Risk Management

Objective:

South West Victoria SEAL Inc. is committed to minimising risk in all its operations in order to maximise the efficiency and
effectiveness of its programs and services; these include minimising risks in the area of contracts, theft and fraud, loss of
income, business interruption, health and safety, human resources and compliance. Risk management is about asking the
following questions:

•What can go wrong?

•What are the consequences if something does go wrong?
•What can we do to prevent it going wrong?

These procedures describe the processes that South West Victorian SEAL Inc. will use to monitor, mitigate and minimise
risk in its operations. In 2012 a revised development system was put in place using the table below to assist in developing
the register and its policy and procedure

Developing South West Victorian SEAL INC. Risk Management

Framework
# Requirement Done Who/What
1 Has the CoM and executive expressed their support for a Risk Y CoM, QKnet,
Management programme? \Y\quality

2 Have you identified a person who will be responsible for implementing Y CEO
risk management?
3 Does the risk manager, or equivalent, have reasonable access to staff Y CEO
and management across the organisation?
4 Have you defined categories of risk relevant to your organisation and Y CoM, CEO
industry?
5 Do your risk categories reflect all operational risk areas of the business Y CoM, CEO,
as well as more strategic risk categories? QKnet

6 Is there a clear organisational strategy (or objectives) articulated for the Y Policy and
organisation? Procedure
QKnet

7 Have you defined and agreed a Likelihood scale to assess the potential Y CoM, CEO
for the risk to occur throughout the organisation?
8 Have you defined and agreed a Consequence scale to help assess risk Y Policy and
impacts across the organisation? Procedure
QKnet
9 Does your Consequence scale describe both financial and non-financial Y Policy and
impacts? Procedure
QKnet

10 Does your Risk management framework consider the effectiveness of Y Policy and
controls or risk treatments? Procedure
QKnet

11 Is there an agreed template or format for recording risk (a risk register)? Y QKnet,
\Y\quality

12 Has a risk policy been defined? Y QKnet

Y:\QKnet\2016\procedures\riskmanv1.docx
13 Does the organisation have a documented risk management strategy? Y QKnet

14 Has the Risk Committee (or equivalent) and the CoM reviewed and Y CoM, all staff
approved the Risk Policy/ Strategy?
15 Do job descriptions of key stakeholders include responsibilities Y Consultant
for risk management? hired P
Macdonald

16 Is a formal project management methodology used to manage projects? Y QTS

17 Is a mechanism in place to identify, assess, record and monitor risks on Y QKnet
projects?
18 Has the organisation agreed what types and levels of risk are Y CoM, CEO
unacceptable?

19 Is there an agreed format/ template for reporting on risk? Y QKnet, \Y

20 Is there a process and/or template where staff and the Executive can Y All staff
record new risks?

Scope:
This procedure applies to all business, training and service operations of South West Victorian SEAL Inc.

Responsibilities:
Responsibility for risk management within South West Victorian SEAL Inc. is as follows:
Committee of Management – The CoM has ultimate responsibility for ensuring appropriate management of risk by South
West Victorian SEAL Inc.
Chief Executive Officer – The CEO is responsible for ensuring that a risk management system is established, implemented
and maintained in accord with this policy
All staff – Every South West Victorian SEAL Inc. staff member is responsible for the effective management of risk, including
the identification of potential risks

The CEO, with assistance from the CoM and QTS will develop and maintain a risk management register for the operations of
South West Victorian SEAL Inc. The register will record:
•the area of risk, taken from the following categories: Contracts, Theft and Fraud, Loss of Income, Business Interruption,
Health and Safety, Human Resources, Compliance
•details of the actual risk exposure
•any risk mitigation currently being undertaken or controls currently in place
•a risk rating (as per the table below)
•any further proposed risk mitigation activities and the target date for completing these
•any additional resources required to complete the risk mitigation
•this register is stored on a restricted network drive and backed up off site to minimise risk to itself.

