IMPLEMENTATION OF AN ENTERPRISE-WIDE RISK MANAGEMENT FRAMEWORK Stuart Lovell Manager HR and Risk Glenorchy City Council THE RISK MANAGEMENT JOURNEY Insurance Driven OH&S and Public Liability focus Conducted “Business Risk Review” Identified the need to focus on Strategic Risk Strategic Risk Register Developed CMP Liability Audit Role of Risk Management Committee Risk Management Policy Risk Management Framework Audit and Risk Committee BUSINESS RISK REVIEW Initially conducted in 2001, operationally focussed. Register produced. Reviewed Register Annually. Conducted complete Risk Review in 2006 using Council’s Strategic Plan as reference. Risk Register Records Updated. Risk Review 2009 conducted using Risk Framework 2013 Framework and Register Reviewed STRATEGIC RISK Focus on Council’s Strategic Plan and key operational areas. Expanded understanding of types of risk – Environmental, public liability, OH&S, Industrial Relations, Financial Sustainability, Reputation, Emergency Management, Business Continuity, Social Responsibility Explore opportunities. Move from risk mitigation to value creation RISK REGISTER Centralised Separate sections to reflect organisational structure Allocation of resources, roles and responsibilities Dashboard reporting to give “real time” snapshot of risk mitigation strategies LIABILITY AUDIT Useful tool to introduce the concept of risk management Use of recommendations Focus of the Risk Management Committee Targeted Risk Appraisals RISK MANAGEMENT COMMITTEE Develop a charter including membership Move from operational to strategic focus Responsible for implementation of mitigation strategies from Risk Register Report ALL risk issues to ELT RISK MANAGEMENT POLICY Based on ISO 31000:2009 Relevant to the organisation Provides appropriate responsibility, resources and authority Outlines administrative structure to support policy and organisational responsibilities Ongoing process that requires regular review RISK MANAGEMENT FRAMEWORK Based on ISO 31000:2009 Establishing the context Identify risks Analyse and evaluate risks Treat and manage risks Monitor, review and reporting Communication and consultation Appropriate allocation of Resources AUDIT AND RISK COMMITTEE Governance function of Organisational Risk Management Provide independent assurance to Council on risk, control and compliance framework and external accountabilities Consists of 3 Aldermen and 2 independent members Meet at least 4 times per year CONCLUSION Risk Management is a journey Learn form mistakes Grasp opportunities Ongoing process Sound Management Tool