The University of Adelaide - Risk Identification, Management, and Monitoring - Case Study Example

Risk Management. by (Name) Course Lecturer: University Name Date Project 1 1. Introduction The University of Adelaide conducts a wide range of activities that cut across the disciplines of commerce, education, and research. Consequently, this great diversity of activities exposes the university to multiple risks hence the indispensable need for the institution to install a dynamic risk management strategy in the event something unexpected happens. The University of Adelaide Act spells out the institution's statutory obligation for risk mitigation and pitches risk management as a pivotal component that underlines good governance (Bidgoli, 2010). A framework for risk management is integrated with the institution's structure of governance whereby the ultimate responsibility for risk is vested with the President, Vice Chancellor, Committee for Audit Compliance and Risk as well as the University's Council. The University’s risk management principles are adopted from AS/NZS ISO 31000:2009: Risk Management – Principles and Guidelines (Curkovic et al., 2013). Risk Identification, Management, and Monitoring The University’s risk management policy stipulates stringent considerations to be made during identification of risks. The identification process entails recognizing the potential sources of risks, the areas likely to bear the impact of the risks, events with their potential causes as well as the consequences (Tchankova, 2002). The process of identifying risks seeks to answer a predetermined set of questions that seek to establish the likely event that could happen and the possible ways that the event will happen. Also, the process seeks to establish the possible locations of such a happening as well as the reasons why the event might occur and the potential impact of the event and the persons, projects, programs or partnerships that confer some influence on the event (Neiger et al., 2009). The University further analyzes the risk based on its likelihood of occurrence and further evaluates the acceptability or unacceptability of the risk. The Risk Management Plan for the University of Adelaide spells out various options that help in modifying any particular risk. These options include avoiding risks by failing to start or discontinuing certain activities associated with risks (Bidgoli, 2010). In the event The University wishes to pursue a certain opportunity then it sometimes increases or takes the risk. Moreover, removal of the identified sources of risks or changing the likelihood of the risk occurring are additional options for risk management. The University also shares some of its risks by insuring assets, processes and liabilities. Finally, The University manages some of the risks by modifying their consequences or retaining the risk through informed decision-making (Curkovic et al., 2013). Monitoring Continuous monitoring and review conducted by the University ensure timely analysis and prompt management of all identified risks (Kurata et al., 2005). This provides an assurance of effective management of all risks and helps to embed some management options into the daily processes and work methods. Also, the managers are useful in reviewing the profiles of potential risks within their jurisdiction and make risk management an agenda item for meetings (Williamson et al., 1993). The University also has an internal audit structure that reviews the processes, systems as well as policies to ensure compliance. Moreover, external auditors review The University’s processes and systems on a yearly basis. Finally, the University has provisions for Risk Facilitators or Local Coordinators who access and make use of the University’s Risk Register (URR) as the need arises (Kurata et al., 2005). Stakeholders Analysis The University runs an all-inclusive process by identifying all stakeholders who are likely to bear the impact of a particular risk and soliciting their input on the said risk. It also seeks to understand and give as much consideration as possible of the interests of all stakeholders. The University makes constant communication and consultation with internal as well as external stakeholders throughout the process of risk management (Elms et al., 2002). The internal stakeholders include staff members offering services at the University and the management team including the departments, the Committee for Audit Compliance and Risk, the Vice Chancellor's office, the President's office and the University's Council (Luyet et al., 2012). The University equally works with both external and internal stakeholders to ensure relevance and appropriateness of risk management strategies. The Institution effectively manages its risks, which is pivotal in maintaining stakeholders’ confidence. The risk management process also allows for a streamlined process for reporting to both external and internal stakeholders (Luyet et al., 2012) Statistical Information The framework for risk management by the University comprises of a risk policy that provides principles, procedures, requirements and responsibilities, regulatory authorities, insurance covers, professional standards and ethics committees. Besides, the risk management handbook expounds on the policy provisions for enhanced understanding of the guidelines (Bedard et al., 2008). The University also holds a risk register that allows for profiling of risks likely to occur (Bedard et al., 2008). Moreover, the institution compiles formal reports on the risk status for both external and internal audit teams. Finally, the University Risk Management Committee (URMC) coordinates and manages risks relating to