Risk Management Policy201041442037 by lindayy


More Info
									          Risk Management Policy
This AusAID risk management policy (March 2006) replaces the policy outlined in
AusAID Circular No. 29 of 8 November 1999.

Risk management is an integral part of the AusAID approach to decision-making and
accountability. Risk management comprises the culture, processes and structures that are
directed towards the effective management of potential opportunities and adverse effects
within AusAID’s operational environment.

At any one time AusAID has several billion dollars of programs and activities under
management. Australian aid promotes Australia’s fundamental national interests in
regional peace, stability and poverty reduction and is often delivered in high-risk
environments. The manner in which AusAID performs this important role can
significantly affect Australia’s international reputation and national interests.

Risk is inherent in all AusAID’s functions. All AusAID personnel are responsible for
managing the risks that relate to their particular area of work. Risks should be managed
in a way that derives the best outcomes for AusAID and its stakeholders.

The aim of this policy is not to eliminate risk. It is to assist AusAID personnel to manage
the risks involved in all AusAID’s activities to maximise opportunities and minimise
adverse consequences. Effective risk management requires:

   •   Identifying and taking opportunities to improve performance as well as taking
       action to avoid or reduce the chances of something going wrong
   •   A systematic process that can be used when making decisions to improve the
       effectiveness and efficiency of performance
   •   Forward thinking and active approaches to management
   •   Effective communication
   •   Accountability in decision making
   •   Balance between the cost of managing risk and the anticipated benefits.

Risk can be defined as the chance of something happening that may have an impact on
the achievement of objectives. Risk is measured in terms of consequences and likelihood
combined to arrive at a risk rating from Low to Very High (see the Risk Assessment
Matrix in Annex 1). Risk management is, therefore, defined as the culture, processes and
structures that are directed towards realising potential opportunities whilst managing
adverse effects (see Annex 1 for more key definitions).

The concept of managing risk is an integral part of the accountability requirements at all
levels in AusAID. An effective risk management system will safeguard Commonwealth
interests and ensure the best use of its resources. Recognition of risk management as a
central element of good corporate governance, and as a tool to assist in strategic and
operational planning, has many potential benefits in the context of the changing
operating environment of AusAID’s core business.

All AusAID personnel have a responsibility to ensure that the risks relating to their
particular area of work – whether it is in Canberra, an overseas post or a seconded
assignment – are managed to ensure the best outcome is achieved. The Risk Management
Guide included as Annex 1 provides AusAID personnel with practical assistance and
tools to use when implementing risk management practices. The Guide also includes
examples of the range of risks relevant to AusAID. Personnel should be alert to these
types of risk, as well as risks specific to their particular function(s), programs, activities,
posts and work areas.

The Australian/New Zealand Standard for Risk Management (AS/NZS 4360:2004) was
released in 2004 and AusAID has recently upgraded risk management processes, for
example, integrating risk management with business planning and developing a
Corporate Risk Assessment and Management Plan.

The previous Risk Management Policy (November 1999) has been revised to incorporate
advancements in the new Australian/New Zealand Standard for Risk Management and
AusAID risk management-related procedural developments.

AusAID aims to manage risk in accordance with the Australian/New Zealand Risk
Management Standard. Guidelines for Managing Risk in the Australian and New Zealand Public
Sector expands on the Standard to provide guidance for Public Sector agencies.

Risk management is an iterative process of continuous improvement that is best
embedded into existing practices or business processes. The main elements of the
AusAID risk management process are:

    •   Communicate and consult: Liaise with internal and external stakeholders as
        appropriate at each stage of the risk management process and concerning the
        process as a whole.

    •   Establish the context: Define the basic parameters within which risks must be
        managed and set the scope for the rest of the risk management process. The
        context includes AusAID’s external and internal environment and the purpose of
        the risk management activity.

    •   Identify risks: This step seeks to identify the risks to be managed.
   •   Analyse risks: Identify and evaluate existing controls. Determine consequences
       and likelihood and hence the level of risk. This analysis should consider the range
       of potential consequences and how these could occur.

   •   Evaluate risks: Compare estimated levels of risk against pre-established criteria
       (see risk matrix in Risk Management Guide) and consider the balance between
       potential benefits and adverse outcomes. This enables decisions to be made
       about the extent and nature of treatments required and about priorities.

   •   Treat risks: Develop and implement specific cost-effective strategies and action
       plans for increasing potential benefits and reducing potential costs. Allocate
       responsibilities to those best placed to address the risk and agree on target date
       for action.

   •   Document, monitor and review: Each stage of the risk management process must
       be documented. It is necessary to monitor the effectiveness of the risk
       management process. This is important for continuous improvement. Risks and
       the effectiveness of treatment measures need to be monitored to ensure changing
       circumstances are taken into consideration.

Each step of the risk management process – including indications of the relevance to
AusAID personnel – is discussed in greater detail in Annex 1.

Schematically, the risk management process can be depicted as follows:

                                     Establish the context
                                                                            Document, Monitor and Review
           Communicate and Consult

                                        Risk Assessment

                                         Identify risks

                                        Analyse risks

                                        Evaluate risks

                                          Treat risks

The following responsibilities exist for the implementation of effective agency-wide risk
   •   The Director General and Senior Executive are responsible for the
       implementation and maintenance of sound risk management. In carrying out this
       responsibility, senior managers should review the adequacy of internal controls to
       ensure that they are operating effectively and are appropriate for achieving
       corporate goals and objectives. Managers should put in place mechanisms that
       promote the culture of risk management practices and encourage and empower
       personnel in the management of risk.

   •   The Audit Committee is responsible for oversight and for providing corporate
       assurance on the adequacy of risk management procedures across AusAID. The
       Performance Review and Audit (AUDIT) Section assists this through: its risk-
       based audit approach; monitoring and review of risk management policies and
       procedures and control structures; identification of fraud risks; and delivery of
       risk management awareness and guidance materials.

   •   Branch Heads should ensure that Business Unit Plans include a discussion of key
       issues and major risks.

   •   Heads of AusAID offices at overseas posts should ensure that annual Post Risk
       and Fraud Management Plans are completed and forwarded to AUDIT Section.

   •   Country Program Managers should complete a risk assessment when developing
       country program strategies.

   •   Activity Managers should ensure risk management plans are completed for all
       activities in accordance with AusGUIDE requirements and updated by AMCs in
       annual plans, or more frequently, as necessary.

   •   Activity/Contract Managers should ensure that all NGOs and Contractors
       providing goods and services to AusAID adhere to risk management
       requirements in AusGUIDE, NGOPI and relevant contracts.

   •   Managers at all levels are to create an environment where managing risk forms
       the basis of all activities.

All AusAID personnel should adopt sound risk management practices within their
particular areas of responsibility.

1 – AusAID Risk Management Guide

To top