Risk Management Guidelines — Companion to AS ISO 31000:2018 Part 1: Boards and Executives SA HB 436.1:2020

SA HB 436.1:2020

Handbook

Risk management guidelines — Companion to AS ISO 31000:2018 Part 1: Boards and executives SA HB 436.1:2020

This Australian Handbook was prepared by OB-007, Risk Management. It was approved on behalf of the Council of Standards Australia on 18 September 2020. This Handbook was published on 23 October 2020.

The following are represented on Committee OB-007: Attorney Generals Department, Australian Government Australian Chamber of Commerce and Industry Australian Industry Group Australian Institute of Health & Safety Australian Local Government Association Australian Risk Policy Institute Austroads CivicRisk Mutual Department of Finance, Australian Government Engineers Australia Financial Services Institute of Australasia Governance Institute of Australia Minerals Council of Australia Queensland University of Technology Risk Management Institute of Australasia Royal Australian Chemical Institute Security Professionals Australasia Society for Risk Analysis, Australia and New Zealand Regional Institute of Internal Auditors — Australia University of New South Wales Water Services Association of Australia

Additional Interests Employers and Manufacturers Association New Zealand Institute of Safety Management RiskNZ WorkSafe New Zealand — Energy Safety

This Handbook was issued in draft form for comment as DR SA HB 436.1:2020.

Keeping Standards up-to-date Ensure you have the latest versions of our publications and keep up-to-date about Amendments, Rulings, Withdrawals, and new projects by visiting: www.standards.org.au

ISBN 978 1 76072 993 6 SA HB 436.1:2020

Handbook

Risk management guidelines — Companion to AS ISO 31000:2018

Part 1: Boards and executives

Originated as HB 436:2004. Revised and redesignated as SA/SNZ HB 436—2013. Revised and redesignated as SA HB 436.1:2020.

© Standards Australia Limited 2020 All rights are reserved. No part of this work may be reproduced or copied in any form or by any means, electronic or mechanical, including photocopying, without the written permission of the publisher, unless otherwise permitted under the Copyright Act 1968 (Cth). SA HB 436.1:2020 ii

Preface

Executive summary This Handbook was prepared by the Standards Australia Committee OB-007, Risk Management, to supersede SA/SNZ HB 436—2013, Risk management guidelines — Companion to AS/NZS ISO 31000—2009. After consultation with stakeholders in both countries, Standards Australia and Standards New Zealand decided to develop this Standard as an Australian Standard rather than an Australian/New Zealand Standard. The objective of this document is to describe the responsibilities for risk management of the board (or equivalent oversight body) and executives of an organization. It describes the requirements for effective risk management and how they can be integrated into the organization’s structure and processes. It draws upon guidance from AS ISO 31000:2018, Risk management — Guidelines, focusing on matters of concern to the board and executives. Effective risk management helps create and protect value for the organization.

Contents

Preface...... ii 1 Scope and general...... 1 ...... 1 ...... 1 1.1 Scope ...... 1 1.2 Referenced document 2 Why is risk management important?...... 1 1.3 Terms and definitions ...... 1 ...... 2 2.1 How does risk management enhance value? 3 What are the responsibilities of the board and executives?...... 2 2.2 Why is risk management important in decision-making? ...... 2 ...... 3 3.1 Responsibilities of the board...... 3 3.2 Responsibilities of executives ...... 3 3.3 Risk management policy 4 What does good risk management look like?...... 4 3.4 Risk appetite and risk criteria ...... 4 ...... 4 4.1 Principles ...... 4 4.2 Integrating risk...... management with business operations 5 4.2.1 Overview ...... 6 4.2.2 Intent ...... 6 4.2.3 Capability ...... 6 4.2.4 Accountability...... 6 4.2.5 Continual improvement 5 Application of risk management in strategic planning...... 7 4.2.6 Process NOTES 1 SA HB 436.1:2020

Handbook

Risk management guidelines — Companion to AS ISO 31000:2018 Part 1: Boards and executives

1 Scope and general

1.1 Scope This document informs members of the board and executives about their roles in risk management.

1.2 Referenced document The following document is referenced in the text. AS ISO 31000:2018, Risk management — Guidelines

1.3 Terms and definitions

73:2009 apply. For the purpose of this document, the terms and definitions given in AS ISO 31000 and ISO Guide 2 Why is risk management important?

2.1 How does risk management enhance value? Empirical evidence suggests that effective risk management helps organizations to — (a) enhance the value of the organization; (b) increase the predictability of outcomes; and (c) reduce insurable losses. The core principle and purpose of risk management is to create and protect value. Value can be expressed in many ways, such as — (i) shareholder return; (ii) competitive advantage; (iii) customer satisfaction;

(iv) social benefit; (v)(vi) environmentalcompliance; benefit; (vii) safety; and (viii) security. Managing risk creates and protects value by — (A) supporting the purpose and objectives of the organization; (B) informing decisions about resource prioritization and trade-offs;