《HB-436-2004.pdf》由会员分享,可在线阅读,更多相关《HB-436-2004.pdf(133页珍藏版)》请在三一文库上搜索。
1、ISBN 0 7337 6923 3 HB 436:2004/Amdt 1/2005-12-20 STANDARDS AUSTRALIA/STANDARDS NEW ZEALAND Amendment No. 1 to HB 436:2004 Risk Management Guidelines Companion to AS/NZS 4360:2004 CORRECTION The 2004 edition of HB 436:2004 is amended as follows; the amendments should be inserted in the appropriate pl
2、aces. SUMMARY: This Amendment applies to Clauses 6.1.7, 6.3, 6.5, 12.1, 12.2 and Table 6.3. Approved for publication in New Zealand on behalf of the Standards Council of New Zealand on 19 August 2005. Published on 20 December 2005. Page 51 Clause 6.1.7 In the sixth paragraph, fourth sentence delete
3、(see Figure 6.2) and replace with (see Figure 6.3). Page 52 Clause 6.1.7 Delete the title of Figure 6.3 and replace with the following: FIGURE 6.3 SEMI-QUANTITATIVE REPRESENTATION Page 54 Table 6.3 Delete the title Simple likelihood scale Example 2 and replace with the following: Simple consequence
4、scale Example 2 Page 58 Clause 6.5 Delete the third paragraph and replace with the following: An example is shown in Table 6.8, corresponding to the negative outcomes in Table 6.3; as with Table 6.3, the measures used should reflect the needs and nature of the organization and activity under study.
5、Page 113 Clause 12.1 Delete the ninth reference and replace with the following: HB 203, Environmental risk managementPrinciples and process, Standards Australia/Standards New Zealand. Page 115 Clause 12.2 Delete the thirteenth reference and replace with the following: Reducing Risk, Protecting Peopl
6、e, HSEs decision making process The Health and Safety Executive (HSE) 2001. ISBN 0 7176 2151 0. AMDT No. 1 DEC 2005 AMDT No. 1 DEC 2005 AMDT No. 1 DEC 2005 AMDT No. 1 DEC 2005 AMDT No. 1 DEC 2005 AMDT No. 1 DEC 2005 Accessed by UNIVERSITY OF SOUTH AUSTRALIA on 15 Apr 2008 Thi s page has been l ef t
7、i nt ent i onal l y bl ank. Accessed by UNIVERSITY OF SOUTH AUSTRALIA on 15 Apr 2008 HB 436:2004 RISK MANAGEMENT GUIDELINES Companion to AS/NZS 4360:2004 Accessed by UNIVERSITY OF SOUTH AUSTRALIA on 15 Apr 2008 HB 436:2004 (Incorporating Amendment No. 1) Handbook Risk Management Guidelines Companion
8、 to AS/NZS 4360:2004 Originated as HB 1421999 and HB 143:1999. Jointly revised and redesignated as HB 436:2004. Reissued incorporating Amendment No. 1 (December 2005). COPYRIGHT Standards Australia/Standards New Zealand All rights are reserved. No part of this work may be reproduced or copied in any
9、 form or by any means, electronic or mechanical, including photocopying, without the written permission of the publisher. Jointly published by Standards Australia International Ltd, GPO Box 5420, Sydney, NSW 2001 and Standards New Zealand, Private Bag 2439, Wellington 6020 ISBN 0 7337 5960 2 Accesse
10、d by UNIVERSITY OF SOUTH AUSTRALIA on 15 Apr 2008 Risk Management Guidelines Companion to AS/NZS 4360:2004 ii Preface This Handbook provides generic guidance for establishing and implementing effective risk management processes in any organization. It demonstrates how to establish the proper context
11、, and then how to identify, analyse, evaluate, treat, communicate and monitor risks. This Standard incorporates Amendment No. 1 (December 2005). The changes required by the Amendment are indicated in the text by a marginal bar and amendment number against the clause, note, table, figure or part ther
12、eof affected. This Handbook is based on the Joint Australian/New Zealand Standard, AS/NZS 4360:2004, Risk management (the Standard). Each Section contains an extract from the Standard, followed by practical advice and relevant examples. This basic guide provides a generic framework for managing risk
13、. It may be applied in a very wide range of organizations including: public sector entities at national, regional and local levels; commercial enterprises, including companies, joint ventures, firms and franchises; partnerships and sole practices; non-government organizations; and voluntary organiza
14、tions such as charities, social groupings and sporting clubs. It provides a reference for directors, elected officials, chief executive officers, senior executives, line managers and staff when developing processes, systems and techniques for managing risk that are appropriate to the context of thei
15、r organization or their roles. The contents are intended to provide only a broad overview of risk management. Organizations are expected to interpret this guide in the context of their own environments and to develop their own specific risk management approaches. Ultimately it is up to the risk make
16、rs and the risk takers to develop and manage their own risk management programmes. Attributions Standards Australia International acknowledges, with thanks, the contribution of the following organizations in the development of this Handbook: Australian Computer Society Australian Customs Service Aus
