails/5.jpg)
Risk Management Framework
![Page 6: Appendix H: Risk training slides (sample). What is Risk? “ Risk is the effect of uncertainty on objectives ” AS/NZS ISO31000:2009](https://reader034.vdocuments.site/reader034/viewer/2022051614/551b4247550346dd1a8b5744/html5/thumbnails/6.jpg)
Risk Management: Benefits
Increase likelihood of achieving objectives
Improve quality of care
Protect staff, assets, property and reputation
Performance consistent with values
Support better business decision making
Meet compliance and government requirements
![Page 7: Appendix H: Risk training slides (sample). What is Risk? “ Risk is the effect of uncertainty on objectives ” AS/NZS ISO31000:2009](https://reader034.vdocuments.site/reader034/viewer/2022051614/551b4247550346dd1a8b5744/html5/thumbnails/7.jpg)
Prevention is better than the cure…
Risk management is a proactive attempt to identify
potential risks and incidents before they happen in
order to develop prevention and response strategies.
![Page 8: Appendix H: Risk training slides (sample). What is Risk? “ Risk is the effect of uncertainty on objectives ” AS/NZS ISO31000:2009](https://reader034.vdocuments.site/reader034/viewer/2022051614/551b4247550346dd1a8b5744/html5/thumbnails/8.jpg)
Establish the Context
This involves the identification of objectives, legislative and policy requirements and stakeholder expectations.
Strategic Operations Knowledge People & Culture Information Technology Financial
![Page 9: Appendix H: Risk training slides (sample). What is Risk? “ Risk is the effect of uncertainty on objectives ” AS/NZS ISO31000:2009](https://reader034.vdocuments.site/reader034/viewer/2022051614/551b4247550346dd1a8b5744/html5/thumbnails/9.jpg)
Audits or physical inspections Brainstorming/Workshops Incident and adverse outcome analysis Claims analysis Personal organisational experience Focus group discussion
Identify Risks
Risk identification is a process of determining what can happen and how it can happen.
![Page 10: Appendix H: Risk training slides (sample). What is Risk? “ Risk is the effect of uncertainty on objectives ” AS/NZS ISO31000:2009](https://reader034.vdocuments.site/reader034/viewer/2022051614/551b4247550346dd1a8b5744/html5/thumbnails/10.jpg)
Risk Categories
The organisation categorises risks according to the following risk categories:
Strategic
Financial
Operational
etc.
![Page 11: Appendix H: Risk training slides (sample). What is Risk? “ Risk is the effect of uncertainty on objectives ” AS/NZS ISO31000:2009](https://reader034.vdocuments.site/reader034/viewer/2022051614/551b4247550346dd1a8b5744/html5/thumbnails/11.jpg)
Typical Governance Structure
CEO
Audit and Risk Committee
Executive Team
Divisions / Service Areas
Staff
‘Risk Management Unit’
Board
![Page 12: Appendix H: Risk training slides (sample). What is Risk? “ Risk is the effect of uncertainty on objectives ” AS/NZS ISO31000:2009](https://reader034.vdocuments.site/reader034/viewer/2022051614/551b4247550346dd1a8b5744/html5/thumbnails/12.jpg)
VICTORIAN MANAGED INSURANCE AUTHORITY
Your Role: Annual
Approve risk appetite & tolerances Approve risk escalation & reporting protocols Approve policy, strategy & procedureReview corporate risk profile Determine resource allocation
Review & update corporate risk profile Set risk adjusted business strategies
Integrate risk ID into business planning Set risk adjusted corporate strategyDefine risk appetite & tolerances Review & update corporate risk profile Ensure stakeholders are informed
Review Strategy, process, proceduresRecommend approval or corporate risk profile Assess own performance Ensure stakeholders are informed Understand evolving practices in risk management oversight
