MSO Policy Template€¦ · Web view[SOURCE: ISO Guide 73:2009, definition 3.3.1.3] Risk...
Transcript of MSO Policy Template€¦ · Web view[SOURCE: ISO Guide 73:2009, definition 3.3.1.3] Risk...
![Page 1: MSO Policy Template€¦ · Web view[SOURCE: ISO Guide 73:2009, definition 3.3.1.3] Risk Management: Is the process of dealing with uncertainty. It is broadly described in the International](https://reader033.fdocuments.us/reader033/viewer/2022060813/6091a8b998eb9a01bb16ceae/html5/thumbnails/1.jpg)
RSK_01_RMP RISK MANAGEMENTPOLICY, FRAMEWORK &PROCEDURE
Applies to: All personnel, internal and external stakeholders Version: 2
Specific responsibility: Board of Management, Executive Director, Operations Manager
Date approved: 12/8/19
Next review date:
August 2021
Policy context: This policy relates to the HCC RULES. and the HCC Strategic Plan 2017 – 2020
Standards or other external requirements AS/NZS ISO 31000:2009 Risk Management Standards
Quality Management Framework for Community Managed Organisations 2014
Legislation or other requirements Incorporated Associations Act 2016
ACNC
Occupational Safety and Health Act 1984
The National Safety and Quality Health Service Standards 2012
/tt/file_convert/6091a8b998eb9a01bb16ceae/document.doc P a g e | 1
![Page 2: MSO Policy Template€¦ · Web view[SOURCE: ISO Guide 73:2009, definition 3.3.1.3] Risk Management: Is the process of dealing with uncertainty. It is broadly described in the International](https://reader033.fdocuments.us/reader033/viewer/2022060813/6091a8b998eb9a01bb16ceae/html5/thumbnails/2.jpg)
ContentsRISK MANAGEMENT 1
POLICY, FRAMEWORK &PROCEDURE 1
POLICY 3
1. Policy Statement 3
2. Purpose 3
3. Scope 4
4. Delegations 4
5. Terms and Definitions 5
RISK MANAGEMENT PRINCIPLES and FRAMEWORK 7
6. Risk Management Principles 8
7. Risk Management Framework 9
8. Guidelines 11
Process and PROCEDURES 12
9 Communication and Consultation 12
10 Risk Assessment 12
11. Risk Treatment 15
12 Monitoring and Review 19
DOCUMENTATION 20
/tt/file_convert/6091a8b998eb9a01bb16ceae/document.doc P a g e | 2
![Page 3: MSO Policy Template€¦ · Web view[SOURCE: ISO Guide 73:2009, definition 3.3.1.3] Risk Management: Is the process of dealing with uncertainty. It is broadly described in the International](https://reader033.fdocuments.us/reader033/viewer/2022060813/6091a8b998eb9a01bb16ceae/html5/thumbnails/3.jpg)
POLICY
1. Policy StatementThe Health Consumers’ Council (HCC) is an independent community based organisation, representing the consumers’ ‘voice’ in health policy, planning, research and service delivery. The HCC advocates on behalf of consumers to government, doctors, other health professionals, hospitals and the wider health system.
HCC is committed to ensuring effective risk management and will undertake responsible monitoring and support improvement process
The practice of Risk Management and its reporting is designed to provide standardised, integrated and sustainable processes to meet the organisational needs and governance requirements of the Health Consumers Council that comply with all relevant statutory codes of practice and Australian standards.
2. PurposeRisk management standards aim to prevent injury or harm to individuals, to protect the assets and interests of the HCC and to limit the impact of risks. The purpose of this document is to ensure the consistent application of risk management principles, framework and processes are executed throughout all decision making, operations and activities of the HCC in accordance with the Strategic Plan 201-2020.
