Enterprise wide Risk Management Assignment - NSW Government

Assignment Task

Summary

This Policy Directive describes the requirements for NSW Health organisations to establish, maintain and monitor risk management practices in accord with the Australian/New Zealand Standard ISO 31000:2018, consistent with whole of Government policies.

Policy Statement

All NSW Health organisations must establish and maintain a risk management framework that is appropriate, fit for purpose, and tailored to the needs of the organisation.

Background

Risk is the effect of uncertainty on objectives. Risk management involves identifying the types of risk exposure within an organisation, measuring those potential risks and proposing means to mitigate or exploit them.

Risk management is essential to good management practice and effective corporate governance and ensures decisions are made with sufficient information about risks and opportunities. While it is impossible to remove all risk, the overall goal is to identify, understand, manage and reduce risk to an acceptable level, to ensure effective operation, service provision and resource utilisation across an organisation.

Risk is different from an issue, which is an event that has already occurred, or is currently occurring, and is impacting, or has had an impact, on objectives. Effective policies and systems combined with a sound risk culture help to promote desirable risk management behaviour.

These behaviours are reflected in the open and regular discussion of risk which incorporates genuine risk concerns about business practices and the timeliness of responses. Collectively, these behaviours help organisations stay within an organisation’s risk appetite and achieve performance aspirations in a sustainable way.1 NSW Health is committed to developing a positive risk management culture, where risk is seen as integral to the achievement of our aims at all levels of the organisation and where all staff are alert to risks, capable of an appropriate level of risk assessment and confident to report risk or opportunities perceived to be important in relation to each Health organisation’s priorities.

Key definitions

Risk

The effect of uncertainty on objectives, noting that effect is a deviation from the expected and may be positive and/or negative.

Board

In this document, references to “the Board” includes the Board of any local health district, specialty health network, or Boardgoverned statutory health corporation, the Cancer Institute of NSW Board, Ambulance Services Advisory Board, Health Infrastructure Board, HealthShare NSW Board, and NSW Health Pathology Board.

Responsibilities of staff

All staff (permanent, temporary or contract) are accountable for managing risk in their day-today roles, including carrying out their roles in accordance with policies and procedures, identifying risks and inefficient or ineffective controls and reporting these to the appropriate level of management.

Risks that are beyond a staff member’s capacity or delegation of authority must be escalated to a higher level of management for review, with subsequent mitigations communicated back to the staff member who identified the risk.

Managers and decision

Managers and decision makers at all levels in each NSW Health organisation are accountable for managing risk within their sphere of authority and in relation to the decisions they take.

Risks that are beyond a manager’s or a decision maker’s capacity or delegation of authority must be escalated to a higher level of management for review. Responsibilities also include supporting a positive risk culture, managing risks within the levels the organisation is willing to accept or tolerate, and supporting the implementation of the organisation’s risk management framework as appropriate for their role.

Senior executives

In addition to the responsibilities above, senior executives are responsible for managing specific strategic risks as the risk owner and are responsible for ensuring necessary controls and treatment plans are in place to effectively manage that risk, including providing adequate resources. Senior executives must attend Audit and Risk Committee meetings, when requested, to discuss the current management of specific risks.

Internal Audit

Internal Audit is responsible for providing assurance to the Chief Executive and to the organisation’s Audit and Risk Committee on the effectiveness of the risk management framework, including the design and operational effectiveness of internal controls. The organisation’s enterprise-wide risk management framework must be the subject of an internal audit at least once every five years.

The Chief Executive

The Chief Executive has ultimate responsibility and accountability for risk management in their organisation. Risk management-related responsibilities also include promoting a positive risk culture, determining and articulating the level of risk the organisation is willing to accept or tolerate, approving the organisation’s enterprise-wide risk management framework and plans, and ensuring these are communicated, implemented and kept current.

Audit and Risk Committee

Audit and Risk Committees across NSW Health have no executive powers, delegated financial responsibility or management functions, but provide independent advice to the Chief Executive and Board by monitoring, reviewing and providing advice about the organisation’s risk management framework.

This Management has been solved by our PHD Experts at My Uni Paper.