The Risk Management Process
The activities involved in the risk management process include:
| 1. Establish the context |
- Define the scope of enquiry or obtectives
- Identify relevant stakeholders and areas involved or impacted
- Recognise the internal and/or external environment and factors
| 2. Identify the risk |
Identify and assess:
- What could happen?
- How and where it could happen?
- Why it could happen?
- What is the impact or potential impact?
| 3. Analyse the risk |
- Identify the causes, controbuting factors and actual or potential consequences
- Identify existing or current controls
- Assess the liklihood and impact or consequence to determine the risk rating
| 4. Evaluate the risk |
- Is the risk acceptable or unacceptable?
- Does the risk need treatment or further action?
- Do the opportunities outweight the threats?
| 5. Treat the risk |
- If existing controls are inadequate identify further threatment options
- Devise a treatment plan
- Seek endorsement and support for treatment
- Determine the residual risk rating once the risk is treated
Communicate and Consult
At all stages of the process, ensure those responsible for managing risk, and those with vested interests, understand the basis on which decisions are made, why particular treatment options are selected or why risks are accepted/tolerated.
Monitor and Review
Continually check the effectiveness of risk controls and/or treatments and changes in context or circumstances. Document and report this activity accordingly.
More detailed explanations of the process can be found in the Risk Management Handbook.
For assistance with a risk assessment please contact Anne Hill (Manager Risk Services) on 8313 4603 or via email (anne.hill@adelaide.edu.au).