17、tralia New Zealand Institute of Insurance and Finance Accessed by UNIVERSITY OF SOUTH AUSTRALIA on 15 Apr 2008 Risk Management Guidelines Companion to AS/NZS 4360:2004 iii CSIRO (Commonwealth Scientific and Industrial Research Organisation) Department of Defence (Australia) Department of Finance and
18、 Administration Emergency Management Australia Environmental Risk Management Authority (New Zealand) Institute of Chartered Accountants (Australia) Institution of Engineers Australia Institution of Professional Engineers New Zealand Local Government New Zealand Massey University (New Zealand) Minera
19、ls Council of Australia Ministry of Agriculture and Forestry (New Zealand) Ministry of Economic Development (New Zealand) NSW Treasury Managed Fund New Zealand Society for Risk Management Risk Management Institution of Australasia Safety Institute of Australia Securities Institute of Australia Unive
20、rsity of New South Wales Victorian WorkCover Authority Water Services Association of Australia Accessed by UNIVERSITY OF SOUTH AUSTRALIA on 15 Apr 2008 Risk Management Guidelines Companion to AS/NZS 4360:2004 iv Contents 1 Scope and general1 Commentary.7 1.1 Background to risk management .7 1.2 Bene
21、fits of risk management .8 1.3 Applications of risk management9 1.4 Corporate governance10 2 Risk management process overview 13 Commentary.16 3 Communication and consultation19 Commentary.20 3.1 General.20 3.2 What is communication and consultation?20 3.3 Why communication and consultation are impo
22、rtant21 3.4 Developing a process for communication and consultation 24 4 Establish the context27 Commentary.30 4.1 Context.30 4.2 Objectives and environment 30 4.3 Stakeholder identification and analysis .31 4.4 Criteria.32 4.5 Consequence criteria33 4.6 Key elements .34 4.7 Documentation of this st
23、ep36 Accessed by UNIVERSITY OF SOUTH AUSTRALIA on 15 Apr 2008 Risk Management Guidelines Companion to AS/NZS 4360:2004 v 5 Risk identification .37 Commentary.38 5.1 Aim38 5.2 Components of a risk.38 5.3 Identification process.39 5.4 Information for identifying risks39 5.5 Approaches to identifying r
24、isks.40 5.6 Documentation of this step41 6 Risk analysis43 Commentary.46 6.1 Overview46 6.2 Consequence and likelihood tables52 6.3 Level of risk.55 6.4 Uncertainty 57 6.5 Analysing opportunities.58 6.6 Methods of analysis.60 6.7 Key questions in analysing risk.60 6.8 Documentation of the analysis.6
25、1 7 Risk evaluation63 Commentary.64 7.1 Overview64 7.2 Types of evaluation criteria.64 7.3 Evaluation from qualitative analysis64 7.4 Tolerable risk.65 7.5 Judgement implicit in criteria66 7.6 Evaluation criteria and historical events66 Accessed by UNIVERSITY OF SOUTH AUSTRALIA on 15 Apr 2008 Risk M
26、anagement Guidelines Companion to AS/NZS 4360:2004 vi 8 Risk treatment69 Commentary.72 8.1 Introduction72 8.2 Identify options73 8.3 Evaluate treatment options.78 8.4 Selecting options for treatment81 8.5 Preparing treatment plans86 8.6 Residual risk 86 9 Monitoring and review87 Commentary.88 9.1 Pu
27、rpose 88 9.2 Changes in context and risks .88 9.3 Risk management assurance and monitoring.89 9.4 Risk management performance measurement.91 9.5 Post-event analysis.93 10 Recording the risk management process.95 Commentary.96 10.1 Overview96 10.2 Compliance and due diligence statement.97 10.3 Risk r
28、egister.97 10.4 Risk treatment schedule and action plan97 10.5 Monitoring and audit documents.97 10.6 Incident data base.98 10.7 Risk Management Plan98 Accessed by UNIVERSITY OF SOUTH AUSTRALIA on 15 Apr 2008 Risk Management Guidelines Companion to AS/NZS 4360:2004 vii 11 Establishing effective risk
29、 management103 Commentary.107 11.1 Policy.107 11.2 Management commitment .107 11.3 Responsibility and authority108 11.4 Resources and infrastructure108 11.5 Culture change.109 11.6 Monitor and review risk management effectiveness109 11.7 The challenge for leadersIntegration .110 11.8 The challenge f
30、or managersLeadership.110 11.9 The challenge for allContinuous improvement111 11.10 Key messages and questions for managers111 12 References.113 12.1 Standards and Handbooks113 12.2 Further reading.115 Accessed by UNIVERSITY OF SOUTH AUSTRALIA on 15 Apr 2008 Risk Management Guidelines Companion to A
31、S/NZS 4360:2004 viii Introduction Risk management is a key business process within both the private and public sector around the world. Sound and effective implementation of risk management is part of best business practice at a corporate and strategic level as well as a means of improving operation
32、al activities. This Handbook states in Clause 4.2 that risk is the chance of something happening that will have an impact on objectives. In English, usage of the word risk usually has negative connotations, and risks are regarded as something to be minimized or avoided. In our more general definitio
33、n, it is recognized that activities involving risk can have positive as well as negative outcomes. The processes described here can be used to identify and exploit opportunities for enhancing organizational outcomes as well as reducing negative consequences. Risk management, as described here, is a
