Elements and Performance Criteria
- Establish the risk context
- The nature and extent of the work activity are established within the broader organisational context
- The outcomes to be achieved are identified and documented as required
- The relationship between the activity and its environment is analysed and critical factors in the environment that may impact on the achievement of outcomes are identified
- Stakeholders are identified and consulted to identify their opinions, concerns and needs related to the activity and the management of risks related to it
- Risk evaluation criteria are determined for the activity in accordance with legislation, policy and procedures related to risk management in the organisation
- Identify risks
- Method/sfor identifyingrisks are selected in accordance with risk management policy and procedures, budgetary and time constraints relative to the type of activity to be undertaken
- Sources of risk are identified and documented as required
- Risk events related to each source of risk are identified and recorded in accordance with risk management policy and procedures
- Consultation and communication is undertaken to ensure all possible risks are identified
- Analyse risks
- The probability of identified risks occurring is analysed and rated in accordance with risk management policy and procedures
- The consequences of identified risks occurring are analysed and rated according to organisational procedures
- Current control measures for any of the identified risks are considered in the risk analysis, and residual risks are analysed and included if necessary
- Levels of risk are determined in accordance with risk matrix used by the organisation
- Consultation/communication is undertaken as required to confirm risk levels, and analysis is documented in accordance with organisational risk management procedures
- Evaluate risks
- Risks are evaluated by comparing the level of risk with risk evaluation criteria established at the beginning of the risk management process
- The importance of the activity, its outcomes and the degree of control over the risks are considered
- Potential and actual losses which may arise from the risk are considered
- Benefits and opportunities presented by the risk are taken into account
- Risks are identified as acceptable or unacceptable in accordance with risk evaluation criteria, and confirmation/approval is obtained in accordance with risk management policy and procedures
- Unacceptable risks are prioritised and the reason/s for acceptance of risks is documented
- Treat risks
- Options for treating risks are determined in accordance with risk management policy and procedures
- The best treatment option is selected and a cost-benefit analysis is undertaken to compare the cost of implementing the treatment with the benefits
- A risk treatment plan is prepared, approved and communicated to those who will be involved in implementation
- Changes required to operational structure, procedures or staffing in order to implement risk treatments are negotiated in accordance with organisational policy and procedures
- Resources are arranged and risk treatment plan is implemented in accordance with risk management policy and procedures
- Monitor and review risk treatment plan
- Changes in the organisational environment and factors impacting on the organisation are monitored for their impact on risks and existing risk treatments
- Risk treatments for unacceptable risks are monitored and adjusted as required to ensure they remain effective
- Acceptable risks are monitored to ensure these risk levels do not increase over time
- Consultations are conducted and data relating to risks and risk treatments are collected, analysed and used to improve risk management in own area of operation
- Risk treatment plan is reviewed in accordance with timetable for review of plan and updated as required
- Input is provided into formal reviews/audits of risk in the organisation to improve risk management outcomes