A risk is the possibility of incurring misfortune or loss. From an organisational perspective risk can be defined as the "chance of something happening that will have an impact upon its objectives." (risk management, Management Alternative 2007)

Well governed organisations minimise the potential for things to go wrong using "risk management" strategies and processes. Successful organisations are likely to be managing risk more effectively. They have the leadership, policy, infrastructure and culture that can minimise potential losses and maximise potential gains.

Risk management was once seen as a stand alone process. Risk management practices have increasingly become more established and integrated into management and planning practices of organisations. All opportunities should be sought to link and combine risk management with other organisational processes.

The Australian and New Zealand risk management Standard AS/NZS ISO 31000:2009, Risk management - Principles and guidelines provides an independent, sound and practical framework that can be adapted to any organisation or task. This standard is well regarded internationally and has been adopted by many countries.

Why is it important?

• Organisations need to protect themselves from the threat of possible litigation.
• Staff, consumers and stakeholders have a right to feel safe and confident in how the organisation conducts its business.
• There are fewer unexpected events with negative consequences.
• Potential opportunities can be exploited with more success.
• Improved decision making, planning, performance and effectiveness of the organisation.

What do I need to do?

Risk management strategies should be put in place for all significant projects.

• Develop and maintain a risk management framework, plan, policies and procedures.
• Develop an organisation-wide risk register that provides evidence of risks having been identified, treated systematically and reviewed on a continuous basis.
• Conduct audits, including document reviews, technical inspections and testing to provide assurance that risk management systems are in place and are effective.
• Develop a risk management system to ensure that incidents and accidents are:
  • identified, recorded and reported
  • investigated to determine the cause, with the outcome of the investigation documented and all necessary action takennd
  • analysed regularly to identify trends for review and action.

Business Continuity Plans

As part of your risk management process, plans should be developed in areas of your identified risks.  For example a hot weather policy and extreme weather plans, pandemic flu, IT risks and communication issues. These can be dealt with separately or in a single business continuity plan.

Please find attached links to templates, example procedures and guidelines that may assist you in the development of your organisation's business continuity plan.

• The SA Government has a guide to Preparing a Business Continuity Plan.

• The Department of Families, Housing, Community Services and Indigenous Affairs (FaHCSIA) has produced a workbook specifically for NGOs:
  Pandemic Influenza Workbook: Building Resilience through Business Continuity and Pandemic Planning  (for Non-Government Organisations) 
  Note: The title would indicate it is mostly about Pandemic Influenza; however it is a business continuity guide that can be used for all hazards.)

It may be that your peak bodies also have guides to Business Continuity Management that they have developed as suitable for their member organisations.

References

• See the Service Excellence Program for more information.
• Australian and New Zealand risk management Standard AS/NZS ISO 31000:2009, Risk management - Principles and guidelines.
• Australian and New Zealand risk management Standard AS/NZS 5050:2010, Business Continuity – Managing disruption-related risk
• An introduction to risk management - Help Sheet, Our Community
• risk management. Management Alternatives

Extreme weather response

• DFC Extreme Weather Plan
• Red Cross Vulnerability Assessment Tool
  To support and guide agencies in assessment of vulnerability – not compulsory
• Red Cross Vulnerability Assessment Form
  Refer Assessment Tool above
• Sample Extreme Weather Policy - ACH Group
• Telecross REDi Fact sheet (pdf)

Bushfire planning

• Bushfire safety for organisations and businesses (CFS Fact Sheet no. 7.1)
• Bushfire safety & survival for business and organisations (CFS booklet) (pdf format, 2.32MB)
• Excerpts from the DFC Bushfire Preparedness Plan - Dec 2010 (Sample information that may be of use to organisations preparing bushfire plans. Please note that it does not include changes made by the CFS in 2011.)

Links

• ACT Council of Social Services Inc (ACTCOSS)
• Alliance for Nonprofit Management (USA)
• Australian Risk Services
• Department of Regional Development and Industry (QLD)
• Free Management Library (USA)
• Monash University (VIC)
• Non Profit risk management Centre (USA)
• Oz for the Volunteer Project Manager (AUS)
• Queensland University of Technology
• Risk Management Institution of Australasia
• Workcover (NSW)
• Standards Australia