RM Executive Committee
General Managers Chief Executive Officer Audit & Risk Committee
![Page 13: Appendix H: Risk training slides (sample). What is Risk? “ Risk is the effect of uncertainty on objectives ” AS/NZS ISO31000:2009](https://reader034.vdocuments.site/reader034/viewer/2022051614/551b4247550346dd1a8b5744/html5/thumbnails/13.jpg)
VICTORIAN MANAGED INSURANCE AUTHORITY
Your Role: Ongoing
Monitor high risks & controls Monitor implementation of RM StrategyMonitor professional & industry body pronouncements & changes Monitor new business activities & changes
Ensure risks are identified, managed and monitoredOversee staff risk management techniquesAssume accountability for capital expenditures Support risk management framework & procedures Communicate risk management Promote integration of risk management
Monitor high risks & controls Monitor effectiveness of controls Promote risk management culture
Influence strategic directionMonitor high risks & controls Review risks not subject to internal audit
RM Executive Committee
General Managers Chief Executive Officer
Audit & Risk Committee
![Page 14: Appendix H: Risk training slides (sample). What is Risk? “ Risk is the effect of uncertainty on objectives ” AS/NZS ISO31000:2009](https://reader034.vdocuments.site/reader034/viewer/2022051614/551b4247550346dd1a8b5744/html5/thumbnails/14.jpg)
Risk Register
RefThe Risk
What & How
Consequences of an event
happeningControl
Adequacy of existing controls
Residual Risk
Possible treatment options
10 Staff member
assaulted by patient while on
home visit
![Page 15: Appendix H: Risk training slides (sample). What is Risk? “ Risk is the effect of uncertainty on objectives ” AS/NZS ISO31000:2009](https://reader034.vdocuments.site/reader034/viewer/2022051614/551b4247550346dd1a8b5744/html5/thumbnails/15.jpg)
Analyse and Evaluate Risks
Taking into account current controls and their effectiveness
Risks are measured and assessed against two key criteria:
The likelihood of the event occurring. The consequence or impact of an adverse event.
The likelihood and consequence tables need to be tailored to the size and nature of the entity.
![Page 16: Appendix H: Risk training slides (sample). What is Risk? “ Risk is the effect of uncertainty on objectives ” AS/NZS ISO31000:2009](https://reader034.vdocuments.site/reader034/viewer/2022051614/551b4247550346dd1a8b5744/html5/thumbnails/16.jpg)
Likelihood TableRating Name Definition *
1 Rare 1 in 5 years
2 Unlikely
3 Possible
4 Probable
5 Nearly Certain
1 per month
*Insert own scales
Rating Name Definition (example financial metrics)*
1 Insignificant None or small financial expense
2 Minor Unbudgeted expense
3 Moderate Significant budget impact
4 Major Major budget impact/loss
5 Catastrophic Unlikely to recover from financial impact
Consequence Table
Likelihood and Consequence rating scales
![Page 17: Appendix H: Risk training slides (sample). What is Risk? “ Risk is the effect of uncertainty on objectives ” AS/NZS ISO31000:2009](https://reader034.vdocuments.site/reader034/viewer/2022051614/551b4247550346dd1a8b5744/html5/thumbnails/17.jpg)
Risk Rating Scales: Likelihood
LIKELIHOOD
Level Detailed description
5 Frequent The event is very likely to occur within a month
4 Likely The event will probably occur within 6 months
3 Occasionally The event could occur this year (12 months)
2 Unlikely The event could occur between 1-5 years
1 Rare The event may possibly occur, but unlikely at a frequency less than 5 yearly
![Page 18: Appendix H: Risk training slides (sample). What is Risk? “ Risk is the effect of uncertainty on objectives ” AS/NZS ISO31000:2009](https://reader034.vdocuments.site/reader034/viewer/2022051614/551b4247550346dd1a8b5744/html5/thumbnails/18.jpg)
