All activities of an organisation involve some level of risk. An organisational framework for managing risk incorporates processes to anticipate and understand the risks it faces, and decisions on whether to modify the risk. To achieve the most effective outcomes when managing risks, it is important to ensure that there is involvement from the relevant stakeholders. An effective means of achieving this is through a workshop environment.
The success of a workshop rests entirely on the make-up of the workshop group, with great responsibility for this resting with the facilitator. R4Risk’s principals are experienced workshop facilitators and have facilitated numerous risk assessments across a broad range of industries that have considered various types of risk issues, from safety and environmental risk issues through to business and operational risk issues.
The workshop group should include persons who have an in-depth knowledge of the area (i.e. subject matter experts). The role of these people is to provide the workshop group with sufficient information to enable the risk issues to be identified and assessed correctly.
The workshop group should also include personnel who may have responsibility, at both a management and operational level, for the system that manages the risk issue under consideration. This ensures that risk “owners” have a clear understanding of the risk issues that they are responsible for and that those who have hands-on responsibility for risk management controls understand the role that they play in the overall risk management process.
The steps conducted during the workshop process can be briefly outlined as the following:
- Set the context for the analysis
- Identify the hazards
- Estimate the likelihood and credible consequences for each hazard
- Identify existing risk management controls
- Rank the risk of each hazard
- Compare the risk level for each hazard to the applicable risk acceptance criteria
- Identify further risk treatment options available.
These steps, and the links to other management systems processes, are shown in the following diagram extracted from AS/NZS ISO 31000:2009 “Risk Management – Principles and Guidelines”.