the University. Compliance with AS/NZS ISO 39000: 2009 The principles of risk management utilized by the University emanate from the standard AS/NZS ISO 39000: 2009: Risk Management – Principles and Guidelines. Also, the University works actively to comply with the ISO standard to ensure effective risk management (Curkovic et al., 2013). For instance, the University’s policy addresses uncertainty explicitly when the decision-makers make contextual consideration, use knowledge, judgment and evidence in risk mitigation. Besides, the University complies with the transparency and inclusive principle through engagement of both external and internal stakeholders in every process of risk management (Krum et al., 2006). The risk management policy addresses legal, economical and technological requirements. In the first place, the policy arises from the University of Adelaide Act and heavily relies on the Standard AS/NZS ISO 39000: 2009: Risk Management – Principles and Guidelines. Compliance with these set guidelines addresses the legal obligations of the University. Besides, the University has an interactive electronic platform such as the risk register that supports the process of managing risks and addresses the training needs of the various stakeholders concerning a particular risk (Calow, 2009). The University staffs undergo training on various aspects of risk management to ensure compliance to standards and efficiency in the processes. The Associate Director Risk Services oversees support and training services about risk management to increase staff awareness and knowledge in the processes (Curkovic et al., 2013). 2. Areas of Improvement The University should improve its management of expectations from stakeholders by seeking to answer further the question on what additional benefit can the customers draw from the University's risk control measures. The senior management needs a further recognition of the inherent uncertainty in the future and the endless possibilities that remain difficult for one to predict. Consequently, the management should conclusively update stakeholders on latest forecasts of the business(Rejda, 2011). Secondly, the senior management should enhance clear communication to staff employees and middle-level managers on all that needs to an action to manage risks as well as the bandwidths of acceptable behavior. Initiation of discussions by the board on the required internal controls for managing stakeholders' expectations remains essential. Most importantly, the relevant officers in charge of risk management should portray a good example for emulation by the junior staff and all persons concerned. Clarification of the rules and responsibilities on the instructions, protocols and charters is useful and requires further strengthening by the University. This also improves the coordination of risk management processes. Training and capacity building of all staff with skills for risk mitigation help to reduce the impact of the potential risks likely to affect the University (Saunders et al., 2006). Strengthening the reward system through an improved remuneration policy helps to modify the staff behavior positively to serve the interests of the institution in regards to risk mitigation. Risk assessment and identification are the products one's opinions and personal preferences and characters. Consequently, investing heavily in risk management training remains essential in ensuring organizational objectives are secured (Wang et al., 2002). Conclusion Occupational health and safety is paramount for the success of any given business hence the need for organizations to invest in mitigation of the associated risks associated (Tchankova, 2002). The management should avail all essential information to the employees to better help prepare them in dealing with occupational health and safety issues. Also, investment in training of the staff on skills that help minimize the impact of any given risk in the unlikely event it occurs remains crucial. Improved recognition schemes and keenly focussing on the satisfaction of the workers with their job helps to promote loyalty and a caring attitude towards their employers (Kurata et al., 2005). References Bedard, J.C., Deis, D.R., Curtis, M.B., Jenkins, J.G., 2008. Risk monitoring and control in audit firms: A research synthesis. Audit. J. Pract. Theory 27, 187–218. Bidgoli, H., 2010. The Handbook of Technology Management, Supply Chain Management, Marketing and Advertising, and Global Management. John Wiley & Sons. Calow, P.P., 2009. Handbook of environmental risk assessment and management. John Wiley & Sons. Curkovic, S., Scannell, T., Wagner, B., others, 2013. ISO 31000: 2009 Enterprise and Supply Chain Risk Management: A Longitudinal Study. Am. J. Ind. Bus. Manag. 3, 614. Elms, H., Berman, S., Wicks, A.C., 2002. Ethics and incentives: An evaluation and development of stakeholder theory in the health care industry. Bus. Ethics Q. 12, 413–432. Krum, H., Jelinek, M.V., Stewart, S., Sindone, A., Atherton, J.J., Hawkes, A.L., others, 2006. Guidelines for the prevention, detection and management of people with chronic heart failure in Australia 2006. Med. J. Aust. 185, 549. Kurata, N., Spencer, B.F., Ruiz-Sandoval, M., 2005. Risk monitoring of buildings with wireless sensor networks. Struct. Control Health Monit. 12, 315–327. Luyet, V., Schlaepfer, R., Parlange, M.B., Buttler, A., 2012. A framework to implement Stakeholder participation in environmental projects. J. Environ. Manage. 111, 213–219. Neiger, D., Rotaru, K., Churilov, L., 2009. Supply chain risk identification with value-focused process engineering. J. Oper. Manag. 