Key objectives are as follows;
2.1 Optimise the success of HCC’s vision, mission, purpose and values.2.2 Achieve effective Governance and adherence to relevant statutory, regulatory
and compliance obligations2.3 Provide transparent, formal oversight of the risk and control environment to
enable effective decision making2.4 Embed appropriate and effective controls to mitigate risk which will reduce
unexpected and costly surprises2.5 Enhance risk versus return within our risk appetite, enabling a balance between
opportunity and risk2.6 More effective and efficient allocation of resources through operational, project
and strategic activities2.7 Incorporate continuous improvement2.8 Maintain records for evidence of the risk management process
/tt/file_convert/6091a8b998eb9a01bb16ceae/document.doc P a g e | 3
![Page 4: MSO Policy Template€¦ · Web view[SOURCE: ISO Guide 73:2009, definition 3.3.1.3] Risk Management: Is the process of dealing with uncertainty. It is broadly described in the International](https://reader033.fdocuments.us/reader033/viewer/2022060813/6091a8b998eb9a01bb16ceae/html5/thumbnails/4.jpg)
3. ScopeThe practice of risk management applies to all activities undertaken in the operating environment whether on HCC premises or at other locations. It includes, however is not limited to;
3.1 Building premises3.2 Staff attending functions or events3.3 Current service provision3.4 Tendering scopes of work3.5 Business continuity3.6 Work Safety3.7 Business sustainability3.8 Financial management
4. DelegationsThe scope and delegations outline responsibilities for the implementation of risk management procedures and for ensuring stakeholder compliance of these procedures.
Table 1. Delegations of responsibility
Position Application ApprovalBoard Overseeing role & compliance Endorse via Management
CommitteeExecutive Director Policy Approval All business and workplace
requirementsOperations Manager Implement day to day procedures All business and workplace
requirementsEmployees Compliance with Policy and procedures All business and workplace
requirementsVolunteers Compliance with Policy and procedures All business and workplace
requirements
/tt/file_convert/6091a8b998eb9a01bb16ceae/document.doc P a g e | 4
![Page 5: MSO Policy Template€¦ · Web view[SOURCE: ISO Guide 73:2009, definition 3.3.1.3] Risk Management: Is the process of dealing with uncertainty. It is broadly described in the International](https://reader033.fdocuments.us/reader033/viewer/2022060813/6091a8b998eb9a01bb16ceae/html5/thumbnails/5.jpg)
5. Terms and DefinitionsCommunication and Consultation: The information can relate to the existence, nature, form, likelihood, significance, evaluation, acceptability and treatment of the management of risk. Consultation is a two-way process of informed communication between HCC and its stakeholders on an issue prior to making a decision or determining a direction on that issue. [SOURCE: ISO Guide 73:2009, definition 3.2.1]Consequence: is the outcome of an event affecting objectives (table 12.2.3). An event can lead to a range of consequences that can be certain or uncertain and can have positive or negative effects on objectives. [SOURCE: ISO Guide 73:2009, definition 3.6.1.3]Establishing the context: involves defining the external and internal parameters to be taken into account when managing risk, and setting the scope and risk criteria for the risk management policy [SOURCE: ISO Guide 73:2009, definition 3.3.1]Event: An occurrence (one or more) or change of a particular set of circumstances. An event can sometimes be referred to as an “incident” or “accident” or an event without consequences can also be referred to as a “near miss”, “incident”, “near hit” or “close call”. [SOURCE: ISO Guide 73:2009, definition 3.5.1.3]External context: is an external environment in which HCC seeks to achieve its objectives. External context can include:— The cultural, social, political, legal, regulatory, financial, technological, economic, natural and competitive environment, whether international, national, regional or local;— Key drivers and trends having impact on the objectives of the organisation; and— Relationships, perceptions and values of external stakeholders. [SOURCE: ISO Guide 73:2009, definition 3.3.1.1]Internal context: the internal environment in which HCC seeks to achieve its objectives. Internal context can include:— Governance, organisational structure, roles and accountabilities;— Policies, objectives, and the strategies that are in place to achieve them;— The capabilities, understood in terms of resources and knowledge (e.g. capital, time, people, processes, systems and technologies);— Information systems, information flows and decision-making processes (formal & informal);— Relationships with, and perceptions and values of, internal stakeholders;— Standards, guidelines and models adopted by the organisation; and— Form and extent of contractual relationships. [SOURCE: ISO Guide 73:2009, definition 3.3.1.2]Level of Risk: Is the magnitude of a risk or combination of risks, expressed in terms of the combination of consequences and their likelihood. [SOURCE: ISO Guide 73:2009, definition 3.6.1.8]Likelihood: Is the chance of something happening (table 12.2.6). In risk management terminology, the word “likelihood” is used to refer to the chance of something happening, whether defined, measured or determined objectively or subjectively, qualitatively or
