Understanding Risk Management

The organisation’s role in risk management

In the ideal situation:

  • The organisation regards every employee as a risk manager.
  • The organisation has a risk management policy, strategy plan and committee with senior membership.
  • The organisation reinforces its risk management philosophy through the chief executive’s endorsement and inclusion of risk management principles in learning and development programs.
  • The risk management policy outlines in simple terms the acceptable level of risk and gives direction on how to identify, evaluate, control and report risks.

The manager’s role in risk management

In the ideal situation:

  • Managers comply with risk management policies and procedures.
  • Managers identify risks and develop, implement and evaluate risk management plans in collaboration with their staff. They help to define acceptable levels of risk for the organisation and their team.
  • Managers inform their staff about risk management policies and procedures and guide them in identifying risks and potential opportunities.
  • Managers encourage their staff to take calculated risks based on open communication, collaboration and informal strategies.

The individual’s role in risk management

In the ideal situation:

  • Individuals openly discuss and report on potential risks and opportunities.
  • Individuals feel their ideas and opinions are valued by others. They take responsibility for the outcome of their decisions.
  • Individuals have sufficient skills, understanding and support to manage risks. Those who manage risk well are recognised and rewarded.

The litmus test for risk management

Some important questions1 to ask about your organisation:

  • Has the organisation agreed what types and levels of risk are unacceptable’ Has the risk policy been reviewed and approved in the last year?
  • Has a senior manager or similar ‘champion’ (or team) been appointed to lead and sponsor risk management initiatives?
  • Has the executive team provided guidance on what information they would like to see in risk reports?
  • Do managers know that they are responsible for managing risk in their areas of responsibility?
  • Are staff comfortable to report risk or suggest risk reduction strategies?
  • Are risks identified during compliance audits always added to the risk register?


Measures that may be useful for confirming the quick check tool results or monitoring cultural change could include:

  • Employee engagement index
  • Manager quality index

A Dictionary of People Metrics

Case Study: Managing the Risk of the Unfamiliar

As it matures, an organisation faces the risk of losing its creativity and openness to new ideas. It often settles into a comfortable groove and develops a set way of doing things.

So when someone new joins an organisation with completely different ways of thinking and working, this can be very challenging both to managers and staff. Take Mandy’s case for instance.

Mandy has just started her new job with Eco Green and is finding it a bit hard to settle in. She is used to working very flexible hours with very little direction but now it seems she must comply with some very specific rules. Mandy doesn’t agree with her manager that she needs to be at the office to work effectively. ‘If I am getting the job done on time and to budget, why does it matter when or where I work? Doing some of my work at night allows me to complete my part-time studies. I then like to start the working day a bit later.’

The question is how do you harness Mandy’s energy, drive and enthusiasm to best suit the organisation? Roz, the HR director, understands Mandy more than most: ‘Mandy tends to focus on results rather than processes. She really does want to get the job done, but she wants to do it in her own way.

‘The flexibility Mandy seeks is not unique to her. Many of our staff members are looking for the opportunity to work more flexibly and our technology makes this possible. They can work virtually anywhere or at any time that is convenient to them. Managers just need to have confidence that this will work. If we do not provide flexibility we risk losing people like Mandy. She has already had five quite distinct jobs, giving her broad experience, and she has just turned 30. Her career has generally been unhampered by concerns for hierarchy and unnecessary compliance. Mandy is great at asking the ‘dumb’ questions that actually turn out to be the ones that reveal our short-comings and that make us think about why we do things a certain way.’

Further Resources for Workflow Management

  • Ethics Framework: section on reporting breaches and evaluating organisational performance
  • Ethics Framework Planner: how to report breaches and evaluate organisational performance
  • Good Practice Guide on Governance for Victorian Public Sector Entities
  • People Matter in Action: Making the Most of the People Matter Survey People Matter Survey Main Findings Report