Add to collection(s) Add to saved
  1. Business
  2. Management
  3. Project Management

PIRSA Risk Management Policy GO P 012

advertisement 
GO P 012
PIRSA RISK MANAGEMENT POLICY
PIRSA is committed to a high standard of risk management through the development and
implementation of a PIRSA Risk Management Framework specific to the agency’s business and
organisational context. Risk management extends to PIRSA’s contribution to the economic, social and
environmental objectives stated in South Australia’s Strategic Plan. All management and staff must take
responsibility for managing the risks in their areas of activity to enable the agency to achieve its
strategic outcomes and business objectives.
Document Control
Managed by: PIRSA Risk and Integrity
Contact
Responsible
Unit
position:
Barbara Payne
Approved by:
Manager, Risk and Integrity
Version:
PIRSA Executive
File & document CORP F2010/001086
person:
Contact
Manager, Risk and Integrity Date approved:
23 April 2012
1.2
number:
A1590124
Status:
Approved
Security
Public
position:
Contact
number:
(08) 8226 0237
Next review date: 23 April 2017
classification:
CONTENTS
1.
TITLE ............................................................................................................................................. 4
2.
POLICY STATEMENT ................................................................................................................... 4
3.
PURPOSE ..................................................................................................................................... 4
4.
SCOPE .......................................................................................................................................... 4
5.
OBJECTIVES ................................................................................................................................ 5
6.
POLICY DETAILS ......................................................................................................................... 5
6.1
Risk management framework ................................................................................................. 5
6.1.1
Risk management system .............................................................................................. 6
6.1.2
Strategic planning and risks ........................................................................................... 6
6.1.3
Risk management reporting and records management .................................................. 6
6.1.4
Risk registers .................................................................................................................. 7
6.1.5
Project management ...................................................................................................... 7
6.1.6
Risk management procedure.......................................................................................... 8
6.1.7
Fraud and corruption ...................................................................................................... 9
6.1.8
Work health safety and injury management ................................................................... 9
6.1.9
Protective security .......................................................................................................... 9
7.
ROLES AND RESPONSIBILITIES ................................................................................................ 9
8.
MONITORING, EVALUATION AND REVIEW............................................................................. 12
9.
DEFINITIONS AND ABBREVIATIONS ....................................................................................... 12