/tt/file_convert/6091a8b998eb9a01bb16ceae/document.doc P a g e | 5
![Page 6: MSO Policy Template€¦ · Web view[SOURCE: ISO Guide 73:2009, definition 3.3.1.3] Risk Management: Is the process of dealing with uncertainty. It is broadly described in the International](https://reader033.fdocuments.us/reader033/viewer/2022060813/6091a8b998eb9a01bb16ceae/html5/thumbnails/6.jpg)
quantitatively, and described using general terms or mathematically (such as a probability or a frequency over a given time period). [SOURCE: ISO Guide 73:2009, definition 3.6.1.1]Risk: Is an effect of uncertainty on objectives, where the full effect can be a positive or negative deviation from the expected. Objectives can relate to different aspects of the organisation (financial, health, safety, and environmental goals) and can apply at different levels (strategic, organisation-wide, projects or processes). [SOURCE: ISO Guide 73:2009, definition 2.1]Risk Analysis: is the process to comprehend the nature of risk and to determine the level of risk. Risk analysis provides the basis for evaluation and decisions about risk treatment. [SOURCE: ISO Guide 73:2009, definition 3.6.1]Risk Criteria: are the terms of reference against which the significance of a risk is evaluated. The risk criteria are based on HCC objectives, external and internal context and derived from standards, laws, policies and other requirements. [SOURCE: ISO Guide 73:2009, definition 3.3.1.3]Risk Management: Is the process of dealing with uncertainty. It is broadly described in the International Standard for Risk Management (AS/NZS ISO 31000:2009) as the principles, framework and processes for effective risk management and encompasses all related risk activities. (see 7.1 The relationship between the risk management principles, framework & process)Risk Management Plan: specifies the approach, the management components and resources to be applied to the management of risk. Risk Management Process: Is the systematic application of management policies, procedures and practices to the activities of communicating, consulting, establishing the context, and identifying, analysing, evaluating, treating, monitoring and reviewing risk[SOURCE: ISO Guide 73:2009, definition 2.8]Risk Profile: is the description of any set of risks containing those that relate to the whole organisation, part of the organisation, or as otherwise defined. [SOURCE: ISO Guide 73:2009, definition 3.8.2.5]Risk Source: is the element which alone or in combination has the intrinsic potential to give rise to risk. [SOURCE: ISO Guide 73:2009, definition 3.5.1.2]Risk Treatment: involves identifying the range of options for treating risk, assessing those options, preparing risk treatment plans and implementing them. Risk treatment can involve:— Avoiding the risk by deciding not to start or continue with activity that gives rise to the risk;— Taking or increasing risk in order to pursue an opportunity;— Removing the risk source;— Changing the likelihood;— Changing the consequences;—Sharing the risk with another party or parties (including contracts and risk financing); and— Retaining the risk by informed decision.Stakeholders: are those individuals who are, or perceive themselves to be, affected by a decision or activity.
/tt/file_convert/6091a8b998eb9a01bb16ceae/document.doc P a g e | 6
![Page 7: MSO Policy Template€¦ · Web view[SOURCE: ISO Guide 73:2009, definition 3.3.1.3] Risk Management: Is the process of dealing with uncertainty. It is broadly described in the International](https://reader033.fdocuments.us/reader033/viewer/2022060813/6091a8b998eb9a01bb16ceae/html5/thumbnails/7.jpg)
RISK MANAGEMENT PRINCIPLES and FRAMEWORK Diagram 1. The relationship between the risk management principles, framework and
process (AS/NZS ISO 31000:2009 Risk Management Standards)
/tt/file_convert/6091a8b998eb9a01bb16ceae/document.doc P a g e | 7
![Page 8: MSO Policy Template€¦ · Web view[SOURCE: ISO Guide 73:2009, definition 3.3.1.3] Risk Management: Is the process of dealing with uncertainty. It is broadly described in the International](https://reader033.fdocuments.us/reader033/viewer/2022060813/6091a8b998eb9a01bb16ceae/html5/thumbnails/8.jpg)
6. Risk Management PrinciplesAt all stages of the Risk Management process the emphasis of communication and consultation is vital for successful outcomes. This is to ensure those responsible for managing risk, and those with vested interests understand the basis on which decisions are made, why particular treatment options are selected or why certain risks are accepted/tolerated.Without an effective communication and consultation process, all relevant parties will not be aware of why risk management policies have been developed and implemented, neither will they understand their individual roles and responsibilities. The 11 principles for managing risk as listed by the AS/NZS ISO 31000:2009 Risk Management Standards (Clause 3) are as follows;
6.1 Creates ValueThis principle recognises that risk management helps the organisation achieve its objectives, improves stakeholder confidence, minimises loss, improves operational effectiveness and efficiency and establishes a reliable basis for decision making and planning.
