Elements and Performance Criteria
- Identify risks to business operations.
- Determine operational objectives through consultation with key people and by referring to available informationsources and use this as the basis for identifying, assessing and controlling risks to the organisation or activity.
- Develop or access a business risk identification and assessment tool or template document which incorporates assessment criteria for assessing risks and consequences.
- Use appropriate methods to identify foreseeable risk that has the potential to adversely affect operational activities.
- Ensure that risk assessment processes are a key component of all operational activities.
- Involve other people in the risk identification process and integrate the perspective of key people.
- Produce clear documents that outline identified risks to allow for a full assessment.
- Assess risks to business operations.
- Refer to identified and documented risks, consult with and involve key people to achieve broad input into the risk assessment process.
- Use a systematic and four-staged hierarchical process model to conduct the risk assessment.
- Use established assessment criteria for assessing risks and consequences.
- Prepare clear documentation of the outcome of risk assessment and proposed control actions.
- Eliminate or control the business risk.
- Assess the organisation's capability to eliminate or control risk and determine specific control measures.
- Develop and document contingency plans for risk elimination, minimisation or control and communicate these to key people involved in the operational activity.
- Implement control measures according to individual level of responsibility or refer to appropriate personnel for permission or further action.
- Eliminate risk where possible or take action to control and minimise the risk.
- Continuously monitor specific risks and controls to ensure effectiveness of control method.
- Regularly monitor low or accepted risks for any unacceptable consequences.
- Monitor and evaluate business risk management practices.
- Continuously monitor operational activities for a changing risk profile and identify, assess and control business risks on an ongoing basis.
- Make evaluation of specific risk controls a key component of all operational activity reviews.
- Consult with a range of key people to elicit feedback on the effectiveness of all risk management practices.
- Identify inadequacies in risk management practices, develop, implement, document and communicate improvements to risk management practices.