10.
ASSOCIATED DOCUMENTS ..................................................................................................... 14
11.
REFERENCES ............................................................................................................................ 15
APPENDIX A – ANNUAL RISK MANAGEMENT STATEMENT BY DIVISIONAL EXECUTIVE
DIRECTORS ................................................................................................................................ 16
APPENDIX B – PIRSA RISK MANAGEMENT FRAMEWORK ............................................................. 17
Pirsa Risk Management Policy
Page 2 of 18
Approved: 23 April 2013
Printed: 3:45 AM 17/02/2016
Security Classification: Public
Revision Record
Date
Version
Revision description
05/11/2012
0.2
Transcribing of content to meet PIRSA style guide requirements.
31/12/2012
0.3
Update to policy following consultation.
29/01/2013
0.4
Update for capture in Objective.
23/04/2013
1.0
Policy approved by PIRSA Executive.
22/08/2014
1.1
Policy updates to include references to the 1) PIRSA Fraud and Corruption 2) PIRSA Work health Safety and
Injury Management and 3) PIRSA Protective Security Policies.
02/12/2014
1.2
Policy updates approved by PIRSA Executive.
Pirsa Risk Management Policy
Page 3 of 18
Approved: 23 April 2013
Printed: 3:45 AM 17/02/2016
Security Classification: Public
1. TITLE
PIRSA Risk Management Policy GO P 012. This document is part of the PIRSA Risk Management
Framework.
2. POLICY STATEMENT
PIRSA is committed to a high standard of risk management through the development and implementation
of a PIRSA Risk Management Framework specific to the agency’s business and organisational context.
Risk management extends to PIRSA’s contribution to the economic, social and environmental objectives
stated in South Australia’s Strategic Plan. All management and staff must take responsibility for managing
the risks in their areas of activity to enable the agency to achieve its strategic outcomes and business
objectives.
3. PURPOSE
The purpose of this policy, its companion PIRSA Risk Management Procedure GO R 003 (this hyperlink is
accessible by SA Government employees only) and the PIRSA Risk Management Framework is to assist
management and staff in implementing good risk management practices; and to encourage decisions made
on the basis of good information rather than existing practice or anecdotal evidence. The policy may be
applied at all stages in the life of any activity or significant project or initiative; and can have application
across every activity within PIRSA.
The PIRSA Risk Management Framework is built on the Government of South Australia Risk Management
Policy Statement, Australian Business Excellence Framework and Government of South Australia High
Performance Framework. Its design reflects the principles and processes outlined in the AS/NZS ISO
31000 International Standard on Risk Management – Principles and Guidelines.
4. SCOPE
This policy applies to all employees in all divisions across PIRSA; and to contractors, consultants,
volunteers and any others who act on behalf of PIRSA.
It excludes risk assessments in relation to work health safety and injury management or PIRSAFE policies
or procedures. Such assessments are to be completed in accordance with the PIRSA Work Health Safety
Risk Management Procedure HR OHS&W R 002 (this hyperlink is accessible by SA Government
employees only).
Pirsa Risk Management Policy
Page 4 of 18
Approved: 23 April 2013
Printed: 3:45 AM 17/02/2016
Security Classification: Public
5. OBJECTIVES
The objectives of this policy are to:

