RISK MANAGEMENT

Meeting the Requirements of ISO 31000

including Risk Identification, Analysis, Evaluation
and Treatment

1
To train Managers, Superintendents, Health &
Safety Representatives (HSR’s), to be able to
manage risks by the identification, analysis,
evaluation, treatment and implementation of the
controls necessary to reduce the risks.

2
 BACKGROUND TO RISK MANAGEMENT

 We manage risks continuously, sometimes

consciously and sometimes without realising it.

 The need to manage risks systematically, applies to

all Organisations and Individuals and to all
Functions and Activities within an Organisation.

 This need should be recognised as of Fundamental

Importance by all Managers and Staff.

(Continued on following Slide)

3
BACKGROUND TO RISK MANAGEMENT (No. 3)

 The alternative to Risk Management is Risky

Management, or making reckless decisions, or
decisions that are not based on a careful
consideration of the facts.

 “If you think QA, OH&S and Environmental

Management Systems are time consuming, or a
waste of time and money, “TRY ACCIDENTS AND
YOU COULD BE OUT OF BUSINESS TOMORROW !!”
(Continued on following Slide)

4
BACKGROUND TO RISK MANAGEMENT (No. 4)
Risky Management is unlikely to ensure desired outcomes:

 Managing risks involves both threats and opportunities.

 Managing risks requires rigorous thinking.

 Managing risks requires forward thinking.

 Managing risks requires accountability in decision

making.

 Managing risks requires communication.

 Managing risks requires balanced thinking.

5
 BENEFITS OF RISK MANAGEMENT (No. 1)

Some Specific Benefits of Risk Management include:

 Fewer surprises.

 Exploitation of opportunities.

 Improved planning, performance and effectiveness.

 Economy and efficiency.

 Improved Stake Holder relationships.

(Continued on following Slide)

6
 BENEFITS OF RISK MANAGEMENT (No. 2)

 Improved information for decision making.

 Enhanced reputation.

 Director protection.

 Accountability, assurance and governance.

 Personal well being.

7
 CORPORATE GOVERNANCE (No. 1)

 Corporate Governance can be defined as the System

by which Organisations are directed and controlled.

 Corporate Governance is concerned with improving

the performance of Companies for the benefits of
Share Holders, Stake Holders and economic growth.

 It focuses on the conduct of and relationships

between the Board of Directors, Managers and the
Company Share Holders.

(Continued on following Slide)

FM-2 Day RM-Issue 1-01/12/2012-GJB 8

 CORPORATE GOVERNANCE (No. 2)
 Corporate Governance generally refers to the processes by
which Organisations are directed, controlled and held to
account.

 Risk Management contributes to good Corporate Governance

by providing reasonable assurance to Boards and Senior
Managers that the organisational objectives will be achieved
within a tolerable degree of residual risk.

 Second, Risk Management not only contributes to good

Governance, it also provides some protection for Directors and
Office Managers in the event of adverse outcomes.

9
DEFINITION OF TERMS

10
DEFINITION OF TERMS

11
DEFINITION OF TERMS

12
DEFINITION OF TERMS

13
DEFINITION OF TERMS

14
DEFINITION OF TERMS

15
RISK MANAGEMENT PRINCIPLES

16
 THE RISK MANAGEMENT PROCESS
a) Creates value. C
b) Integral part of Mandate and o Establishing
Commitment (4.2.) m the Context
organisational
m (5.3.) M
processes.
u o
c) Part of decision n
n
making. Design of Risk i
i
d) Explicitly address Framework Assessment t
c
uncertainty. for Managing Risks (5.4.) o
a
e) Systematic, (4.3.) r
t
structured and i Risk
i
timely. o n
Identification
f) Based on the best n g
Continual Implementing (5.4.2.)
available information. Improvement Risk
g) Tailored. of the Management and
Risk and
h) Takes human and Framework (4.4.)
cultural factors into (4.6.) C Analysis
o (5.4.3.)
account. R
n
i) Transparent and e
s
inclusive. Monitoring u Risk i
j) Dynamic, interactive and Review of the l Evaluation v
and responsive to Framework t (5.4.4.) i
change. (4.5.) a e
k) Facilitates continual t w
Risk
improvement and i Treatment
enhancement of the o (5.6.)
FRAMEWORK (5.5.)
Organisation. n
(CLAUSE 4) (5.2.)
PRINCIPLES
(CLAUSE 3) PROCESS
(CLAUSE 5)
17
RISK MANAGEMENT PRINCIPLES

18
RISK MANAGEMENT PRINCIPLES

19
 RISK MANAGEMENT PROCESS
 Management of Risk is an integral part of Good
Management.

 It is an Interactive Process of Continual

Improvement that is best embedded into existing
practices.

