The following example illustrates the difference between strategic risks which include: external environmental influences, operational risks at the organisational level and Management-level risks which impact on the ability to implement strategies. Risk may be short-term, medium or long-term over the life cycle of a project or in relation to corporate planning objectives.
|Strategic objective:||Ensure the ongoing commitment to the Metropolitan Transport Plan.|
|Strategic risks:||Amendment to strategic transport planning policies alters the emphasis of the plans, changing the nature of impacts on planned transport improvements and in turn changing the type and nature of foreseen imbalances in the transport network.|
|Management risks:||Previously undisclosed asbestos identified on the node worksite causes closure of site, amendment of site safety plan and engagement of suitably qualified contractor. This results in further impacts on project outcomes in terms of cost and schedule.|
|Operational risks:||Contract works to improve the key transport node fall behind schedule causing extended commuter disruption and dissatisfaction.|
ORM must be carefully planned and managed to ensure that the process produces results that help the organisation to being continually sustainable.
In order for this ORM Framework to be effective, integration with the universities strategy and with the annual planning exercises for all Divisions and Areas is essential. To gain the best results from the Whole of Organisation context, the university will do the following:
a) Initiate communication, consultation and participation
ORM is not just a technical process or methodology, but is, more significantly, a cultural process. Meaningful participation from the stakeholders and effective collaboration with a wide range of participants is required to manage risks effectively and efficiently.
Communication and consultation are essential in ensuring participation and collaboration. Therefore, management at all levels should approach the implementation of ORM as an opportunity for cultural change within the organisation.
b) Continue the improvement of the framework and the policy
Risk is a journey upon which all staff should embark. Once we are sure that our processes are robust and embedded throughout all that we do, we need to look further ahead to enhance our level of ORM maturity. This includes the realignment of our existing processes with the current standard of risk management.
c) Lead by example, empower staff to assist a change in culture
The ORM process for Risk Assessment has the ability to highlight issues of change. However, the challenge for managers is to support and encourage ORM by:
d) Develop and improve tools and reporting
e) Train and educate staff staff
Training provides a common language that is used which further helps general understanding of ORM in the university, but it also provides for better collaboration between divisions and organisational units.
As a means to link the Whole of Organisation level to the Operational level, Risk Assessments should be completed for each division/office/area Annual Operational Plan prior to, or at the beginning, of the Financial Year. As part of this process, each team will identify the key inputs, processes, stakeholders and outputs to their area.
These Risk Assessments should be then given to the Manager Risk and Assurance, who will create a Management Level oversight report of these risks for presentation to the Finance, Audit and Risk Committee (FARC). This creates the link between Operational, Management and Whole of Organisation levels.
Risk Assessments should be used for all major processes, events and activities at the operational level. These risks and opportunities will be entered into the Universities Risk Register and categorised as Operational Risks.
Most business units, at one time or another, may have the need to complete an ad-hoc project or event. It is important to apply risk and opportunity management processes to these projects or events in the same manner that we do at all of the above levels of the University.
Risk Assessments should also be completed at the inception stage for the project (at the idea stage). The Risk Assessment, if done correctly, should help inform the Project Team and the University as to whether or not:
However, the main difference between the two is that the risk and opportunity management tool may not necessarily be completed by a member of staff.
Example(s) of where a Risk Assessment should be done:
Any Risk Assessment that is completed should be supplied to the Risk Management Advisor and a copy should be filed immediately in HPE Records Manager in the following folder:
17/219 GOVERNANCE AND GENERAL ADMINISTRATION - Risk Management - Plans - 2017 Charles Sturt University Risk Management Plans (Assessments)