27, 154–168. Rejda, G.E., 2011. Principles of risk management and insurance. Pearson Education India. Saunders, A., Cornett, M.M., McGraw, P.A., 2006. Financial institutions management: A risk management approach. McGraw-Hill/Irwin. Tchankova, L., 2002. Risk identification-basic stage in risk management. Environ. Manag. Health 13, 290–297. Wang, H., Mylopoulos, J., Liao, S., 2002. Intelligent agents and financial risk monitoring systems. Commun. ACM 45, 83–88. Williamson, J.A., Webb, R.K., Sellen, A., Runciman, W.B., Van der Walt, J.H., 1993. The Australian Incident Monitoring Study. Human failure: an analysis of 2000 incident reports. Anaesth. Intensive Care 21, 678–683.  Project 2 SPECTRA MEDIA LTD RISK MANAGEMENT PLAN 1.0 Introduction 1.1 Purpose The Plan defines the mechanisms for identifying, analyzing and managing all risks relating to Spectra Media Ltd (SML). Also, the plan outlines the performance, recording and monitoring activities relating to risk management as well practice standards utilized by the risk management team during recording and prioritization of risks 2.0 Stakeholders Analysis The risk management plan puts into consideration various stakeholders that are associated with risks likely to affect the company namely, the government’s department, training institutions offering health programs, health regulatory bodies, councils and institutes, health professional associations, research institutions, health facilities, health strategic partners, pharmaceutical companies and distributors, other health technology companies, health practitioners and, the healthcare consumers. 3.0 Risk Context SML is a health technology based company whose sole aim is to improve healthcare standards in Adelaide through increased awareness of various health dynamics. The company exists to promote healthier societies through increased access to healthcare information. The company offers various products and services namely health media publications, health events coverage, social marketing of health products and services, health-related software and computerization of health services. 4.0 Risk Management Process The risk management team in conjunction with the risk manager will actively identify, analyze and manage all potential risks associated with the SML to minimize the impact on the organization. The Administrator of SML will double up as the Risk Manager for and shall be directly answerable to the Board of Directors on all matters relating to risk management. All the potential risks shall be managed by the standard AS/NZS ISO 39000:2009: Risk Management – Principles and Guidelines. 4.1. Roles and Responsibilities Role Responsibilities SML Risk Management Team The risk management team will identify and determine the context, priority, timing, consequence and impact of a risk. Risk Manager Identification of risk interdependencies, verification of external and internal risks, and continuous monitoring of potential risks Integrated Project Team Identification of risks, the dependant variables, the context as well as the consequences of the risks Key Stakeholders The stakeholders help in identification and determination of the context, priority, timing, consequence, and impact, of a risk. 4.2. Risk Identification Identification of risks will involve the listed stakeholders, risk management team, which will evaluate environmental factors, as well as the culture of SML. Close attention, will be paid to SML's objectives, constraints, assumptions and resource plans. SML will utilize the following methods in the identification of risks namely brainstorming, SWOTs analysis, interviewing and diagramming. The company will generate and periodically update a log for risk management and store the same in an electronic library. The identified risks affecting SML include risks related to technology, legislation, human behavior, political circumstances and commercial relationships. 4.3. Risk Analysis All risks will be subjected to both quantitative and qualitative risk analysis that will inform the prioritization. 4.3.1. Qualitative Analysis of Risks The risk manager will assess the impact and probability of every risk by soliciting input from the risk management team. The risk manager will grade the probability of each risk as high, medium or low. The same scale will also be used to grade the impact of each identified risk. 4.3.2. Quantitative Analysis of Risks The risk manager will assign numerical ratings for every risk identified by quantitative analysis and for purposes of documentation in the risk management plan. 4.4. Risk Treatment The risk management team will use a variety of methods to manage all potential risks namely avoiding the risk, mitigating the risk to reduce its probability or impact, accepting the risk by doing nothing, contingency budgeting for the risk or transferring the risk by shifting its consequences to third party entities such as insurance firms. 4.5. Risk Monitoring, Controlling, and Reporting The risk manager will ensure tracking, monitoring, controlling and monitoring of all identified risks. The risk management team will assign every risk to a risk owner whose role will involve monitoring, controlling as well as reporting the efficacy of response actions to a risk. The Risk Manager will maintain a risk register and compile periodic reports to the risk management team as well as the board of directors. The risk management team may close a risk when it becomes invalid if the risk event already occurred, or when an event is no longer considered a risk. Project 3: QUESTIONS 1. Definition a. Legislation: Is the process of making laws b. Code of practice: A set of practice guidelines produced by professional associations to assist members in adherence to professional standards c. Advisory standards: These are standards meant for interpretation and application by an organization in accordance with particular risks. 