There are many risk management models in the marketplace but the AS/NZS 4360:1999 - Risk Management standard is a good starting point. While this model forms the basis of CPA Australia's framework in risk management, other models with different categories and titles are available, or can be developed for individual preference.
The Australian standard takes a generic approach to implementation in which there are essentially seven steps that need to be taken to manage the risks of an organisation at any level. This includes managing risk from a strategic or organisational, divisional, unit or project level viewpoint. These seven steps are:
The ability to identify and develop a uniform and shared understanding of the risks to the organisation is achieved through the systematic rating of each risk. This includes analysing the likelihood of a particular risk occurring and its likely impact should it eventuate, based on criteria agreed to by everyone in the organisation. This means that at the end of the risk management process all the risks to an organisation have been profiled and analysed. An overall risk rating is given. Risk ratings may range from very low risk to very high risk and may be described in a number of ways.
There may be times when specialist or expert skills are required but this is often at the last step of the risk management process: treating the risks. This is because specialist management tools may be needed to ensure that risks are optimally managed. The skills of highly technical qualitative or quantitative managers or consultants may be utilised to ensure risks are minimised using techniques that have been tested in the market.
This page is available online at:
http://www.cpaaustralia.com.au/cps/rde/xchg/cpa/hs.xsl/2742_3478_ENA_HTML.htm