34、holistic management process applicable in all kinds of organizations at all levels and to individuals. Readers should be aware that this usage of the term differs from a more restricted usage in some sectors. For example, in some areas the terms risk management or risk control are used to describe w
35、ays of dealing with identified risks, for which we use the term risk treatment. Some other terms used in this document also have different usages. For example the terms risk analysis, risk assessment and risk evaluation are variously used in risk management literature. They often have overlapping an
36、d sometimes interchangeable definitions, and they sometimes include the risk identification step. We have selected terminology that forms the basis of international standards. Other handbooks have been developed that address applications of AS/NZS 4360 in specific areas (see Section 12). In some are
37、as there is a division of responsibility between those who carry out the analytical process of identifying and analysing risk and those who make the decisions about risk evaluation and the selection of actions to deal with identified risks. This is beneficial where it is important that risk analysis
38、 be seen to be independent, and possibly undertaken by technical specialists, with decision aspects of risk evaluation and selection of risk treatment options being the responsibility of senior decision makers. This guide does not deal with such divisions of responsibility, but they are compatible w
39、ith the processes described here. Accessed by UNIVERSITY OF SOUTH AUSTRALIA on 15 Apr 2008 Risk Management Guidelines Companion to AS/NZS 4360:2004 Copyright 1 1Scope and general AS/NZS 4360:2004 1.1 Scope and application This Standard provides a generic guide for managing risk. This Standard may be
40、 applied to a very wide range of activities, decisions or operations of any public, private or community enterprise, group or individual. While the Standard has very broad applicability, risk management processes are commonly applied by organizations or groups and so, for convenience, the term organ
41、ization has been used throughout this Standard. This Standard specifies the elements of the risk management process, but it is not the purpose of this Standard to enforce uniformity of risk management systems. It is generic and independent of any specific industry or economic sector. The design and
42、implementation of the risk management system will be influenced by the varying needs of an organization, its particular objectives, its products and services, and the processes and specific practices employed. This Standard should be applied at all stages in the life of an activity, function, projec
43、t, product or asset. The maximum benefit is usually obtained by applying the risk management process from the beginning. Often a number of discrete studies are carried out at different times, and from strategic and operational perspectives. The process described here applies to the management of bot
44、h potential gains and potential losses. 1.2 Objective The objective of this Standard is to provide guidance to enable public, private or community enterprises, groups and individuals to achieve a more confident and rigorous basis for decision-making and planning; better identification of opportuniti
45、es and threats; gaining value from uncertainty and variability; pro-active rather than re-active management; more effective allocation and use of resources; improved incident management and reduction in loss and the cost of risk, including commercial insurance premiums; improved stakeholder confiden
46、ce and trust; improved compliance with relevant legislation; and better corporate governance. Accessed by UNIVERSITY OF SOUTH AUSTRALIA on 15 Apr 2008 Risk Management Guidelines Companion to AS/NZS 4360:2004 2Copyright 1.3 Definitions For the purpose of this Standard, the definitions below apply. 1.
47、3.1 Consequence outcome or impact of an event (1.3.4) NOTE 1: There can be more than one consequence from one event. NOTE 2: Consequences can range from positive to negative. NOTE 3: Consequences can be expressed qualitatively or quantitatively. NOTE 4: Consequences are considered in relation to the
48、 achievement of objectives. 1.3.2 Control an existing process, policy, device, practice or other action that acts to minimize negative risk or enhance positive opportunities NOTE: The word control may also be applied to a process designed to provide reasonable assurance regarding the achievement of
49、objectives. 1.3.3 Control assessment systematic review of processes to ensure that controls (1.3.2) are still effective and appropriate NOTE: Periodic line management review of controls is often called control self assessment. 1.3.4 Event occurrence of a particular set of circumstances NOTE 1: The event can be certain or uncertain. NOTE 2: The event can be a single occurrence or a series of occurrences. (ISO/IEC Guide 73, in part) 1.3.5 Frequenc
链接地址:https://www.31doc.com/p-3768531.html