Risk Management Consulting
Risk Management and Governance Services
To effectively manage risk businesses must create and demonstrate value to its stakeholders through a series of well-defined organisational risk principles. This requires the organisation to build a workplace culture that can communicate and socialise risks and the value in improving its risk profile and ultimately its risk appetite. Once value is perceived the organisation should build its risk framework to facilitate integration into daily practices and the quality framework. Finally, a systematic and well-organised process of managing risks should be created. This ensures the principles are implemented and commitment to risk builds sustainable practice.
HPS is experienced in the deployment of risk management systems against the International Standard ISO31000:2016 to implement effective risk management practices. These requirements are outlined below in the diagram.
Identification of Risk Management Opportunities
Any operational and strategic risks will be identified through engagements with personnel, review of risk assessments, review of gap analyses, interviews officers and senior leaders and survey ad assessment of risk culture.
Operational risks assessed will include:
- Availability of documented policy, procedure and records of critical process points;
- Demonstration of competency to task for critical process points;
- Evidence consistent of controls of outcomes for critical process points;
- Evidence of breaches, corrective actions, inefficiencies and ineffective controls; and
- Gaps in practices that could lead to an out of control process.
Strategic risks will include:
- Political risks that present a near-term impact on operations;
- Economic risks that limit the resources and fund to implement, manage and improve quality of practice;
- Sociologic risk that influence, shape or impact the decision-making process around the approval and registration of chemicals;
- Technological constraints that limit the ease of doing business;
- Legal risks impacting how a chemical is approved or registered, how confidential information is controlled and how data is protected; and
- Environmental risks that impact the location, scope and market demand for chemical approval and registration.
In the course of reviewing operational risks the implementation, use and compliance with ISO9001:2016 will be assessed. Any gaps or areas that are not complying with the requirements of the quality framework will be addressed as risk-based, operational opportunities.
Developing improvements for identified opportunities
Any risks identified will be collected and documented on a risk register. Risk mitigations will be prioritised according to risk appetite. All opportunities for improvement will be able to demonstrate an improvement in the likelihood of the risk occurring and the responsiveness to identifying risks before they materialise.
Providing implementation plans for identified opportunities
Any risk treatment and management opportunities identified will be managed through a risk management plan. The plan adopts a best-practice risk process which identifies:
- risk,
- risk rating,
- risk treatment,
- risk owner,
- risk review date, and
- expected risk rating after treatment.
A risk plan will be shared and will have several owners of risk mitigations. It is therefore important that risk owners be competent in risk management techniques, such as risk-based thinking, risk-based problem solving and risk-based decision making. HPS works with risk managers to develop a positive risk culture, reflected in practices that ensure risks are communicated, assessed and mitigated in a timely and effective manner. HPS applies a coaching approach to ensure the highest level of sustainable risk practice is achieved. Coaching involves the discussion, planning and implementation of framework by utilising the principles of risk management.
Conducting crisis management/business continuity plan training
A sustainable risk management framework can only be delivered with the assistance of competent and capable personnel. Training in the risk management framework and practices will facilitate a competent implementation of the risk process. The training will deliver the following curriculum:
- Understanding Risk Principles
- Socialising Risk
- Establishing context
- Identifying Risk
- Analysing Risk
- Evaluating Risk
- Treating Risk
- Monitoring and Reviewing Risk
- Recording Risk
- Communicating Risk
The course is to be delivered on-site in a workshop format. The course will provide a mix of theoretical and practical work and will culminate with a risk management scenario focussed on a crisis event. Crises are the materialisation of risk and impose a deviation to normal practice resulting in uncertainty. Business continuity is the process of applying risk treatment to return a business to normal operating conditions after a crisis. By planning a crisis event and simulating it in the workplace personnel can create draft business continuity plans that lead the organisation out of crisis.
HPS works with the key personnel to create a crisis simulation and subsequent risk treatments, with the aim of assessing the knowledge of the trainees. Further, the simulation will document good practices that could lead to procedures and/or work instructions for crisis management.
Providing other related services and advice, as required
Should opportunities arise, for further risk management consulting, during the delivery of risk governance services HPS will consult with to ascertain the need, relevance and priority.
Capability and Qualifications
HPS has the capability to deliver risk management and governance services. HPS has provided risk management and governance at local and Federal Government, private and non-profit entities globally. Clients include Alcoa Arconic, APVMA, Blue Mountains City Council, Lion, CatholicCare, Gateway Family Services, Zoo Aquarium Association, Lead Professional Development Association. Examples of the governance and consultation of risk is provided below with the most relevant projects.