2. Steps to ensure people from various cultures have access to and understand WHS and OH&S information a. Understanding responsibilities through clear policy definitions b. Consulting and constantly communicating with workers on risk management c. Identifying, assessing and controlling all risks d. Informing, training and supervising employees about risks e. Managing incidents and injuries relating to risks f. Keeping clear records on risk management g. Monitoring, reviewing and improving risk management practices 3. Ways of alerting people on potential hazards at work place a. Use of safety alerts on specific risks b. Inducting staff of potential risks c. Installation of signage on various risks 4. Evaluating a risk management plan In the first place, conducting a problem analysis by assessing all the problems emanating from the implementation of a plan helps to evaluate a risk management plan. Secondly, the evaluation process involves matching the objectives of the risk management plan to the outcomes. Thirdly, it is also important to evaluate the efficacy of all the activities proposed in the plan and instituting changes in all activities that are faulty. Finally, the evaluation process will involve reviewing all activities that have been changed. 5. Strategy for interesting employees in OH&S a. Establishing a competitive recognition and reward system for performing employees b. Capacity building employees on risk management 6. Strategies to ensure participatory arrangements with employees and their representatives a. Provision a platform for employees to make suggestions and to give them serious considerations b. Training the employees and equipping them with necessary skills for risk management c. Protecting the voices of employees who complain about work place safety d. Participatory decision making about workplace health and safety 7. Process for ensuring prompt resolution of issues raised through participatory arrangements. a. Ensuring continuous communication and consultation with relevant stakeholders b. Involving the stakeholders in every step of the risk management 8. When to engage an expert OH&S 9. Elements of OH&S hierarchy a. Elimination: Involves physical removal of the risk, for instance, avoiding the need for employees to work at greater heights by bringing the work closer to the ground. b. Substitution: This involves replacement of something that causes a risk to employees c. Engineering controls: This isolates persons from hazards, for instance, erecting a flyover to prevent road accidents d. Administrative controls: These involve changes on how people work such as changes in procedures. e. Personal protective equipment such as gloves, helmets, safety glasses and footwear 10. Duty of each participant a. Workshop owner: Ensuring safety of the workplace and communicating any risk to employees to ensure safety b. Technician: Assessing the risks associated with the business and recommending appropriately c. Employees: Reporting any potential risks to the relevant authorities for speedy action. 10.2. The duty of care breach is manifested by the workshop owner who still insists the hoists remain operational despite being made aware they are extremely faulty 10.3. Both the worker and customer may demand compensation from the workshop owner for failing to meet his obligations. 10.4. Was this a foreseeable accident? Yes since the workshop owner was fully aware of the mal-functional state of the hoists but insisted on maintaining them in operation. 10.5. What could be done to prevent this accident? The workshop owner should have heeded to the advice provided by the technician 11. What is likely to happen? The pneumatic multi-spindle nut runner will run out of oil and possible break down. 11.2. Potential hazards: Oil spillage, fire break outs, failure of the pneumatic multi -spindle runner 11.3. Rating of the risk a. Oil spillage: Medium b. Fire outbreak: High c. Mechanical failure: High 11.4. Behaviours contributing to the potential accident situation a. Forgetfulness b. Working under pressure 11.5. Addressing the behaviors a. Proper documentation b. Delegation of duties c. Timely communication of risks d. Contingency budgeting for risks 11.6. Who should address the behaviors? a. The plant manager b. The supervisor 11.7. Actions that could be taken by employees of the company a. Inducting the new colleague who might not is aware of the risk b. Constantly reporting the risk to the management for action 12. Standard AS/NZS 4360:2004 Risk Management: The standard provides the framework for the establishment of the context, identification, analyzing, evaluation, treatment, monitoring as well as communication of risks. 13. a. Duty of care: the responsibility of an organization/person to prevent acts that can potentially cause harm b. Company law: Legislation that governs the process of forming, registering, incorporation and governing a company c. Contract law: Legislation that governs written and oral agreements involving services, goods, property and money transfers. d. Environmental Law: Legislation whose aim is protection of natural environments e. Freedom of information: Is a fundamental human right for a citizen to access and request disclosure of information f. Industrial relations laws: Legislation governing employment practices and relationships between employers and employees g. Disability legislation: Laws governing relationships with disabled persons 14. Relevant risk insurance available a. Motor vehicle insurance b. Insurance against fires c. Health insurance cover Read More