December 2009
LORD HOWE ISLAND BOARD
RISK MANAGEMENT POLICY
Contents
Page
Introduction
1
Objectives
2
Scope and application
2
Definitions
2
Relevant legislation or other mandating instruments
2
Policy
3
3
3
4
Key principles
Responsibilities
Risk tolerance
Related policies and other documents
4
Appendices
A
Definitions
4
Introduction
1.
The Lord Howe Island Board (LHIB) operates in demanding physical, environmental, social and
business contexts and faces a diverse and complex array of issues. In this situation, effective
management of risk is critical to the achievement of our corporate goals and an important
element of our corporate governance.
2.
Risk management involves informed and responsible risk taking; it is not only about risk
avoidance. A systematic risk management approach fosters creativity and innovation as well
as controlling and mitigating unacceptable risk.
3.
Effective risk management is achieved by systematically identifying and assessing risks to the
achievement of objectives, and thoughtfully assessing options for dealing with each risk
before deciding what to do.
4.
The risk management policy set out in this document is intended to help ensure risk in LHIB is
managed systematically, efficiently and effectively. The LHIB’s risk management policies and
procedures are based on the Australian/New Zealand Risk Management Standard, and so are
consistent in their approach and methodology.
Page 1 of 5
December 2009
Objectives
5.
The objectives of LHIB’s risk management policy is to:
(i.)
make risk management an integral part of LHIB’s business planning and performance
monitoring processes.
(ii.)
encourage systematic identification and assessment of risk to inform and improve
decision making processes at all levels.
(iii.)
provide openness and transparency in decision-making and ongoing management
processes.
(iv.)
promote a culture of continuous improvement in the management of risk across the
organisation.
(v.)
encourage and support a proactive approach to the identification and management of
strategic and operational issues throughout the organisation.
(vi.)
improve integration and coordination of risk management practices in LHIB.
Scope and application
6.
This policy applies to all LHIB staff and management processes. The management processes
to which this policy relates include strategic and business planning, policy development,
project management, and decision making at both strategic and operational levels.
Definitions
7.
Risk is the chance of something happening that will have an impact on objectives.
8.
Risk management is the culture, processes and structures directed towards realising potential
opportunities whilst managing adverse effects.
9.
Definitions of other terms used in relation to risk management are listed at Appendix A.
Relevant legislation and other mandating instruments
10.
The most explicit legislative requirement for management of risk is established by the
Occupational Health and Safety Act 2000 and associated regulations.
11.
Other legislative obligations for management of risk arise under the Civil Liability Act 2002 and
the Rural Fires Act 1997.
12.
There is no specific legislative requirement that NSW government agencies implement general
risk management, although Section 11 of the Public Finance and Audit Act requires the heads
of government agencies to ensure there is an effective system of internal control over the
financial and related operations of the agency. However Government’s expectation that
agencies will undertake systematic management of risk has been clearly established, through
for example:

the NSW Treasury Policy and Guidelines Paper TPP 97/3 which requires all NSW
agencies to focus on continuous improvement of their service provision, including
through adoption of a risk management framework responsive to the agency’s changing
environment and supported by an effective system of internal controls.
Page 2 of 5
December 2009

the NSW Treasury Circular 04/09: Total Asset Management Policy and Guidelines, which
places significant emphasis on risk management.

