Risk Management Plan

131 views 8:36 am 0 Comments September 18, 2023

Risk Management Plan

Develop a risk management plan for your shared activity or relationship that identifies the risks that may prevent the objectives being met. This can be done jointly or individually and then combined.

1. Purpose of the Risk Management Plan

The purpose of the risk management plan is to allow an organisation to identify and record potential risks. The plan also allows mitigation strategies to be developed and tracked.

The document should be updated whenever is necessary, i.e. following an incident of significant impact on the organisation’s day-to-day operation.

 

2. Organisational Context

It is not possible to avoid risk entirely. To attempt to do so would mean that the organisation would effectively be unable to function. It would also not be able to take advantage of opportunities as they arise.

The Board should use this heading to describe what their willingness to accept risks is. This should be described in the context of the type of organisation it is. For example: “As a not for profit community organisation we have limited financial resources. Our primary responsibility is to our clients. As recipients of government funding we also have a responsibility to use our resources wisely. These factors mean that the Board’s attitude to risk is generally cautious.”

Stating the organisational context and the Board’s appetite for risk sets the tone for the whole organisation and for the risk management plan in particular.

 

3. Risk Diagram

The following diagram represents a process to be followed:

Identify the Risks

Use this space to list the main risks you have identified. This work should be carried out in consultation with key stakeholders including staff at all levels of the organisation.

 

In order to address group-related risks you may wish to use headings such as those in the table below. Please note this is not intended to be a comprehensive list of all the risks organisations are likely to encounter. It is essential that each provider undertakes the risk identification process for itself.

 

Internal

External

Financial management, for example:

Viability / liquidity

Fraud control

Reducing / insufficient income streams

Income loss

Poor cost control

Insurances not kept up to date

Funding, for example:

Changes in funding agreements

Shortfalls in funding programs

Human Resources, for example:

Succession planning

Poor staff supervision and performance appraisal

Staff turnover/ headhunted by competitor

Excessive work load and poor staff morale / staff burn-out

Difficulties in recruiting suitable staff

Regulatory environment, for example:

Changes in regulatory framework

Negative registration reports

No internal systems to proactively manage all the factors that drive the performance of the organisation

Property management, for example:

Inappropriate stock

Contractors fail to perform maintenance contract / Poor response time by contractors

Stock transfer liabilities

Asbestos

Aging / poor quality stock

Reputation, for example:

Public and community perception of the Association

Negative comments from press or politicians

Legislation compliance, for example:

Privacy Act

Corporations Act / relevant Incorporation legislation

Anti-discrimination / Disability Services Act

OHS

Meeting tax requirements

Competition, for example:

Losing opportunities to grow

Other providers

Unexpected rapid growth

Corporate governance, for example:

Lack of appropriately skilled board members

Volunteer / board member burn out

Board turnover

Board fails to appraise CEO performance

Conflict on the board

Conflicts of interest not managed effectively

Difficulty recruiting to the board

Director’s insurance not kept up to date

Policies and procedures not reviewed

Board lacks a value based framework

Partnerships, for example:

Risks from failed partnership arrangements

Risk of conflict with partners

Information technology, for example:

IT not sufficient for expanded organisation

IT not able to produce registration monitoring data

IT performance date disaster recovery plan

 

Tags: , , , , , , ,