commit the allocation of appropriate resources and actions to optimise opportunities and mitigate
threats

enable PIRSA to demonstrate that it is actively managing its risks

minimise exposure to financial losses and facilitate the protection of physical and intangible assets

minimise interruptions to services provided to the public

improve and increase community confidence in individual and agency performance

promote measured risk taking and effective management of risks

facilitate effective delivery of agency and divisional programs, and allocation and use of resources

deliver a high standard of customer service

ensure a high standard of accountability

enable creativity and innovation in management practice.
6. POLICY DETAILS
6.1 Risk management framework
PIRSA’s commitment to managing risks is vital to achieve the agency’s objectives. This will be achieved
through the implementation of the PIRSA Risk Management Framework. Although it is preferred to apply
the framework prior to commencement of an activity or significant project or initiative, it is able to be applied
at any stage of the life of any activity or significant project or initiative. The framework can also have
application across every activity within PIRSA.
A structured and transparent framework must be an integral part of everyday work, and is as much about
identifying opportunities for future improvements as avoiding or mitigating losses. Two diagrams explaining
the PIRSA Risk Management Framework are provided in Appendix B.
For more information on the process for identification, assessment, evaluation, control and mitigation of
risks within PIRSA, please refer to the PIRSA Risk Management Procedure GO R 003 (this hyperlink is
accessible by SA Government employees only).
Pirsa Risk Management Policy
Page 5 of 18
Approved: 23 April 2013
Printed: 3:45 AM 17/02/2016
Security Classification: Public
6.1.1
Risk management system
PIRSA uses the Advisor computer software package, developed by Methodware, to record and report on
risks, controls and treatments in a consistent manner. The system enables the development of tailored risk
models to review, assess, analyse, report and manage risks.
Use of the software is mandatory to record and report on risks throughout PIRSA.
6.1.2
Strategic planning and risks
Each division is required to conduct a formal annual review of their strategies, objectives, budgets and KPIs
with a view to identifying risks that may impede or block their achievement. Consideration should also be
given to legislative compliance reporting, changes to PIRSA requirements, recommendations by the PIRSA
Audit and Risk Management Committee and agency internal audit reports.
Identification, assessment, analysis, and treatment of divisional risks should be continuously monitored and
reviewed.
Risk management activities should support the PIRSA Annual Risk Management Statement by Divisional
Executive Director (refer to Appendix A) made by each divisional director, which will in turn support the
PIRSA Annual Risk Management Statement by the Chief Executive.
6.1.3
Risk management reporting and records management
Each stage of the risk management process must be documented. Documentation includes risk
assessments, assumptions, methods, data sources and results.
Risk management registers, templates, reports and other documentation and records for each stage of the
risk management process are to be captured, managed and kept in a business division file registered in the
PIRSA Objective EDRMS (under the relevant red function folder such as ‘Agency Governance’, ‘Biosecurity
Governance’, ‘Crops & Grains’ or ‘Financial Management’; and green ‘Risk Management’ activity folder
combination).
All information regarding the risk management process should be documented by use of the PIRSA Risk
Template (this hyperlink is accessible by SA Government employees only), with electronic data
subsequently transcribed and maintained in the PIRSA Methodware Advisor Risk Management System.
This includes supporting information and resources.
Pirsa Risk Management Policy
Page 6 of 18
Approved: 23 April 2013
Printed: 3:45 AM 17/02/2016
Security Classification: Public
6.1.4
Risk registers
Risks identified through the risk assessment process and completed PIRSA Risk Templates (this hyperlink
is accessible by SA Government employees only) will determine what risks are captured in divisional risk
registers and the PIRSA Strategic Risk Register.
On an as needed basis, ‘extreme’ and ‘high’ divisional risks or operational risk actions may be escalated to
the PIRSA Audit and Risk Management Committee for monitoring and review where divisions may
anticipate potential reputation or compliance impacts to PIRSA.
6.1.5
Project management
PIRSA relies on the risk assessment process to be integrated into all planning processes for activities of
the agency, including significant projects, initiatives, proposals and cabinet submissions.
Risk information obtained is a fundamental consideration in measured risk taking and decision making.
All defined PIRSA projects and initiatives are required to comply with the PIRSA Risk Management
Procedure GO R 003; and have a PIRSA Risk Template completed and approved prior to project initiation
(these hyperlinks are accessible by SA Government employees only).
The PIRSA Risk Management Road Map Diagram below illustrates the integration and alignment of risk
management activities into strategic, day-to-day and project operations.
Pirsa Risk Management Policy
Page 7 of 18
Approved: 23 April 2013
Printed: 3:45 AM 17/02/2016
Security Classification: Public
PIRSA Risk Management Roadmap Diagram
6.1.6 Risk management procedure
The PIRSA Risk Management Procedure GO R 003 (this hyperlink is accessible by SA Government
employees only) supports this policy; and provides further background and guidance on the integration of
risk management into any stage of an activity or significant project or initiative within PIRSA. This includes
further information on:

the purpose of the PIRSA Risk Management Framework; what risk management is and why it is
important; and how to establish the context for the identification, analyses and evaluation of risks

procedural steps for identifying, analysing, evaluating, treating, monitoring and reviewing,
communicating and consulting on risks, including references to the PIRSA Risk Matrix and completion
of the PIRSA Risk Template (this hyperlink is accessible by SA Government employees only)

