Risk Management Policy

This policy (PCY135) outlines our commitment to ensuring risk based decision making is based on a consistent application of corporate methodology.

Policy statement

The Water Corporation has a holistic, integrated Risk Management Framework consistent with the International Standard 31000:2009 Risk Management - Principles and Guidelines (AS/NZS ISO 31000:2009), which is integral to corporate governance, strategic and business planning processes and optimising operations. With this approach, the Corporation ensures that risk based decision making is based on a consistent application of the Corporate methodology.

Purpose

The principles of the Corporation’s approach is to manage the risks involved in all aspects of its activities to a tolerable level by achieving a balance between acceptable levels of risk and reward through the effective and efficient use of resources.

The objectives of this policy are:

  • that risk management forms an integral part of all decision making to ensure risk management is adopted throughout the Corporation as a prudent management practice
  • to ensure that all employees, contractors and partners are made aware of the need to manage risk, and to promote a culture of participation in the process
  • to set the standard for the risk management process and subsequently the management of risk.

Scope

This policy applies to Water Corporation Process Owners and Managers, line managers, project managers, employees, contractors and partners. All parties have a significant role in ensuring effective risk management in their area of business activity.

Risk  The potential for an event occurring - including opportunities or adverse effects - that will impact upon the Corporation’s purpose and objectives.  It is measured in terms of consequence (impact on outcomes) and likelihood (probability or frequency).
Risk Attitude The approach to assess and eventually pursue, retain, take or turn away from risk. Understanding risk attitude is a complex task which requires balancing of many views. Some elements can be quantified but ultimately it is a question of judgement.
Risk Management Coordinated activities to direct and control an organisation regarding to risk.
Risk Management Process  The systematic application of management policies, procedures and practices to the tasks of establishing the context, identifying, analysing, evaluating, treating, monitoring and communicating risk.

The application of this policy aims to deliver:

  • a Framework for the management of all risks across the Corporation
  • a consistent terminology, methodology and process for the management of risk
  • the integration of risk management into decision making processes
  • assurance to the Board, Audit & Compliance Committee and Executive that risks are identified and managed.

All risk management activities should be conducted in accordance with the methodology and assessment criteria established under the Risk Management Framework. If there is need to deviate from the corporate process, this must be referred to the Risk & Assurance Branch for consultation and assessment.

Non-adherence to the Risk Management Framework impacts on the consistency and adequacy of business decisions.

Organisations of any kind face internal and external factors that create a level of uncertainty which will influence the achievement of their objectives. The effect this uncertainty has on the objectives of a business is defined “risk”.

While risk management is implicit in all activities undertaken by entities (individuals, groups or the Corporation) this policy provides the formal compliance statement in regards to the management of risk – in all of its various contexts – and across all product, services and business streams.

This policy along with the Corporation’s Risk Management Framework has been developed, reviewed and implemented in accordance with the International Standard for Risk Management AS/NZS ISO 31000:2009.

The key principles are:

  • Corporate and process risk profiles are reviewed annually (desktop or workshop).
  • Under the Accountabilities Framework, Process Owners in conjunction with Process Managers have full accountability and authority to manage a risk in relation to their process.
  • Risks raised outside of a manager’s accountability will be considered and allocated to the applicable area in accordance with accountability principles.
  • All risk assessments (process, business or project) within the Corporation will be assessed using the Corporate Risk Assessment Criteria and will be recorded in the Corporate Risk Information System or a formally recognised risk register.

Extreme and high risks and associated mitigation plans are escalated and reported regularly to the Risk Management Committee and the Board.

The risk management process is coordinated and monitored by Risk & Assurance Branch.

Process Managers

Under the Water Corporation Accountabilities, Process Owners in junction with Process Managers are fully accountable for identifying and managing risk from the internal and external environment for their process.

Line Managers

Branch Managers and Regional Business Managers are accountable for identifying risks from the internal and external environment which will impact on processes and advising the relevant Process Manager, whilst also identifying and managing risks at a regional associate which originate from the execution of business processes. Regional or business unit risk assessment can be performed on request-basis, but are not mandatory within the corporate risk management framework.

Project/Program Managers

Project and Program Managers will use the Corporate Risk Assessment Criteria and Risk & Assurance Branch support to identify and assess project risks throughout the project life cycle.

External references

  • Standards Australia: Risk Management – Principles and Guidelines AS/ NZS ISO 31000:2009

Corporate references

  • Risk Management Guidelines
  • S389 Risk Assessment Criteria