6.2 Integral part of organisational processesRisk management activities should not be separate from the main activities and processes of the organisation, rather incorporated into business processes and management controls at all levels and part of the management responsibilities.
6.3 Part of decision makingThis principle recognises that good risk management helps managers make better decisions to minimise risk and optimise every opportunity
6.4 Explicitly addresses uncertaintyUncertainty is inherent in every business and by identifying and analysing a range of risks, risk owners are better to implement controls and treatments to mitigate the likelihood and/or consequence of uncertainty and establish a more resilient organisation.
6.5 Systemic, structured and timelyThe risk management system requires organised planning to ensure efficiency. The standard itself promotes a structured and systemic risk management process and risk management framework in order to achieve a consistent and reliable result.
6.6 Based on the best value informationClosely linked to addressing uncertainty, this principle reads a little like a disclaimer. It recognises the fact that information is often limited, costly and imperfect. However, good risk management will consider information from many sources including observation, experience, forecasts and experts.
6.7 TailoredThis Risk management document is tailored to the needs of HCC considering the stakeholders, context and risk profile
/tt/file_convert/6091a8b998eb9a01bb16ceae/document.doc P a g e | 8
![Page 9: MSO Policy Template€¦ · Web view[SOURCE: ISO Guide 73:2009, definition 3.3.1.3] Risk Management: Is the process of dealing with uncertainty. It is broadly described in the International](https://reader033.fdocuments.us/reader033/viewer/2022060813/6091a8b998eb9a01bb16ceae/html5/thumbnails/9.jpg)
6.8 Takes human and cultural factors into account This principle is linked to the principle that risk management is tailored whereby the organisations risk framework considers cultural elements and both internal and external people – particularly their skills, capabilities, perceptions and intentions.
6.9 Transparent and inclusiveInternal and external stakeholders can have a major impact on the organisation. This principle recognises the need to include stakeholders throughout the risk management process including when establishing context and determining risk criteria.
6.10 Dynamic, iterative and responsive to change The risk management procedures involve responding to changes in the internal and external environments by amending strategies, management and financial plans and organisational structures.
6.11 Facilitates continuous improvement and enhancement of the organisationThis principle builds on the last principle that risk management is dynamic and iterative. It encourages HCC to be flexible and continually improve the risk management maturity framework along with other elements of the organisation to build resilience and capacity to maximise opportunities.
7. Risk Management FrameworkDiagram 2. Risk Management Framework AS/NZS ISO 31000:2009 Risk Management
Standards (Clause 4)
/tt/file_convert/6091a8b998eb9a01bb16ceae/document.doc P a g e | 9
![Page 10: MSO Policy Template€¦ · Web view[SOURCE: ISO Guide 73:2009, definition 3.3.1.3] Risk Management: Is the process of dealing with uncertainty. It is broadly described in the International](https://reader033.fdocuments.us/reader033/viewer/2022060813/6091a8b998eb9a01bb16ceae/html5/thumbnails/10.jpg)
7.1 Mandate and CommitmentRisk Management is not a one off project; it is an ongoing activity requiring ongoing commitment. It must be mandated from the Board, implemented by the Executive Director and supported by all levels of personnel and risk owners to be sustainable.