risk management training, systems, reporting, registers, strategic planning and project management
process.
Pirsa Risk Management Policy
Page 8 of 18
Approved: 23 April 2013
Printed: 3:45 AM 17/02/2016
Security Classification: Public
6.1.7 Fraud and corruption
The PIRSA Fraud and Corruption Prevention Policy HR P 022, PIRSA Fraud Control Plan and PIRSA
Whistleblowers Policy HR P 001 (these hyperlinks are accessible by SA Government employees only –
publicly accessible versions are available on the PIRSA Internet Management Policies website) underpin
PIRSA’s commitment to high levels of professionalism and ethical behaviour. The PIRSA culture will ensure
that fraud and corruption prevention, detection and response are an integral part of PIRSA’s activities and
capabilities.
6.1.8 Work health safety and injury management
The PIRSA Work Health Safety and Injury Management Policy HR OHS&W P 001 (this hyperlink is
accessible by SA Government employees only) specifies the health and safety risk management processes
to be utilised to address and mitigate risks arising from work health safety and injury management in
accordance with the Work Health and Safety Act 2012 and Work Health and Safety Regulations 2012. It
applies to all PIRSA employees, workers, volunteers, contractors and others.
6.1.9 Protective security
The PIRSA Protective Security Policy GO P 005 (this hyperlink is accessible by SA Government employees
only) provides the foundation for security efforts and provides principles and standards for all PIRSA
employees in preventing and managing security risks.
7. ROLES AND RESPONSIBILITIES
Party / Parties
Roles and responsibilities
Chief Executive
 Approving the policy.
 Being accountable to the Minister for the development and implementation of a PIRSA
Risk Management Framework specific to the agency’s strategic objectives, business
activities and organisational context.
 Being accountable for risk management of PIRSA’s contribution towards South
Australia’s Strategic Plan objectives.
 Completing the Annual Risk Management Statement by the Chief Executive.
Pirsa Risk Management Policy
Page 9 of 18
Approved: 23 April 2013
Printed: 3:45 AM 17/02/2016
Security Classification: Public
Party / Parties
Roles and responsibilities
Deputy Chief
 Providing an environment for managing risks in areas for which they have
Executive / Group
Executive Directors
responsibility, including:
o acting as the key driver of risk management and actively supporting associated
processes
o developing risk management practices
o ensuring that these processes and practices are fully communicated to, and have
the active support of all employees
o identifying, ongoing assessment and treatment of risks
o considering any necessary funding allocations and/or processes to deal with and
manage risks
o trusting and empowering employees to manage risks
o recognising and rewarding performance where risks have been managed well
o ensuring that risks relevant to their divisions are identified, understood and
effectively managed
o reporting on the status of key divisional risks to the PIRSA Audit and Risk
Management Committee on a quarterly basis.
Executive Directors
 Completing an Annual PIRSA Risk Management Statement by Divisional Executive
Director (refer to Appendix A) declaring AS/NZS ISO 31000 International Standard on
Risk Management – Principles and Guidelines have been integrated into all business
and activity planning for their divisional risk register.
 Ensuring that risks are identified, analysed, treated and reported, with due
consideration given to the possible impact of the risks across PIRSA as well as on
external stakeholders.
Manager, Risk and
Integrity
 Implementing the policy (including communication, awareness and training).
 Contributing to the development of consistent risk management practices across
PIRSA by establishing a network for sharing risk management learning.
 Providing guidance and advice to colleagues around all matters relating to the risk
management process.
 Coordinating the dissemination and collection of all information relating to the risk
management process across all the divisions of PIRSA.
Pirsa Risk Management Policy
Page 10 of 18
Approved: 23 April 2013
Printed: 3:45 AM 17/02/2016
Security Classification: Public
Party / Parties
Roles and responsibilities
PIRSA Audit and Risk
 Ongoing management of the policy (including feedback, review, document and records
Management
Committee
management requirements, updating policy versions and removal of revoked policies).
 Providing policy advice and assistance, including interpreting policy requirements.
 Evaluating, monitoring and reviewing the policy.
 Overseeing risk management activities within PIRSA through the PIRSA Internal Audit
Function.
 Escalating divisional risks via the Manager, Risk and Integrity, divisional directors and
divisional units.
PIRSA Internal Audit
Function
 Being accountable to the PIRSA Audit and Risk Management Committee.
 Assisting PIRSA management by providing objective and systematic analysis, advice
and recommendations concerning the effectiveness of risk management, control and
governance processes.
 Working in close partnership with PIRSA Audit and Risk Management Committee and
