Implementation of an Enterprise-Wide Risk Management Framework

advertisement
IMPLEMENTATION OF AN
ENTERPRISE-WIDE RISK
MANAGEMENT FRAMEWORK
Stuart Lovell
Manager HR and Risk
Glenorchy City Council
THE RISK MANAGEMENT JOURNEY
Insurance Driven
 OH&S and Public Liability focus
 Conducted “Business Risk Review”
 Identified the need to focus on Strategic Risk
 Strategic Risk Register Developed
 CMP Liability Audit
 Role of Risk Management Committee
 Risk Management Policy
 Risk Management Framework
 Audit and Risk Committee

BUSINESS RISK REVIEW
Initially conducted in 2001, operationally
focussed.
 Register produced.
 Reviewed Register Annually.
 Conducted complete Risk Review in 2006 using
Council’s Strategic Plan as reference.
 Risk Register Records Updated.
 Risk Review 2009 conducted using Risk
Framework
 2013 Framework and Register Reviewed

STRATEGIC RISK
Focus on Council’s Strategic Plan and key
operational areas.
 Expanded understanding of types of risk –


Environmental, public liability, OH&S, Industrial
Relations, Financial Sustainability, Reputation,
Emergency Management, Business Continuity, Social
Responsibility
Explore opportunities.
 Move from risk mitigation to value creation

RISK REGISTER
Centralised
 Separate sections to reflect organisational
structure
 Allocation of resources, roles and responsibilities
 Dashboard reporting to give “real time” snapshot
of risk mitigation strategies

LIABILITY AUDIT
Useful tool to introduce the concept of risk
management
 Use of recommendations
 Focus of the Risk Management Committee
 Targeted Risk Appraisals

RISK MANAGEMENT COMMITTEE
Develop a charter including membership
 Move from operational to strategic focus
 Responsible for implementation of mitigation
strategies from Risk Register
 Report ALL risk issues to ELT

RISK MANAGEMENT POLICY
Based on ISO 31000:2009
 Relevant to the organisation
 Provides appropriate responsibility, resources
and authority
 Outlines administrative structure to support
policy and organisational responsibilities
 Ongoing process that requires regular review

RISK MANAGEMENT FRAMEWORK
Based on ISO 31000:2009
 Establishing the context
 Identify risks
 Analyse and evaluate risks
 Treat and manage risks
 Monitor, review and reporting
 Communication and consultation
 Appropriate allocation of Resources

AUDIT AND RISK COMMITTEE
Governance function of Organisational Risk
Management
 Provide independent assurance to Council on
risk, control and compliance framework and
external accountabilities
 Consists of 3 Aldermen and 2 independent
members
 Meet at least 4 times per year

CONCLUSION
Risk Management is a journey
 Learn form mistakes
 Grasp opportunities
 Ongoing process
 Sound Management Tool

Download