7.2 Design of framework for managing riskThis includes defining the context of the risk management framework, formulating a risk management policy, embedding processes into practice, assigning resources and determining responsibility are all key elements of designing an effective framework to manage risk. Periodic reporting to stakeholders and effective communication mechanisms will support effective implementation.
7.3 Implementing Risk ManagementImplementation is executing the theory of the risk management framework and ensuring the risk management process is understood by risk owners (through communication & training). This also relates to ensuring risk management activities take place (risk assessments & risk workshops etc.) and decisions in the organisational processes actually factor in risk thinking.
7.4 Monitoring and review of the frameworkInvolves confirmation that the various risk management elements and activities are actually working effectively in line with expectations. Any gaps identified will need to be documented and remediated.
7.5 Continual improvement of the frameworkTo continue to enhance key elements of the risk management framework to either improve current processes and/or progress towards a more mature risk management framework. HCC commits to undertake a review every 2 years or sooner if required.
/tt/file_convert/6091a8b998eb9a01bb16ceae/document.doc P a g e | 10
![Page 11: MSO Policy Template€¦ · Web view[SOURCE: ISO Guide 73:2009, definition 3.3.1.3] Risk Management: Is the process of dealing with uncertainty. It is broadly described in the International](https://reader033.fdocuments.us/reader033/viewer/2022060813/6091a8b998eb9a01bb16ceae/html5/thumbnails/11.jpg)
8. Guidelines Diagram 3. The Guidelines of Risk Management AS/NZS ISO 31000:2009 Risk Management
Standards (Clause 5)
/tt/file_convert/6091a8b998eb9a01bb16ceae/document.doc P a g e | 11
![Page 12: MSO Policy Template€¦ · Web view[SOURCE: ISO Guide 73:2009, definition 3.3.1.3] Risk Management: Is the process of dealing with uncertainty. It is broadly described in the International](https://reader033.fdocuments.us/reader033/viewer/2022060813/6091a8b998eb9a01bb16ceae/html5/thumbnails/12.jpg)
Process and PROCEDURES
9 Communication and ConsultationEffective communication and consultation is essential to ensure that those responsible for implementing risk management, and those with a vested interest, understand the basis on which decisions are made and the reasons why particular treatment options are selected. Methods of communication and consultation may include;a) Board/ Staff Meetings.b) Distribution of minutes.c) Reports.d) Staff awareness and training session.e) Internal Audits
10 Risk Assessment10.1 Establish the context – identify and understand the operating environment of HCC
in order for the risk management program to be effective. a) Define the scope of what activity, decision, project or program or issue needs analysisb) Identify relevant stakeholders/ areas involved or impactedc) Internal and/or external environment factors
10.2 Risk Assessment – comprises of the processes for identifying, analysing and evaluating risks. AS/NZS ISO 31000:2009 provides guidance on selection and application of systemic techniques for risk assessment. The techniques involve measuring the adequacy of existing management, systems and procedures to control the risk, and assess their effectiveness. The three step process consists of determining the likelihood of risk, categorising the consequences and identifying the responsibilities to action. 10.2.1 Identify – Identify and assess possible internal and external risks that may pose a threat by considering the following questions;a) What could happen?b) How and where it could happen?c) Why it could happen?d) What is the impact or potential impact?10.2.2 Analyse – the risk in terms of the HCC operational environment to understand the nature of risk and to identify tasks for further action. (13.2.3)a) Identify the causes, contributing factors and actual or potential consequencesb) Identify existing or current controlsc) Assess the likelihood & impact/ consequence to determine the risk rating
/tt/file_convert/6091a8b998eb9a01bb16ceae/document.doc P a g e | 12
![Page 13: MSO Policy Template€¦ · Web view[SOURCE: ISO Guide 73:2009, definition 3.3.1.3] Risk Management: Is the process of dealing with uncertainty. It is broadly described in the International](https://reader033.fdocuments.us/reader033/viewer/2022060813/6091a8b998eb9a01bb16ceae/html5/thumbnails/13.jpg)
Table 2. Consequence Categories Table