the Auditor General’s Department to evaluate:
o the effectiveness of PIRSA systems of internal control that assist in mitigating risks
to tolerable levels
o compliance with PIRSA’s strategic objectives, policies and procedures
o the effectiveness and efficiency of PIRSA’s business operations and activities
o statutory and regulatory compliance
o independent examinations and evaluations of risk management or mitigation plans
(policies, procedures and systems) in place to manage risk
o risk management of new and developing SA Government initiatives impacting on
PIRSA
o whether the operational scope and authority of the PIRSA Internal Audit Function is
set in the PIRSA Audit and Risk Management Terms of Reference approved by the
PIRSA Audit and Risk Management Committee.
PIRSA Staff
 Complying with the policy and performing any particular policy actions or steps.
Pirsa Risk Management Policy
Page 11 of 18
Approved: 23 April 2013
Printed: 3:45 AM 17/02/2016
Security Classification: Public
8. MONITORING, EVALUATION AND REVIEW
The PIRSA Audit and Risk Management Committee will review this policy at least once every three (3)
years or earlier if required, to ensure continuous improvement. Any changes will be published on the
PIRSA intranet and communicated to PIRSA employees.
Compliance with this policy will be periodically reviewed through the PIRSA Internal Audit Program.
Key performance indicators have been assigned to each requirement of this policy and the associated
PIRSA Risk Management Procedure GO R 003 (this hyperlink is accessible by SA Government employees
only) as follows:
PIRSA Risk Management Policy and Procedure Key Performance Indicators
Activity
Activity owner
Due date
Annual review of the PIRSA Strategic Plan and key
Manager, Risk and Integrity
May of each year
Director, Finance and
May of each year
strategic risks.
Annual budgeting and planning process completed.
Prudential Management
Divisional risk assessment and analysis completed.
Divisional Executive
June of each year
Directors
Development of risk treatment plans completed.
Manager, Risk and Integrity
July of each year
Annual Risk Management Statements by Divisional
Divisional Executive
August of each year
Executive Director (refer to Appendix A) submitted.
Directors
Annual Risk Management Statement by the Chief
Chief Executive
August of each year
Executive completed.
9. DEFINITIONS AND ABBREVIATIONS
Term
Meaning
Activity
Installing or performing a function or mission.
Pirsa Risk Management Policy
Page 12 of 18
Approved: 23 April 2013
Printed: 3:45 AM 17/02/2016
Security Classification: Public
Term
Meaning
Communication and
Continual and iterative processes than an organisation conducts to provide, share or
consultation
obtain information and to engage in dialogue with stakeholders regarding the
management of risk.
Control
A measure that is modifying a risk.
Monitoring
Continual checking, supervising, critically observing or determining the status of a risk
in order to identify change from the performance level required or expected.
Review
Activity undertaken to determine the suitability, adequacy and effectiveness of the
subject matter to achieve established objectives.
Risk
An effect of uncertainty on objectives such as financial, environmental goals. Such
risk can apply at different levels such as strategic, organisational wide, project,
product or process.
Risk analysis
A process to comprehend the nature of risk and determine the level of risk.
Risk assessment
The overall process of risk identification, analysis and evaluation.
Risk evaluation
The process of comparing the results of risk analysis with risk criteria to determine
whether the risk and/or its magnitude are acceptable or tolerable.
Risk identification
The process of finding, recognising and describing risks.
Risk management
The set of components that provide the foundations and organisational arrangements
framework
for designing, implementing, monitoring, reviewing and continually improving risk
management throughout the organisation.
Risk management
A scheme within the PIRSA Risk Management Framework specifying the approach,
plan
the management components and resources to be applied to the management of risk.
Risk management
The systematic application of management policies, procedures and practices to the
process
activities of communicating; consulting; establishing the context; and identifying,
analysing, evaluating, treating, monitoring and reviewing risk.
Risk management
The coordinated activities to direct and control an organisation with regard to risk.
Risk owner
A person within the entity with the accountability and authority to manage a risk.
Pirsa Risk Management Policy
Page 13 of 18
Approved: 23 April 2013
Printed: 3:45 AM 17/02/2016
Security Classification: Public
Term
Meaning
Risk treatment
A process to modify risk.
Stakeholder
A person or organisation than can affect, be affected by, or perceive themselves to be
affected by a decision or activity.
10. ASSOCIATED DOCUMENTS
Note: most of the following hyperlinks to agency documents published on the PIRSA intranet are only
accessible by SA Government employees, unless otherwise indicated:

