Risk Management 101 Tom Dixon (Bright Consulting) ANU Risk Management Matrix Consequence Minor Moderate Major Catastrophic (1) (2) (3) (4) M-4 H-8 E-12 E-16 M-3 M-6 H-9 E-12 L-2 M-4 M-6 E-8 L-1 L-2 M-3 M-4 Almost Certain Likelihood (4) Likely (3) Possible (2) Unlikely (1) Likelihood Title Almost Certain Probability Historical >50% Is expected to occur in most circumstances Likely 25% –50% Will probably occur in most circumstances Possible 5% – 25% Might occur at some time in the future Unlikely <5% May only occur in exceptional circumstances Consequence Risk Minor Moderate Major Catastrophic (1) (2) (3) (4) Scrutiny required by internal committees or internal audit to prevent escalation. Scrutiny required by external committees or ACT Auditor General’s Office, or inquest, etc. Intense public, political and media scrutiny. E.g. front page headlines, TV, etc. Assembly inquiry or Commission of inquiry or adverse national media. Financial 2.5% of Budget > 5% of Budget > 10% of Budget >25% of Budget Safety and Minor injuries / first aid required First aid and ongoing medical treatment. Probable lost time. Extensive injuries/ possible multiple injuries. Single Fatality Multiple Fatality Minor damage. Loss of operation no more than 1 day. Significant damage to assets. Loss of operation between 1 day to 1 week. Compliance Minor breach of statue or regulation. Formal warning from regulator. Schedule 2.5% of Duration > 5% of Duration Category Reputation & Image Injury Operational Loss Major damage to assets. Loss of operations between 1 week and 1 month. Suspension of activity and prosecution/ financial penalty. > 10% of Duration Significant loss of assets. Loss of operations > 1 month. Prosecution, financial penalty, cessation of activity. >25% of Duration Ratings Rating Required Action Low Acceptable: Unlikely to require specific application of resources; manage by routine procedures. Monitor and review. Medium Acceptable: Unlikely to cause much damage and/or threaten the efficiency and effectiveness of the program/activity; treatment plans to be developed and implemented by operational managers. Manage by specific monitoring or response procedures. High Generally not acceptable: Likely to cause some damage, disruption or breach of controls. Senior management attention needed and management responsibility specified; treatment plans to be developed and reported to PVC/Executive Director or ViceChancellor. Extreme Not acceptable: Likely to threaten the survival or continued effective function of the program or the organisation, either financially or politically. Immediate action required; must be managed by senior management with a detailed treatment plan reported to PVC/Executive Director, Vice-Chancellor and Council. Hypothetical Project • A camping trip… Camping Trip Details • Four people attending (Chris, James, Sarah and Meg) • Chris is managing the trip, however everybody has been assigned responsibilities • Two day trip in July 2013 • Kosciuszko National Park, NSW • Nobody in the group has ever camped before • $400 budget • Desired outcome is a relaxing weekend Management Strategies Strategy Description Avoid Eliminate, withdraw from or not become involved Mitigate Mitigate Transfer Outsource or insure Accept Accept and budget Risk Register Item Description ID# Identification number of the risk Title Title of the risk Description Description of the risk Impact Impact of the risk if it is realised Assigned To Individual/area that will be managing the risk Status Status of the risk (open, deferred, closed) Cost/Exposure Cost if the risk is realised Due Date Due date for action or anticipated date that the risk will be realised Risk Category Categorisation of the risk (reputation and image, financial, safety and injury, operational loss, compliance or schedule. Likelihood Likelihood of the risk occurring (unlikely, possible, likely or almost certain) Consequence Consequence of the risk occurring (minor, moderate, major, catastrophic) Risk Calculation Risk calculation as per the ANU Risk Matrix Risk Strategy The risk management strategy taken (avoid, mitigate, transfer or accept) Mitigation Plan Actions that are planned to mitigate the risk Mitigation Cost The cost of the mitigation plan Contingency Plan What actions will be taken if the risk still occurs despite the mitigation strategies Owner Who’s overseeing the management the risk Revised Likelihood The revised likelihood of the risk occurring after consideration of the mitigation plan Revised Consequence The revised consequence of the risk occurring after consideration of the mitigation plan Revised Risk Calculation The revised risk calculation as per the ANU Risk Matrix