Monitoring and reviewing the Risk Management Register:

The CEO with assistance from the CoM and QTS (Quality training and support) is responsible for monitoring and updating
the Risk Management Register on a regular basis (generally monthly). New risks should be added over time, while “old”
risks that have been adequately treated or no longer apply should be left on the register for historical purposes. Such risks
will be marked as “A” for adequately controlled. The Risk Management register will be reported to the CoM of
Management bi-annually (generally March and September).

Y:\QKnet\2016\procedures\riskmanv1.docx
Risk Management ratings
The following ratings are used in the South West Victorian SEAL Inc. Risk Management Register.

Probability/Consequences 1 – Insignificant 2 – Minor 3 – Moderate 4 – Major 5 – Catastrophic

•Less than $10K •$10 – 50 K loss •$50 - $250 K •$250 - $500 K •More than
loss •Medical loss loss $500 K loss
•Injury treatment, lost •Short •Long •Death or
requiring First time hospitalisation hospitalisation permanent
Aid •Transient and full recovery or incomplete incapacity
•Minor pollution, •Significant recovery •Long-term
pollution effective environmental •Significant environmental
•Almost no loss remediation harm, some mid- environmental harm
of services or •Minor loss of term recovery harm, long-term •Major adverse
reputation services or possible recovery impact on
reputation •Unfavourable •Significant business (total
impact on adverse impact closure > 3 days)
business and on business and and reputation
reputation reputation

5 – Almost certain 5 10 15 20 25
Expected to occur in most
circumstances
4 – Likely 4 8 12 16 20
Will quite commonly occur

3 – Moderate 3 6 9 12 15
May occur occasionally

2 – Unlikely 2 4 6 8 10
Could occur infrequently

1 – Rare 1 2 3 4 5
May occur in exceptional
circumstances
Management of risk

Level Management response

High risk Active management; development of detailed treatment

plans; frequent monitoring and monthly reporting

Significant risk Active management; development of additional risk plans;

regular monitoring and quarterly reporting

Moderate risk Manage through specific response procedures; periodic

monitoring and b-annual reporting

Low risk No major concern; manage through routine procedures;

review annually

Y:\QKnet\2016\procedures\riskmanv1.docx
Procedure:

Step Responsibilities Links

1 Allocate number CoM Member
Allocate a unique number to each risk (aim for no more than 30 active risks on the CEO
register). Quality Assurance
Quality Systems
2 Identify risk CoM Member
Identify the general area of risk (see categories above) and describe the nature of the CEO
risk. (For example, the movement of students around the South West Victorian SEAL Quality Assurance
Inc. car park is a Health and Safety risk for pedestrians and other cars.) Quality Systems
Training Manager
3 Assess risk CoM Member
Assess the risk, factoring in the probability and the likelihood of the event occurring. CEO
Quality Assurance
Quality Systems
4 Current controls CoM Member
Indicate any current controls and whether the risk is adequately or inadequately CEO
controlled. Quality Assurance
Quality Systems
5 Further action CoM Member
Describe any further action to control or mitigate the risk, and any additional CEO
resources required Quality Assurance
Quality Systems
6 Mitigation timeline CoM Member
Allocate a timeline for the control or mitigation of the risk. CEO
Quality Assurance
Quality Systems

Quality Document References:

Committee of Management Fiduciary Duties: Policy -SWS-CoM
Confidentiality Policy: Policy -SWS-Human Resources
Environment Policy: Policy -SWS-Administration
Fiduciary Duty Policy: Policy -SWS-CoM
Records Management: Policy -SWS-Quality
Risk Management: Policy -SWS-Corporate Services
Records Management: Procedure -SWS-Quality

References to Standards and Legislation:

NVR Part 3 2012: Essential standards for continuing registration 18: SNR 18 The RTO has governance arrangements
NVR Part 3 2012: Essential standards for continuing registration 20: SNR 20 Compliance with legislation
NVR Part 3 2012: Essential standards for continuing registration 21: SNR 21 Insurance
NVR Part 3 2012: Essential standards for continuing registration 22: SNR 22 Financial management

Other Information:
AS/NZS ISO 31000-2009 Risk Management – Principles and Guidelines

Y:\QKnet\2016\procedures\riskmanv1.docx