PIRSA intranet > Risk Management and Audit site

PIRSA intranet > Work Health Safety and Injury Management (PIRSAFE) site

PIRSA Document and Records Management Policy IM P 002 and associated guidelines

PIRSA Legal Compliance Framework intranet site

PIRSA Fraud and Corruption Prevention Policy HR P 022 (a publicly accessible version of this policy is
available on the PIRSA Internet > Management Policies website)

PIRSA Fraud Control Plan (a publicly accessible version of this plan is available on the PIRSA Internet
> Management Policies website)

PIRSA Protective Security Policy GO P 005, including the PIRSA Protective Security Plan (under
development)

PIRSA Risk Management Framework (refer to Appendix B)

PIRSA Risk Management Procedure GO R 003

PIRSA Risk Template

PIRSA Whistleblowers Policy HR P 001 (a publicly accessible version of this policy is available on the
PIRSA Internet > Management Policies website)

PIRSA Work Health Safety and Injury Management Policy HR OHS&W P 001

PIRSA Work Health Safety Risk Management Procedure HR OHS&W R 0002
Pirsa Risk Management Policy
Page 14 of 18
Approved: 23 April 2013
Printed: 3:45 AM 17/02/2016
Security Classification: Public
11. REFERENCES

AS/NZS ISO 31000 International Standard on Risk Management – Principles and Guidelines

Australian Business Excellence Framework

Government of South Australia High Performance Framework

Government of South Australia Risk Management Policy Statement

PIRSA Corporate Plan 2013-2015

South Australia’s Strategic Plan

Work Health and Safety Act 2012

Work Health and Safety Regulations 2012

Workers Rehabilitation and Compensation Act 1986

Workers Rehabilitation and Compensation Regulations 2010
Pirsa Risk Management Policy
Page 15 of 18
Approved: 23 April 2013
Printed: 3:45 AM 17/02/2016
Security Classification: Public
APPENDIX A – ANNUAL RISK MANAGEMENT STATEMENT BY
DIVISIONAL EXECUTIVE DIRECTORS
I
state that, following a comprehensive review of
Name
Division Name
knowledge and application of risk management principles and processes, activities consistent with AS/NZS ISO
31000 International Standard on Risk Management – Principles and Guidelines are integrated into all business
and activity planning.
Title:
Signature:
Date
/
/
OR
I
state that, following a comprehensive review of
Name
Division Name
knowledge and application of risk management principles and processes, activities consistent with AS/NZS ISO
31000 International Standard on Risk Management – Principles and Guidelines are integrated into all business and
activity planning with the exception of:
…………………………………………………………………………………………………………………………
…………………………………………………………………………………………………………………………
…..……………………………………………………………………………………………………………………
Title:
Signature:
Date
/
/
APPENDIX B – PIRSA RISK MANAGEMENT FRAMEWORK
PIRSA Risk Management Framework Diagram 1
PIRSA Risk Management Framework Diagram 2
Related documents
Duty Statement template
Duty Statement template
section a: general information
section a: general information
Letter to Department of Primary Industries and Regions South
Letter to Department of Primary Industries and Regions South
Position Description Approval
Position Description Approval
relationship management
relationship management
Brooks Document
Brooks Document
Brief - SA Beach-Cast Marine Algae Fishery - Letter to PIRSA
Brief - SA Beach-Cast Marine Algae Fishery - Letter to PIRSA
About the role
About the role
DOCX - 263.41 KB - Department of the Environment
DOCX - 263.41 KB - Department of the Environment
what causes cancer?
what causes cancer?
Download
advertisement