Handbook
UPDATE AVAILABLE
Track updates
iconCreated with Sketch.

SA/SNZ HB 436:2013

[Available Superseded]

Risk management guidelines — Companion to AS/NZS ISO 31000:2009

This Handbook provides guidance on the implementation of AS/NZS ISO 31000:2009 which defines the concept of risk, explains how it comes about, and describes the principles, framework and process that allow risk to be managed effectively. It also provides an internationally agreed terminology and criteria against which the effectiveness of risk management activity can be judged. This Handbook provides advice about applying the Standard, including using it to evaluate and improve existing risk management practice.
Published: 16/12/2013
Pages: 138
Table of contents
Cited references
Content history
Table of contents
Header
About this publication
Preface
1 Scope
1.1 Scope of the Standard
1.2 Scope of this Handbook
2 Terms and fundamental concepts
2.1 Risk and objectives
2.2 Uncertainty
2.3 Risk source, cause and event mechanisms
2.4 How risks should be described
2.5 Controls and risk treatment
2.6 Risk management framework
2.7 Principles
2.8 The meaning of ‘context’ as used in the framework and the process
2.9 Management, risk management and managing risk
2.10 The relationship between governance and risk management
2.11 The relationship between the principles, framework and process
2.12 Risk management plans
2.13 Silo-based approaches to risk management
3 Principles
3.1 General
3.2 How to give effect to the principles
3.3 Examples
4 Framework for managing risk
4.1 Significance of the risk management framework
4.2 The intent component of the framework
4.2.1 Implications of intentions
4.2.2 Means of communicating the mandate and commitment
4.3 The capability component of the framework
4.3.1 Tailoring the framework to the organization
4.3.2 Policy about managing risk
4.3.3 Accountability
4.3.4 Integration
4.3.5 Resources needed for managing risk
4.3.6 Communication, consultation and reporting capability of the framework
4.4 Implementing risk management
4.4.1 Implementing the framework for managing risk
4.4.2 Implementing the risk management process
4.5 Monitoring, review and continual improvement of the framework
5 Process
5.1 Why a risk management process needs to be applied
5.1.1 Design of the risk management process
5.1.2 Application of the risk management process
5.2 Communication and consultation
5.2.1 Purpose
5.2.2 How to communicate and consult effectively
5.3 Establishing the context
5.3.1 General
5.3.1.1 How to articulate objectives
5.3.1.2 How to identify stakeholders and their objectives
5.3.1.3 How to articulate the external and internal environment
5.3.2 The external environment
5.3.3 The internal environment
5.3.4 Articulating the context of the risk management process
5.3.4.1 How to articulate the purpose, scope and circumstances
5.3.4.2 How to define the structure of the risk management activity
5.3.4.3 Deciding on the resources, techniques and tools
5.3.5 Defining risk criteria
5.3.6 The statement of context
5.4 Risk assessment
5.4.1 General
5.4.2 Risk identification
5.4.3 Risk analysis
5.4.3.1 Analysing controls
5.4.3.2 Determining consequences
5.4.3.3 Determining likelihood
5.4.3.4 Outcomes from risk analysis
5.4.4 Risk evaluation
5.5 Risk treatment
5.5.1 General
5.5.2 Selecting risk treatment options
5.5.3 Preparing and implementing risk treatment plans
5.6 Monitoring and review
5.6.1 General
5.6.2 Monitoring
5.6.3 Review
5.6.4 Assurance
5.6.4.1 Independent audit
5.6.5 Post-event analysis
5.6.6 Planning monitoring and review
5.7 Recording the risk management process
5.7.1 General
5.7.2 General purposes of records
5.7.3 Making records
5.7.3.1 General
5.7.3.2 Risk registers and risk logs
5.7.4 Planning documentation
6 How to use Annex A of AS/NZS ISO 31000 to maintain and improve risk management effectiveness
6.1 Introduction
6.2 Methods for using Annex A to maintain and improve performance—Outcome tests
6.3 Methods for using Annex A to maintain and improve performance—Attributes tests
6.3.1 Continual improvement
6.3.2 Full accountability for risks
6.3.3 Application of risk management in all decision making
6.3.4 Continual communications
6.3.5 Full integration in the organization’s governance structure
Appendix A
A1 How to make the change
A2 The transition process
A2.1 General
A2.2 Continual improvement
Appendix B
B1 Example of risk management policy announcement—Small organization
B2 Example of policy statement—Large organization—Set by directors
B3 Example of policy statement—Large organization—Set by the CEO
B4 Example of policy for managing risk—Government department—Set by chief executive (director general or equivalent)
Appendix C
C1 Scope of this appendix
C2 Developing risk criteria for qualitative risk analysis
C2.1 General
C2.2 Step 1: Select outcomes for each objective
C2.3 Step 2: Select and define scales for consequences
C2.4 Step 3: Decide how likelihood will be expressed
C2.5 Step 4: Use a table or matrix to derive the level of risk
C2.6 Step 5: Decide how the level of risk will be expressed
C2.7 Step 6: Establish the rules for evaluating risk
C3 Use of mathematical distributions to express level of risk
Appendix D
D1 Introduction
D2 Integration of components of the risk management framework
D2.1 General
D2.2 Method
D2.2.1 Transitioning
D2.2.2 Accommodating other, existing formal management subsystems and legislation that apply different meanings to the terms defined in the Standard
D3 Integrating the risk management process into decision making
D3.1 General
D3.2 Methods
D3.2.1 Recognizing decision making
D3.2.2 Timing
D3.2.3 Amending decision making processes
D3.2.4 Ad hoc decision making
D3.2.5 Implications for the risk management framework
Appendix E
E1 Introduction
E2 Language differences
E3 Technical complexity
E4 Uncertainty
E5 Timing
E6 Large meetings
E7 Conflicts of interest
E8 Anger
E9 Meeting dynamics
E10 Precedents
E11 Design of questionnaire/survey
Appendix F
2 Terms and definitions
Cited references in this standard
Content history
[Superseded]
[Superseded]
DR HB 436

One-time Purchase

Access via web browser on any device
One-time purchase
Single publication
Offline access via PDF^

$181.16 AUD

Inclusive of GST
Format *
iconCreated with Sketch.
Web Reader
Licenses *
iconCreated with Sketch.
1 user
Total$181.16 AUD
Add to Cart
IMPORTANT