the Annual Reports (Departments) Regulation 2005 under which agencies are required
to report on their risk management activities. Treasury Circular 06/21 makes clear that
this means reporting on risk management practices in the context of the
Australian/New Zealand Standard for Risk Management.
Policy
KEY PRINCIPLES
13.
14.
LHIB is committed to efficiently and effectively managing risks to the achievement of our
strategic, management and operational objectives, to:
(a)
protect life, property, and environmental values, both natural and cultural;
(b)
minimise losses and take advantage of opportunities in all areas of our operations;
(c)
improve and maintain the quality of our decision making; and
(d)
enhance our capacity to influence and support the community.
To this end, LHIB will:
(i.)
systematically identify, assess, treat and monitor risk in accord with Australian/New
Zealand Standard AS/NZS 4360 and best practice guidelines published by the National
Audit Office, NSW Audit Office and NSW Treasury.
(ii.)
conduct a strategic corporate risk assessment every three years to inform development
of our management plans, specific risk control strategies, and audit and compliance
program.
(iii.)
establish a risk management program that:
(a)
determines and communicates authorities, accountabilities and responsibilities of
all staff;
(b)
provides for appropriate training and resourcing;
(c)
covers the full range of risks that require management;
(d)
uses risk assessment criteria consistently throughout the organisation;
(e)
facilitates the systematic, structured identification and assessment of risks;
(f)
formalises action planning and review; and
(g)
enables LHIB to demonstrate that all significant risks are being diligently
managed, with the risk treatment proportional to the risk and the selection of
treatment options taking into account relevant factors such as feasibility, cost
and effectiveness.
RESPONSIBILITIES
15.
Every LHIB staff member has a responsibility to contribute to the risk management process:
(i.) by identifying, reporting and/or managing risks;
(ii.) by encouraging and supporting other LHIB staff in identifying, reporting and/or
managing risks; and
(iii.) by complying with LHIB policies and procedures designed to address particular types of
risk.
Page 3 of 5
December 2009
16.
In addition, LHIB expects that contractors and consultants employed to do work in, or on
behalf of, the agency will also contribute to the risk management process by identifying,
reporting and/or managing risks and by complying with LHIB policies and procedures.
Contract conditions are to include specific provisions in relation to risk management.
RISK TOLERANCE
17.
18.
LHIB accepts that not all risks can be controlled, and that resource constraints can limit our
capacity to control risks. However, LHIB will seek over time to minimise risks to the
achievement of our strategic, management and operational objectives. In doing this, our
approach will be informed by the following principles:
(i.)
Priority will always be given to the protection of life and property, consistent as far as
possible with the protection of environmental values, both natural and cultural.
(ii.)
Risks will be treated in accordance with their rating, with risks rated as extreme being
addressed first, followed as resources permit by those rated high, then medium and
lastly low.
(iii.)
Action to reduce or control risks rated as extreme will commence immediately
management becomes aware of the assessed risk level, while action to address risks
rated as high will commence as soon as practicable.
(iv.)
In managing risk, LHIB seeks to ensure that any reasonably foreseeable risk of the type
which could give rise to a claim for civil liability is actively assessed and managed.
Through its regular and systematic risk assessment processes, and this clear statement of risk
tolerance, LHIB seeks to continue to foster creativity and innovation while at the same time
ensuring that unacceptable risk is controlled and risk taking within the agency is informed and
responsible.
Related documents and further reading
Additional information on managing risk is available from the following sources:

Australian/New Zealand Risk Management Standard AS/NZS 4360:2004 – Standards Australia,
2004.

Treasury Managed Fund – Guide to Strategic Risk Assessment – Parts 1& 2 2005.

Treasury Managed Fund – Guide to Operational Risk Assessment – Parts 1& 2 2005.

NSW Treasury - Risk Management and Internal Controls Toolkit - TTP97–3, 1997.

HM Treasury - The Orange Book Management of Risk – Principles and Concepts, 2004.
Appendix A
LHIB Risk Management Glossary
Adapted from AS/NZS 4360:2004
Consequence
Outcome or impact of an event
Control
An existing process, policy, device, practice or other action that acts to minimise
negative risk or enhance positive opportunities
Event
Occurrence of a particular set of circumstances
Frequency
Measure of the number of occurrences per unit of time
Page 4 of 5
December 2009
Hazard
A source of potential harm
Likelihood
Used as a general description of probability or frequency
Loss
Any negative consequence, financial or otherwise
Monitor
To check, supervise, observe critically, or measure the progress of an activity,
action or system on a regular basis in order to identify change from the
performance level required or expected
Mitigation
Action taken to reduce or moderate an unwanted consequence, to lessen its
intensity, force or frequency
Probability
Likelihood of a specific event or outcome occurring within a designated timeframe
Remediation
The remedying of a deficiency, especially applied to controlling or minimising
hazards
Residual risk
Risk remaining after implementation of risk treatment
Risk
The chance of something happening that will have an impact on objectives
Risk analysis
Systematic process to understand the nature of and to deduce the level of risk.
Risk assessment
Overall process of risk identification, risk analysis and risk evaluation
Risk avoidance
A decision not to become involved in, or to withdraw from, a risk situation
Risk criteria
Terms of reference by which the significance of risk is assessed
Risk evaluation
Process of comparing the level of risk against risk criteria
Risk identification
Process of determining what, where, when, why and how something can happen
Risk management
Culture, processes and structures that are directed towards realising potential
opportunities whilst managing adverse effects
Risk
management Set of elements of an organisation’s management system concerned with
framework
managing risk
Risk
management Systematic application of management policies, procedures and practices to the
process
tasks of communicating, establishing the context, identifying, analysing,
evaluating, treating, monitoring and reviewing risk
Risk reduction
Actions taken to lessen the likelihood, negative consequences, or both, associated
with a risk.
Risk register
A record of risks, to which new risks are added as they are identified and from
which other risks are removed once they have been satisfactorily addressed
Risk retention
Acceptance of the burden of loss, or benefit of gain, from a particular risk
Risk sharing
Sharing with another party the burden of loss, or benefit of gain, from a particular
risk
Risk tolerance
The levels of risks that management deems acceptable
Risk treatment
Process of selection and implementation of measures to modify risk
Page 5 of 5