Elements and Performance Criteria
- Establish the risk context
- Establish the nature and extent of the work activity within the broader organisational context.
- Identify and document outcomes to be achieved.
- Analyse relationship between the activity and its environment and identify critical factors in the environment that may impact on the achievement of outcomes.
- Identify and consult stakeholders to understand their opinions, concerns and needs.
- Determine risk evaluation criteria for the activity.
- Identify risks
- Select method/s for identifying risks in accordance with risk management policy and procedures, budgetary and time constraints relative to the type of activity to be undertaken.
- Identify and document sources of risk as required.
- Identify and record risk events related to each source of risk.
- Undertake consultation to ensure all possible risks are identified.
- Analyse risks
- Analyse and rate the probability of identified risks occurring and consequences.
- Consider current control measures for any of the identified risks in the risk analysis, and analyse and include residual risks if necessary.
- Determine levels of risk in accordance with risk matrix used by the organisation.
- Consult as required to confirm risk levels, and document analysis.
- Evaluate risks
- Evaluate risks by comparing the level of risk with risk evaluation criteria established at the beginning of the risk management process.
- Consider the importance of the activity, its outcomes and the degree of control over the risks.
- Consider potential and actual losses which may arise from the risk.
- Take into account benefits and opportunities presented by the risk.
- Identify risks as acceptable or unacceptable in accordance with risk evaluation criteria, and obtain approval.
- Prioritise unacceptable risks and document the reason/s for acceptance of risks.
- Treat risks
- Determine options for treating risks.
- Select the best treatment option and undertake a cost-benefit analysis.
- Prepare, approve and communicate a risk treatment plan to those who will be involved in implementation.
- Negotiate changes required to operational structure, procedures or staffing in order to implement risk treatments.
- Organise resources and implement risk treatment plan.
- Monitor and review risk treatment plan
- Monitor changes in the organisational environment and factors impacting on the organisation for their impact on risks and existing risk treatments.
- Monitor and adjust risk treatments for unacceptable risks as required.
- Monitor acceptable risks to ensure these risk levels do not increase over time.
- Consult and collect, analyse and use data relating to risks and risk treatments to improve risk management in own area of operation.
- Review risk treatment plan in accordance with timetable for review of plan and updated as required.
- Provide input into formal reviews of risk in the organisation to improve risk management outcomes.
- Establish the risk context
- Establish the nature and extent of the work activity within the broader organisational context.
- Identify and document outcomes to be achieved.
- Analyse relationship between the activity and its environment and identify critical factors in the environment that may impact on the achievement of outcomes.
- Identify and consult stakeholders to understand their opinions, concerns and needs.
- Determine risk evaluation criteria for the activity.
- Identify risks
- Select method/s for identifying risks in accordance with risk management policy and procedures, budgetary and time constraints relative to the type of activity to be undertaken.
- Identify and document sources of risk as required.
- Identify and record risk events related to each source of risk.
- Undertake consultation to ensure all possible risks are identified.
- Analyse risks
- Analyse and rate the probability of identified risks occurring and consequences.
- Consider current control measures for any of the identified risks in the risk analysis, and analyse and include residual risks if necessary.
- Determine levels of risk in accordance with risk matrix used by the organisation.
- Consult as required to confirm risk levels, and document analysis.
- Evaluate risks
- Evaluate risks by comparing the level of risk with risk evaluation criteria established at the beginning of the risk management process.
- Consider the importance of the activity, its outcomes and the degree of control over the risks.
- Consider potential and actual losses which may arise from the risk.
- Take into account benefits and opportunities presented by the risk.
- Identify risks as acceptable or unacceptable in accordance with risk evaluation criteria, and obtain approval.
- Prioritise unacceptable risks and document the reason/s for acceptance of risks.
- Treat risks
- Determine options for treating risks.
- Select the best treatment option and undertake a cost-benefit analysis.
- Prepare, approve and communicate a risk treatment plan to those who will be involved in implementation.
- Negotiate changes required to operational structure, procedures or staffing in order to implement risk treatments.
- Organise resources and implement risk treatment plan.
- Monitor and review risk treatment plan
- Monitor changes in the organisational environment and factors impacting on the organisation for their impact on risks and existing risk treatments.
- Monitor and adjust risk treatments for unacceptable risks as required.
- Monitor acceptable risks to ensure these risk levels do not increase over time.
- Consult and collect, analyse and use data relating to risks and risk treatments to improve risk management in own area of operation.
- Review risk treatment plan in accordance with timetable for review of plan and updated as required.
- Provide input into formal reviews of risk in the organisation to improve risk management outcomes.