Risk Treatment Options
ACCEPT - Accept the level of risk
REDUCE - Reduce the likelihood or consequence via
improved control, contingency
planning TRANSFER - Shift responsibility to
external party (e.g. insurance)
AVOID - Do not proceed with the activity
OP
TIO
NS
![Page 19: Appendix H: Risk training slides (sample). What is Risk? “ Risk is the effect of uncertainty on objectives ” AS/NZS ISO31000:2009](https://reader034.vdocuments.site/reader034/viewer/2022051614/551b4247550346dd1a8b5744/html5/thumbnails/19.jpg)
Risk Treatment
Treatment Options: Accept Reduce Transfer Avoid
![Page 20: Appendix H: Risk training slides (sample). What is Risk? “ Risk is the effect of uncertainty on objectives ” AS/NZS ISO31000:2009](https://reader034.vdocuments.site/reader034/viewer/2022051614/551b4247550346dd1a8b5744/html5/thumbnails/20.jpg)
Controls
Identify controls that are in place Assess control effectiveness
EffectiveIndicates minimal net risk currently due to excellent risk
management/control in place, tested and monitored
Good Indicates good risk management, generally in accordance with Australian and/or Industry Standards or practice, but an opportunity
for refinement exists to reduce risk further
FairIndicates a need for risk improvement, or that risk controls are
presently being developed but are not fully in place and tested as yet
Poor Indicates risk controls have not yet been developed and a significant lack of risk control exists, thus where application of risk management
is required as a matter of priority
![Page 21: Appendix H: Risk training slides (sample). What is Risk? “ Risk is the effect of uncertainty on objectives ” AS/NZS ISO31000:2009](https://reader034.vdocuments.site/reader034/viewer/2022051614/551b4247550346dd1a8b5744/html5/thumbnails/21.jpg)
Risk Analysis – Likelihood/Consequence
Insignificant1
Minor2
Moderate3
Major4
Catastrophic5
Nearly Certain 5
S S H H H
Probable 4 M S S H H
Even Chance 3 L M S H H
Unlikely 2 L L M S H
Rare 1 L L M S S
L = Low S = Significant
M = Medium H = High
![Page 22: Appendix H: Risk training slides (sample). What is Risk? “ Risk is the effect of uncertainty on objectives ” AS/NZS ISO31000:2009](https://reader034.vdocuments.site/reader034/viewer/2022051614/551b4247550346dd1a8b5744/html5/thumbnails/22.jpg)
Risk Escalation
Risk Score(Severity)
Recommended Action
Extreme Immediate action required
High High priority action required
Moderate Develop procedures to manage risk
LowRisk monitoring: Check risk causes, develop
contingency plans
![Page 23: Appendix H: Risk training slides (sample). What is Risk? “ Risk is the effect of uncertainty on objectives ” AS/NZS ISO31000:2009](https://reader034.vdocuments.site/reader034/viewer/2022051614/551b4247550346dd1a8b5744/html5/thumbnails/23.jpg)
Risk Register
RefThe Risk
What & How
Consequences of an event happening
ControlAdequacy of
existing controls
Residual Risk
Possible treatment options
10 Staff member
assaulted by patient while on
home visit
L
Unlikely
2
C
Moderate
3
1. Staff trained to recognise violent situations
2. Staff all have mobile phones
GOOD LOW
Medium Rating
![Page 24: Appendix H: Risk training slides (sample). What is Risk? “ Risk is the effect of uncertainty on objectives ” AS/NZS ISO31000:2009](https://reader034.vdocuments.site/reader034/viewer/2022051614/551b4247550346dd1a8b5744/html5/thumbnails/24.jpg)
Key Organisational Risks
![Page 25: Appendix H: Risk training slides (sample). What is Risk? “ Risk is the effect of uncertainty on objectives ” AS/NZS ISO31000:2009](https://reader034.vdocuments.site/reader034/viewer/2022051614/551b4247550346dd1a8b5744/html5/thumbnails/25.jpg)
Questions????