An Act to reform the law relating to companies, and, in particular,<\/span><\/i><\/p>\n (a)\u00a0<\/i><\/b>to reaffirm the value of the company as a means of achieving economic and social benefits through the aggregation of capital for productive purposes, the spreading of <\/span><\/i>economic risk<\/i><\/b>, and the taking <\/span><\/i>of business risks;<\/i><\/b><\/p>\n <\/i><\/b><\/p>\n The emphasis on risks is mine. <\/span><\/p>\n I want to highlight that taking risks is intrinsic to business. The purpose of accepting those risks is to achieve economic and social benefits.\u00a0 There is an implied expectation that a company takes risks but with the social contract to provide economic and social benefits.<\/span><\/p>\n Risk is the potential for loss or the lower opportunity for gain (however \u201closs\u201d and \u201cgain\u201d are measured).<\/span><\/p>\n Because risk is intrinsic to business, every decision the Board makes should have a risk profile attached which needs to be considered.<\/span><\/p>\n <\/span><\/p>\n So how should Directors approach the task of Risk Governance?<\/span><\/p>\n \u00a0<\/i><\/b><\/p>\n The Board needs to understand the critical risks in their business and have a clear reporting framework.<\/span><\/p>\n Does your Board ask:\u00a0<\/strong>What are the risks?<\/span><\/p>\n (Write them down)<\/em><\/p>\n <\/p>\n Consider if they can be moderated or eliminated?<\/strong><\/p>\n <\/p>\n Are you prepared to accept a 1 in 500 year event? A 1 in 50 year event?<\/strong><\/p>\n For example you can eliminate the risk of business slowing when someone is on leave by training others in their role.<\/span><\/p>\n You can minimise the impact of losing a Key person with Key person Insurance.<\/p>\n <\/p>\n How are the risks going to be managed or eliminated?<\/strong><\/p>\n A Risk Report can easily be prepared in a tabular format.\u00a0 Risks are named, there may be a colour coding or numerical value for indicating how likely and impactful the risk is and a column saying how the risk is being addressed and by whom.<\/span><\/p>\n We have provided a template for this among our resources.\u00a0<\/span>Start listing your risks today!<\/span><\/p>\n <\/span><\/p>\n <\/span><\/p>\n <\/span><\/p>\n The Board considers whether those management strategies are sufficient and if so the matter is considered dealt with.\u00a0<\/span>It is often the case that the risk is never, or rarely, revisited or updated.\u00a0<\/span>Directors should ask if there are any trends that are changing the risk profile.\u00a0<\/span><\/p>\n While the CEO usually has ultimate responsibility for operational risks the Board should meet with staff who have been assigned specific risks and activities to manage.\u00a0<\/span>Directors should be aware of their responsibilities under the health and Safety at Work Act 2015.<\/span><\/p>\n <\/span><\/p>\n <\/span><\/p>\n CULTURE<\/b><\/p>\n According to Worksafe there were 108 workplace related deaths in 2019 with the Arts and Recreation Service sector being the most accident prone or in other words: negligent.\u00a0<\/span>Physical harm is not the only risk in an organisation but can reflect how risk aware the culture.\u00a0<\/span><\/p>\n This could be with reference to safety risks but also in terms of working assumptions so that ‘Group Think’ is avoided. Those in authority must be comfortable with being challenged from less senior employees.\u00a0Collaboration but with ownership and accountability reduces risk.<\/span><\/p>\n <\/span><\/p>\n <\/span><\/p>\n RISK APPETITE<\/b><\/p>\n Few organisations are entirely risk free. When we meet as a District Health Board we know that our organisation is dealing with risk every day of the week. Whether its through surgery, having employees servicing remote communities unaccompanied, or the danger of cyberattacks the organisation is a high-risk place.\u00a0<\/span>We can\u2019t eliminate all risks by the nature of the organisation. So as a Board we have to agree what level of risk we are prepared to accept.\u00a0<\/span><\/p>\n A Board always has an appetite for some level of risk. A Board should be conscious of what their appetite is. It will be demonstrated by behaviours when risks are raised or when an incident occurs.\u00a0<\/span>The levels of Financial delegations give a clue to risk appetite.<\/span><\/p>\n How does the organisation respond to a workplace accident?\u00a0<\/span>Boards should actively address their appetite for risk as part of their strategic thinking.\u00a0 For example what are the dashboard measures to be monitored?\u00a0<\/span><\/p>\n How would you describe your Board\u2019s appetite for risk?<\/span><\/p>\n \u00a0<\/span><\/p>\n RISK MATURITY<\/b><\/p>\n Risk Maturity models look at how integrated risk management is in an organisation. At the lower end Risks are identified as they happen and processes put in place to stop happening again. Typically risks are recognised at an operational level by people at the workface. As an organisation gains in risk maturity a more strategic approach is taken at an whole-of- organisation level.<\/span><\/p>\n <\/span><\/p>\n Hillson (1997) maturity model\u00a0<\/strong><\/span><\/p>\n Level 1, Na\u00efve:\u00a0<\/strong>The naive risk organisation is unaware of the need for risk management and has no structured approach for dealing with uncertainty. Management processes are repetitive and reactive with little or no attempt to learn from the past or to prepare for future threats or uncertainties.\u00a0<\/span><\/p>\n \u00a0Level 2, Novice:\u00a0<\/strong>The novice risk organisation is experimenting with [the] application of risk management, usually through a small number of nominated individuals, but has no formal or structured generic process in place. Although aware of the potential benefits of managing risk, the novice organisation has not effectively implemented risk processes and is not gaining the full benefits.<\/span><\/p>\n \u00a0Level 3, Normalised:\u00a0<\/strong>The normalised risk organisation has built management of risk into routine business processes and implements risk management on most or all projects. Generic risk processes are formalised and widespread, and the benefits are understood at all levels of the organisation, although they may not be consistently achieved in all cases.\u00a0<\/span><\/p>\n Level 4, Natural:\u00a0<\/strong>The natural risk organisation has a risk-aware culture, with a proactive approach to risk management in all aspects of the business. Risk information is actively used to improve business processes and gain competitive advantage. Risk processes are used to manage opportunities as well as potential negative impacts.<\/span><\/p>\n \u00a0(<\/span>Hillson, D. (1997) Towards a risk maturity model. International Journal of Project and Business Risk Management, 1(Spring), 35\u201345)<\/span><\/i><\/p>\n <\/span><\/i><\/p>\n <\/span><\/i><\/p>\n Hopkinson risk maturity model for businesses, level 4<\/strong><\/span><\/p>\n Management<\/b><\/p>\n <\/b><\/p>\n Risk Identification<\/b><\/p>\n disaster, projects, operational and external<\/span><\/p>\n <\/b><\/p>\n Risk Analysis<\/b><\/p>\n <\/b><\/p>\n Risk Control<\/b><\/p>\n <\/b><\/p>\n Risk Review<\/b><\/p>\n <\/b><\/p>\n Culture<\/b><\/p>\n <\/p>\n (Hopkinson, M. (2000) Risk maturity models in practice. Risk Management Bulletin, 5(4)).<\/span><\/i><\/p>\n <\/span><\/i><\/p>\n \u00a0 <\/i><\/p>\n Stellaris offer specialised Governance, Strategy training and advice tailored specifically for your organisation.<\/span><\/p>\nRISK OVERSIGHT<\/b><\/span><\/h3>\n
\n
\n
THE BOARD<\/strong><\/span><\/h3>\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
![\"\"](\"https:\/\/www.stellaris.co.nz\/wp-content\/uploads\/2020\/08\/Risk-1-300x300.png\")
<\/p>\n