Health Impacts
Service Interruption
Compliance Financial Impact
Property Reputation
1 Insignificant Negligible injuries
No material service interruption
No noticeable regulatory or statutory impact
Less than $5000
Inconsequential or no damage
Unsubstantiated, low impact, low profile item, no social media attention
2 Minor First Aid injuries
Short term temporary interruption – backlog cleared <1day
Some temporary non compliances
$5001 - $50 000
Localised damage rectified by routine internal procedures
Substantiated, low impact, low news item, limited social media attention
3 Moderate Loss time injuries <2 days
Medium term interruption – backlog cleared by additional resources <1week
Short term noncompliance but with significant regulatory requirement imposed
$50 001 - $500 000
Localised damage requiring external resources to rectify
Substantiated, public embarrassment, high impact, high news profile, third party actions, requires immediate and ongoing social media response and monitoring
4 Major Loss time injuries > 2 days
Prolonged interruption to services – additional resources; performance affected <1month
Noncompliance results in termination of services or imposed penalties
$500 001 - $1 000 000
Significant damage requiring internal & external resources to rectify
Deliberate breach, or gross negligence, significant harm, formal investigation, disciplinary action, ministerial involvement
5 Catastrophic Fatality, permanent disability
Indeterminate prolonged interruption of services – nonperformance >1month
Noncompliance results in litigation, criminal charges or significant damages or penalties
More than $1 000 000
Extensive damage requiring prolonged period of restitution. Complete loss of equipment or building
Serious and wilful breach, criminal negligence, act litigation or prosecution with significant penalty, dismissal, ministerial censure
/tt/file_convert/6091a8b998eb9a01bb16ceae/document.doc P a g e | 13
![Page 14: MSO Policy Template€¦ · Web view[SOURCE: ISO Guide 73:2009, definition 3.3.1.3] Risk Management: Is the process of dealing with uncertainty. It is broadly described in the International](https://reader033.fdocuments.us/reader033/viewer/2022060813/6091a8b998eb9a01bb16ceae/html5/thumbnails/14.jpg)
10.2.4 Evaluate – evaluate the risks and compare against acceptability criteria to develop a prioritized list of risks for further action (Risk Assessment Matrix 13.2.6)a) Is the risk acceptable or unacceptable?b) Does the risk need treatment or further action?c) Do the opportunities outweigh the threats?
Table 3. Likelihood Categories Table - The level of risk is determined by the relationship between the consequence and likelihood applicable to each of the identified risks located within the area of review.
LEVEL LIKELIHOOD EXPECTED or ACTUAL FREQUENCY EXPECTED1 Rare Once in more than 10 years2 Unlikely At least once in 5 to 10 years3 Possible At least once in 3 to 5 years4 Likely At least once in 1 to 3 years5 Almost Certain More than once a year
Table 4. Risk Assessment Matrix
CONSEQUENCELIKELIHOOD Insignificant
(1)Minor
(2)Moderate
(3)Major
(4)Catastrophic
(5)Rare(1)
LOW1
LOW2
LOW3
MODERATE4
MODERATE5
Unlikely(2)
LOW2
LOW4
MODERATE6
MODERATE8
HIGH10
Possible(3)
LOW3
MODERATE6
MODERATE9
HIGH12
HIGH15
Likely(4)
LOW4
MODERATE8
HIGH12
HIGH16
EXTREME20
Almost Certain (5)
MODERATE5
HIGH10
HIGH15
EXTREME20
EXTREME25
/tt/file_convert/6091a8b998eb9a01bb16ceae/document.doc P a g e | 14
![Page 15: MSO Policy Template€¦ · Web view[SOURCE: ISO Guide 73:2009, definition 3.3.1.3] Risk Management: Is the process of dealing with uncertainty. It is broadly described in the International](https://reader033.fdocuments.us/reader033/viewer/2022060813/6091a8b998eb9a01bb16ceae/html5/thumbnails/15.jpg)
11. Risk TreatmentInvolves ensuring that effective strategies are in place to minimise the frequency and severity of the identified risk. It includes developing actions and implementing treatments that aim to control the risk. This consists of the five following considerations;11.1 If the goal is to reduce the likelihood or possibility of the risk, then you may need to alter
the approach, depending on the causal link between the threat and its impact.11.2 If the goal is to reduce the consequence or the impact of the risk, then contingency plans
might be required to respond to a threatening event if it occurs.11.3 If the goal is to share the risk, then involving another party, such as an insurer may help
so risk is shared contractually and by mutual agreement. This must be formally recorded through a contract agreement or letter.
