Risk Management Framework - | Health



|[pic] |

| |

| |

| |

| |

| |

| |

|Risk Management Framework |

| |

| |

| |

| |

Contents

Purpose.................................................................................................3

Why We Manage Risk.............................................................................3

Risk Management Process......................................................................3

Documentation.......................................................................................4

Monitoring and Continual Improvement.................................................4

Governance.............................................................................................5

Risk Escalation........................................................................................7

Training..................................................................................................9

References.............................................................................................9

Risk Management Framework

Purpose

Risk is defined as the effect of uncertainty on ACT Health’s ability to successfully meet its objectives and responsibilities.

ACT Health accepts that risk is a fundamental element of conducting business and is committed to proactive, consistent management of risk.

The key objectives of the Risk Management Framework (Framework) are to ensure that:

• a consistent risk management methodology is integrated into ACT Health’s planning; implementation; operational management; maintenance and review processes;

• risks are identified at all levels and their potential effects on the successful achievement of objectives are understood and appropriately managed;

• risk data informs all strategy setting and decision making processes;

• risk status and control effectiveness is monitored and reported in an accurate and timely manner throughout the life of every activity and project;

• significant risks are escalated and acted upon at appropriate levels;

• a risk based internal audit program is enabled.

Why We Manage Risk

When implemented and maintained, the management of risk enables us to:

• Plan, in a consistent manner, to manage significant risks to our objectives;

• Improve stakeholder confidence and trust;

• Improve operational effectiveness and efficiency;

• Establish transparency in decision making and improve establishment of priorities;

• Improve organisational learning and resilience;

• Pursue opportunities for improvements to processes and achievement of objectives

• Improve compliance with relevant legal and regulatory responsibilities.

Risk Management Process

Risks will be managed in line with ACT Health’s Risk Management Policy, Framework and Guidelines which are based on the international risk management standard AS/NZS ISO 31000:2009. Processes adopted by ACT Health are tailored to align with the organisational structure and performance reporting (as shown in Figure 4 - Integrated Business Planning, Performance Reporting and Risk Management Framework). The Risk Management process is displayed in Figure 1- Risk Management process. More information on the process is provided in the Risk Management Guidelines.

Figure 1 – Risk Management Process

[pic]

Documentation

All risk management activities should be documented for use as a retrievable source of information on ‘lessons learned’ and as evidence of the organisation’s commitment to continual improvement and better practice. Risk management documentation is used for obtaining organisational certification and in addition, ACT Health is required to comply with Territory regulations and needs to keep full and accurate records on all its risk management activities. High quality documentation of risks will facilitate effective analysis of risks and inform further treatment and future trend analysis.

The Riskman Risk Register module provides ACT Health with an electronic tool for documenting risk management activities, monitoring and reporting.

Monitoring and Continual Improvement

To ensure the organisation’s risk management process remains effective in supporting organisational performance; ACT Health’s risk management processes are subject to ongoing review by Tier 1 committees, particularly the Director General, Deputy Director General (DG DDG) Strategy Committee and the Audit and Risk Management Committee (ARMC). The forums monitor implementation of improvements and key performance indicators that include:

o Quality of risk management plans and extent of integration into planning, implementation and ongoing activities / operations;

o Ensure that management actions are implemented and that their relevant review timeframes are adhered to.

Governance

Figure 2 – Governance Definitions

[pic]

Within ACT Health risks are managed at four levels in line with the organisational business planning, performance and reporting structure (Figure 4):

Tier 1: Organisational Level

Tier 2: Group Level

Tier 3: Divisional Level

Tier 4: Team Level

Organisational Level Risks:

• impact several groups and therefore should be addressed collaboratively and uniformly with DG DDG Strategy Committee oversight; or

• present unique features and consequences that could threaten core objectives of the organisation; and

• the Executive Directors Council considers that the risk to objectives should be managed at Organisational Level.

Group Level Risks:

• impact several divisions and therefore should be addressed collaboratively and uniformly with Deputy Director General oversight; or

• present unique features and consequences that could threaten core objectives of the group; and

• the relevant Deputy Director General (or risk committee) considers that the risk to objectives should be managed at Group Level.

Divisional Level Risks:

• impact several teams (business units/ programs) and therefore should be addressed collaboratively and uniformly with Executive Director oversight ; or

• present unique features and consequences that could threaten core objectives of the division; and

• the relevant Executive Director (or risk committee) considers that the risk to objectives should be managed at Divisional Level.

Team Level Risks:

• present uncertainty in team’s ability to successfully deliver timely, quality outcomes from objectives and responsibilities.

Figure 3 – Risk Escalation

[pic]

Risk Escalation

Although not limited, the general criteria for escalating risks through the Tiers are:

• Risks that impact several parts of the business at the current Tier;

• Risks that cannot be effectively managed at the current Tier;

• High level risks that may affect core objectives at the higher Tier.

Risks to be considered for escalation from Tier 4 through to Tier 3 should be first proposed to the nominated divisional risk management representative as seen in Figure 3 – Risk Escalation. In line with ACT Health’s Divisional Risk Management process the risk will be recorded and re-assessed against Divisional level risk criteria. This assessment is normally completed by the Division’s risk management committee; however the Executive Director may choose to personally assess risks proposed for escalation. Assessment outcomes must be recorded by the division.

Risks that may need to be escalated from Tier 3 through to Tier 2 need to be presented by an Executive Director for relevant Group committee or Deputy Director-General consideration. Similarly risks that may need to be escalated from Tier 2 through to Tier 1 must be proposed to the DG DDG Strategy Committee for consideration in line with Organisational Level risk criteria. The Organisational Risk Escalation process details the responsibilities from proposal to DG DDG Strategy Committee to acceptance, recording and treatment.

Figure 4 - Integrated Business Planning, Performance Reporting and Risk Management Framework

[pic]

Training

In line with ACT Health’s Essential Education Policy requirements:

1. All staff will receive basic risk management awareness training as a part of their orientation. All staff should undertake the level one Risk Management Training (e-learning through Capabiliti).

2. All staff with management responsibilities are also required to undertake ‘Managers Orientation” training.

3. Any person having responsibility for advising on, or actively promoting risk management will arrange to complete appropriate training in collaboration with Internal Audit & Risk Management Branch within two months of their appointment.

Electronic risk register access cannot be granted until appropriate training has been completed.

Training requirements also apply to staff working on projects and should include contractors or volunteers where their role involves managing risk or implementing risk treatments.

References

|Owner |Reference |Link |

|ACT Insurance Authority |Risk Management guidelines and toolkits |treasury..au/actia |

|Risk Management Institute of |Risk Management |.au |

|Australasia | | |

|Standards Australia |Risk Management-Principles and Guidelines |.au |

| |- AS/NZS ISO 31000 – 2009 | |

|Standards Australia |Risk Management Vocabulary |.au |

| |- ISO Guide 73:2009 | |

|Victorian Insurance Management |Risk Management | |

|Authority | | |

|ComCover |Better Practice Guide |

| | |e_Guide.pdf |

................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download