Implementation of an Enterprise-Wide Risk Management Framework
Download
Report
Transcript Implementation of an Enterprise-Wide Risk Management Framework
IMPLEMENTATION OF AN
ENTERPRISE-WIDE RISK
MANAGEMENT FRAMEWORK
Stuart Lovell
Manager HR and Risk
Glenorchy City Council
THE RISK MANAGEMENT JOURNEY
Insurance Driven
OH&S and Public Liability focus
Conducted “Business Risk Review”
Identified the need to focus on Strategic Risk
Strategic Risk Register Developed
CMP Liability Audit
Role of Risk Management Committee
Risk Management Policy
Risk Management Framework
Audit and Risk Committee
BUSINESS RISK REVIEW
Initially conducted in 2001, operationally
focussed.
Register produced.
Reviewed Register Annually.
Conducted complete Risk Review in 2006 using
Council’s Strategic Plan as reference.
Risk Register Records Updated.
Risk Review 2009 conducted using Risk
Framework
2013 Framework and Register Reviewed
STRATEGIC RISK
Focus on Council’s Strategic Plan and key
operational areas.
Expanded understanding of types of risk –
Environmental, public liability, OH&S, Industrial
Relations, Financial Sustainability, Reputation,
Emergency Management, Business Continuity, Social
Responsibility
Explore opportunities.
Move from risk mitigation to value creation
RISK REGISTER
Centralised
Separate sections to reflect organisational
structure
Allocation of resources, roles and responsibilities
Dashboard reporting to give “real time” snapshot
of risk mitigation strategies
LIABILITY AUDIT
Useful tool to introduce the concept of risk
management
Use of recommendations
Focus of the Risk Management Committee
Targeted Risk Appraisals
RISK MANAGEMENT COMMITTEE
Develop a charter including membership
Move from operational to strategic focus
Responsible for implementation of mitigation
strategies from Risk Register
Report ALL risk issues to ELT
RISK MANAGEMENT POLICY
Based on ISO 31000:2009
Relevant to the organisation
Provides appropriate responsibility, resources
and authority
Outlines administrative structure to support
policy and organisational responsibilities
Ongoing process that requires regular review
RISK MANAGEMENT FRAMEWORK
Based on ISO 31000:2009
Establishing the context
Identify risks
Analyse and evaluate risks
Treat and manage risks
Monitor, review and reporting
Communication and consultation
Appropriate allocation of Resources
AUDIT AND RISK COMMITTEE
Governance function of Organisational Risk
Management
Provide independent assurance to Council on
risk, control and compliance framework and
external accountabilities
Consists of 3 Aldermen and 2 independent
members
Meet at least 4 times per year
CONCLUSION
Risk Management is a journey
Learn form mistakes
Grasp opportunities
Ongoing process
Sound Management Tool