Managing and assessing risks is something we all do every day, mostly without even thinking about it. When the complexity increases beyond our everyday experiences, such as risks faced by a business or a big project, a more formal approach is needed. However, it really isn’t difficult.
A generic risk management process has been set out in ISO standard 31000 and can be applied to any kind of risk by any kind of organisation. Project management standards PMBOK and PMI both describe a similar process for managing project risk.
Different kinds of risks need different assessments in terms of the questions to ask or the exact technique you use, but the overall risk management process is the same. Essentially, the steps are as follows:
Looking at past incidents will help you become aware of the different kinds of risks and hazards to look for.
Some organisations have developed specific forms for particular hazards they deal with, to make it easier to remember to ask all the relevant questions.
The resources below include many example risk assessment forms that follow the generic process.
Austrade looks at Export risks including political, legal, corruption, financing, quarantine risks.
The Queensland Government Business and industry portal has some guidance for businesses on risk management.
Workplace Health and Safety QLD has several Codes of Practice looking at Risk Management
For examples of what can go wrong and motivation on making your workplace safer, browse through the court summaries resulting from past safety incidents.
www.ourcommunity.com.au has help sheets on each risk management step from a community organisation point of view, but there’s good information in there for businesses too.
For some examples of Hazard specific risk assessment forms, take a look at the “Hazard-specific risk assessment forms” section of the safety management system at The University of Melbourne