11.4 If the risk is so significant that the goal is to eliminate or avoid it altogether then the options are limited to changing project materially, choosing alternative approaches/ processes to render the risk irrelevant.
11.5 Occasionally the decision is made to accept or tolerate the risk, due to the low likelihood or minor consequences of the risk event, or the fact that the cost of effectively controlling the risk is unjustified.
11.6 Work safety assessments will be in accordance with hierarchy of control as per table 5
Table 5. Treatment Hierarchy
Elimination
Substitution
Engineering controls
Administration controls
PPE
Once the risk assessment phase is complete, identify the options for treatment if there are any; otherwise tolerate the risk. Where options for treatment are available and appropriate, record those treatment options as part of the risk treatment plan. Utilising the combination of the Likelihood Categories Table 3, the Risk Assessment Matrix table 4, the Responsibilities table 7 to deliver a Risk Treatment Plan table 6 outcome.
/tt/file_convert/6091a8b998eb9a01bb16ceae/document.doc P a g e | 15
![Page 16: MSO Policy Template€¦ · Web view[SOURCE: ISO Guide 73:2009, definition 3.3.1.3] Risk Management: Is the process of dealing with uncertainty. It is broadly described in the International](https://reader033.fdocuments.us/reader033/viewer/2022060813/6091a8b998eb9a01bb16ceae/html5/thumbnails/16.jpg)
The cyclic process of treating a risk, deciding whether risk levels are tolerable and assessing the effectiveness of that treatment are all case by case assessments that depend on a good understanding of both the risk and the end objective of the activity being assessed. The following process is required for an effective Risk Treatment Plan;11.6 Document the risk treatment plan11.7 Implement agreed treatments11.8 Assess and monitor the risk treatment (15)
Table 6. Example of the Risk Treatment Plan The following table offers an example of existing identified risks at HCC and an approach for risk treatment plan and record keeping:Risk Risk
StatusResource Requirements
Proposed Actions Timeline Responsibility
Legislation 1. Incorporations Associations Act 2016
2. ACNC
1. In force July 2016 – ability to comply; impact
Now – July 2016
Nominations & Governance Committee
Financial 1.Cash Flow (trading solvent)
2. Insurance Portfolios
3. Contracts register
4. IT systems management
5. Organisational Funding Requirements
Ongoing Finance Committee
External Relationships
1. Consumers2. Government3. NGO’s4. Patient
Experience Surveys
1. Follow up on Strategic Plan consultants contacts – transparency/ integrity
Executive Director
Workforce 1. Appropriate Staff
2.Environment “Health Checks”
3. Performance4. Resourced
1. Align staff to contract needs – training requirement
Executive Director/ Chair
/tt/file_convert/6091a8b998eb9a01bb16ceae/document.doc P a g e | 16
![Page 17: MSO Policy Template€¦ · Web view[SOURCE: ISO Guide 73:2009, definition 3.3.1.3] Risk Management: Is the process of dealing with uncertainty. It is broadly described in the International](https://reader033.fdocuments.us/reader033/viewer/2022060813/6091a8b998eb9a01bb16ceae/html5/thumbnails/17.jpg)
Risk Risk Status
Resource Requirements
Proposed Actions Timeline Responsibility
1. Delivering Community Services in Partnership Policy
2. Relationship – Government Contract Manager
1. DCSPP checklist2. Feedback
Executive Director
Reputation 1. research & evaluation
2. provide valued effective services
3. Credibility check on collaborations
4. Best use of funding
5. Media management
6. Meeting outcomes/ strategic plan
1.Develop framework
Executive Director/ Chair
Work Safety 1. Reference AS/NZS 4801:2001
2. Reference OSH Act & Regulations
3. Electrical (RCD)4. Manual
Handling5. Evacuation6. Stress7. Staff training
Ongoing All Staff
/tt/file_convert/6091a8b998eb9a01bb16ceae/document.doc P a g e | 17
![Page 18: MSO Policy Template€¦ · Web view[SOURCE: ISO Guide 73:2009, definition 3.3.1.3] Risk Management: Is the process of dealing with uncertainty. It is broadly described in the International](https://reader033.fdocuments.us/reader033/viewer/2022060813/6091a8b998eb9a01bb16ceae/html5/thumbnails/18.jpg)
