Risk Management

Risk Management

Any organisation implementing a risk framework should have as a minimum a:

  • Risk Policy
  • Risk Strategy
  • Risk Procedures
  • Risk Register
  • Internal audit process to support the framework

The overall objectives of a formal risk management approach are to:

  • Outline the process by which an organisation will manage risk associated with its assets, so that all risks can be identified and evaluated in a consistent manner
  • Identify operational and organisational risks at a broad level
  • Allocate responsibility for managing risks to specific staff to improve accountability
  • Prioritise the risks to identify the highest risks that should be addressed in the short to medium term.

Infrastructure risk can be driven by:

  • The asset (e.g. structural failure or failure to deliver required level of service)
  • The service the asset is expected to support (e.g. raw water quality), or
  • Events (e.g. power outage, flooding)

Event-based risks require separate consideration, because assets that are a low risk when considered individually may be part of a much higher risk if an event causes multiple failures. A common example occurs with multiple pumping facilities: the failure of each pump or station on its own may have an insignificant effect (due to duplication), but an event like a power outage could result in total system failure.

Risk management criteria relating to assets include:

  • Financial risk – direct costs
  • Public health and safety
  • Economic impact on users and businesses
  • Environmental and legal compliance
  • Network, asset and project performance
  • Image and reputation

The establishment of risk management criteria is one of the most important steps in the risk management process, as it sets the framework for consistent risk decision-making.