Environmental Reporting - ETS - Editor: Advitech

Introduction To Risk Management

Risk management is recognised as an integral part of good management practice. It is an iterative process consisting of steps which, when undertaken in sequence, enable continuous improvement in decision-making. Risk management is the term applied to a logical and systematic method of establishing the context, identifying, analysing, evaluating, treating, monitoring and communicating risks associated with any activity in a way that will enable organisations to minimise loss and maximise opportunities.

Risk may be treated variously by avoidance, by transfer, by acting upon causes, and by managing consequences. Any or all of these strategies may be appropriate in particular circumstances:

  • Risk may be avoided by not proceeding with the activity in the first place - care needs to be taken that this is an appropriate avoidance rather than simply a failure to address the problem.
  • Risk may be transferred in whole or part to another party, eg. via insurance.
  • Risk likelihood and consequence may be reduced by addressing causes - and by using barriers such as procedural or engineering controls.
  • Consequences may be mitigated if contingency plans are prepared, including means of financing the risk.

A number of approaches are used to determine the relative importance of risk scenarios and how to decide the allocation of resources for treatment. Quantitative methods are helpful when statistical information is available for certain events, such as the failure of devices or systems. Often this is collected from industry-wide sources, enabling a degree of confidence when developing probability distributions. On the other hand, qualitative analysis can be used in assessing whether one situation is of greater risk than another.

Risk assessment is an important step when organisations are considering the actions and resources to be committed to risk reduction strategies. Without it, organisations cannot be confident that resources are being sensibly applied as part of their risk management obligations.

The main elements of a risk management process are shown in the figure at right. It starts with the organisation identifying its potential risk situations, then follows a path through describing, assessing, evaluating and treating risks. National standard AS/NZS 4360 Risk Management* provides more guidance.

This approach helps organisations identify their risk situations and rank their importance prior to making decisions. It collects qualitative judgements of event consequence and event likelihood and calculates risk scores for ranking. It allows information to be kept in summarised form as a risk register, thus retaining knowledge from previous iterations so that further improvements can be made at any time. It recognises that new insights will be gained through a rational analysis of system performance and business operations.

Basic Terminology


A way of describing the scope, nature and boundaries of the activity to which the risk management process is being applied, eg "OH&S," "Financial".


Tangible and intangible things of value to the organisation, relevant to the risk context.


A source of potential harm or a situation with potential to cause loss.

Consequence Ranking

A value applied to a risk scenario, indicating the severity of the damage caused by the actualisation of the scenario.

Likelihood Ranking

A value applied to a risk scenario, indicating the likelihood of the actualisation of the scenario.

Risk Score

A descriptor or numerical value indicating the level of risk associated with a risk scenario of a particular Consequence Likelihood ranking combination. Any combination of Consequence ranking and Likelihood ranking values will produce a risk score.

Criteria Threshold

The acceptable level of risk, as determined by the user, based on the risk score. Any risk scenario with a score greater than this value is deemed to be unacceptable and will require some action to reduce the level of risk.

Risk Register

A list of identified risk scenarios together with their risk scores.

Advitech & Risk Management

Advitech Pty Limited has been providing risk management services to industry for over twenty years. For further information on risk management, contact Larry Platt on 02 4961 6544.