 The Main Elements of the Risk Management Process

are the following:
(Continued on following Slides)

20
 RISK MANAGEMENT PROCESS (No. 2)

(A) Communicate and Consult

Communicate and Consult with internal and external
Stake Holders as appropriate at each stage of the Risk
Management Process and concerning the Process as a
whole.

(B) Establish the Context

Establish the external, internal and risk management
context in which the rest of the Process will take place.
A Criteria against which risk will be evaluated should be
established and the structure of the analysis defined.

(Continued on following Slide)

21
 RISK MANAGEMENT PROCESS (No. 3)
(C) Identify Risks
Identify where, when, why and how events could
prevent, degrade, delay or enhance the achievement of
the objectives.

(D) Analyse Risks

Identify and evaluate existing controls. Determine
consequences and likelihood and hence the level of
risk. This analysis should consider the range of
potential consequences and how these could occur.

(Continued on following Slide)

22
 RISK MANAGEMENT PROCESS (No. 4)
(E) Evaluate Risks
Compare estimated levels of risk against the pre-
established criteria and consider the balance between
potential benefits and adverse outcomes. This enables
decisions to be made about the extent and nature of
treatments required and about priorities.

(F) Treat Risks

Develop and implement specific Cost Effective
Strategies and Action Plans for increasing potential
benefits and reducing potential costs.

(Continued on following Slide)

23
 RISK MANAGEMENT PROCESS (No. 5)
(G) Monitor and Review
It is necessary to monitor the effectiveness of all Steps of the Risk
Management Process. This is important for continuous improvement.

Risks and the effectiveness of treatment measures need to be monitored

to ensure changing circumstances do not alter priorities.

Risk Management can be applied at many levels within an Organisation.

It can be applied at a strategic level and at tactical and operational
levels. It may be applied to specific Projects, to assist with specific
decisions or to manage specific recognised risk areas.

For each stage of the Process, records should be kept to enable

decisions to be understood as part of a Process of Continual
Improvement.

24
RISK MANAGEMENT AND ISO
2015 STANDARDS

25
RISK MANAGEMENT AND ISO
2015 STANDARDS

26
RISK MANAGEMENT AND ISO
2015 STANDARDS

27
RISK MANAGEMENT SYSTEMS
HIERARCHY

28
RISK MANAGEMENT SYSTEMS
HIERARCHY

29
RISK MANAGEMENT SYSTEMS
HIERARCHY

30
RISK MANAGEMENT SYSTEMS
HIERARCHY

31
RISK MANAGEMENT SYSTEMS
HIERARCHY

32
FIVE (5) STEPS TO RISK ASSESSMENT (No. 1)

 Whilst we can apply Risk Assessment to financial,

marketing, sales, management projects, investments
sale and purchase and all types of other
Management Risks.

 Let’s concentrate as a Practical Example on Health &

Safety Risks and we can look at other Examples later
within the Course.

(Continued on following Slide)

33
FIVE (5) STEPS TO RISK ASSESSMENT (No. 2)

FIVE (5) STEPS TO RISK ASSESSMENT AIMS TO HELP

YOU ASSESS HEALTH & SAFETY RISKS:

 A Risk Assessment is an important step in protecting your

Workers and your business, as well as complying with the Law.

 It helps you focus on the risks that really matter in your

workplace, the ones with the potential to cause real harm.

 In many instances, straightforward measures can readily

control risks, for example ensuring spillages are cleaned up
promptly so People do not slip, or cupboard drawers are kept
closed to ensure People do not trip.

(Continued on following Slide)

34
FIVE (5) STEPS TO RISK ASSESSMENT (No. 3)

 For most that means simple, cheap and effective measures to

ensure your most valuable asset, your Work Force, is
protected.

 The Law does not expect you to eliminate all risk, but you are
required to protect People as far as “REASONABLY
PRACTICABLE”. This Guide tells you how to achieve that with
a minimum of fuss.

 This is not the only way to do Risk Assessment, there are other
methods that work well, particularly for more complex risks and
circumstances. However, we believe this method is the most
straightforward for most Organisations.

35
 HOW TO ASSESS THE RISKS
IN YOUR WORKPLACE (No. 1)
FOLLOW THE FIVE (5) STEPS BELOW:

(1) Identify the hazards.

(2) Decide who might be harmed and how.

(3) Evaluate the risks and decide on precautions.

(4) Record the finding and implement them.

(5) Review your Assessment and update if necessary.

(Continued on following Slide)

36
SAMPLE TOOLS:
 FMEA
 5 X 5 TABLE

37
38