Risk Risk Status
Resource Requirements
Proposed Actions Timeline Responsibility
Quality 1. ISO 9004: 2009 Principles
Operations Manager
Sustainability 1. Fee for service development
2. Business continuity planning
3. Marketing plan4. Collaboration
assessment5. Innovation6. Resilience
Consumer & Community Engagement Manager
Membership 1. Communication (quality)
2. Remain relevant
Operations Manager
Board 1. Relates to ACNC Governance Standards
2. Commitment3. Evaluation &
Review4. Skill sets5. Insurance
Protection
Nominations & Governance Committee
Management 1. Reports to Board2. Training on risk assessment
1. Quarterly update on Risk Treatment Plan2. Monitoring regime to be established
/tt/file_convert/6091a8b998eb9a01bb16ceae/document.doc P a g e | 18
![Page 19: MSO Policy Template€¦ · Web view[SOURCE: ISO Guide 73:2009, definition 3.3.1.3] Risk Management: Is the process of dealing with uncertainty. It is broadly described in the International](https://reader033.fdocuments.us/reader033/viewer/2022060813/6091a8b998eb9a01bb16ceae/html5/thumbnails/19.jpg)
12 Monitoring and Review
Planned, regular monitoring of the risks and the risk management framework including processes is critical to keeping the risk management framework relevant to the changing needs of the organisation and external influences.
Monitoring and review will be undertaken by risk owners, the Executive Director and the Management Committee.Table 7. The Responsibilities Table provides an outline of responsibilities and
actions. Including the level at which there can be qualified acceptance of identified risks and how they are documented.
Risk Rank Description Criteria ResponsibilityLow Acceptable Risk acceptable with adequate controls,
managed by routine procedures and subject to annual monitoring
All Stakeholders
Moderate Monitor Risk acceptable with adequate controls, managed by specific procedures and subject to semi-annual monitoring
Operations Manager
High Urgent Action Required
Risk acceptable with effective controls, subject to monthly monitoring
Executive Director & Risk Management Committee
Extreme Unacceptable Risk only acceptable with effective controls and all treatment plans need to be explored and implemented where possible and subject to continuous monitoring
Risk Management Committee & the Board
12.2 Continuous Monitoring – once the risks have been identified, recorded and analysed, and the agreed treatments have been implemented, an appropriate monitoring and reporting regime needs to be established.
/tt/file_convert/6091a8b998eb9a01bb16ceae/document.doc P a g e | 19
![Page 20: MSO Policy Template€¦ · Web view[SOURCE: ISO Guide 73:2009, definition 3.3.1.3] Risk Management: Is the process of dealing with uncertainty. It is broadly described in the International](https://reader033.fdocuments.us/reader033/viewer/2022060813/6091a8b998eb9a01bb16ceae/html5/thumbnails/20.jpg)
DOCUMENTATION
Documents related to this policy
Related policies Occupational Health & Safety Act 1984
Forms, record keeping or other organisational documents
S:\REGISTERS\RISK REGISTER\Risk Register
S:\ADMINISTRATION\Templates\2016project plan
Reviewing and approving this policy
Frequency Person responsible Approval
Risk management will be a standing item of the board agenda for status reporting
Executive Director Chair
A report on Risk Management and treatment plans to be provided on the last Wednesday of the month in April, August and December annually
Risk Management Committee
Management Committee
Policy review and version tracking
Review Date Approved Approved by Next Review Due
1 3/8/2016 Management Committee 3/8/2018
2 12/8/19 Management Committee 12/8/2021
3
•ISO Guide 73:2009, Risk management - Vocabulary complements ISO 31000 by providing a collection of terms and definitions relating to the management of risk. •ISO/IEC 31010:2009, Risk management – Risk assessment techniques focuses on risk assessment. Risk assessment helps decision makers understand the risks that could affect the achievement of objectives as well as the adequacy of the controls already in place.
/tt/file_convert/6091a8b998eb9a01bb16ceae/document.doc P a g e | 20