1. Why:
1.1 Describe how risks, improvements, opportunities (reviews) are managed.
1.2 To ensure that concerns with systems, projects, operations, products and services are identified, isolated, fixed, escalated and changed effectively.
1.3 To plan, conduct and verify actions and effectiveness of reviews resulting from nonconformances, customer complaints, interested party concerns, environmental incidents, safety incidents, risk assessments, hazard management.
2. Who:
2.1 The managing consultant ensures this procedure is implemented and maintained.
2.2 All personnel, associates, stakeholders and interested parties can submit matters for consideration.
3. Documents:
3.1 Review register
3.2 Hazard Register
3.3 Risk Register
3.4 Objectives Register
4. How:
4.1 General
4.1.1 Each of the business processes deal with concerns, dissatisfaction, nonconformance, variations, incidents, risk assessments, etc. Records of each are maintained as part of those processes, for example service delivery variations are controlled through the Projects Procedure.
4.1.2 This procedure aims to manage concerns, variations, nonconformances and to implement management system improvements and changes by eliminating the root causes of existing problems; by taking corrective action; eliminating the causes of potential problems by taking preventive action; and searching for improvement opportunities.
4.1.3 This procedure describes the formal escalation for any of the above as well as controlling change as a result of internal / external audits, formal customer complaints, environmental incidents, safety incidents, risk assessements, hazard assessments and the need to eliminate the potential causes of nonconformance.
4.2 Review Management
4.2.1 Anyone can identify and submit a review for consideration. This can include (but not limited to); risk assessments, improvements, opportunities, safety issues, environmental issues, client complaints, system changes, suggestions, audit reports, management reviews, corrective actions for nonconformity, or preventive actions to eliminate potential causes of nonconformity.
4.2.2 Upon submission, the managing consultant will consider the review and as needed, ensure appropriate controls are put in place to manage the situation.
4.2.3 Any review requiring controls and any subsequent actions will be raised and managed through the review register. As part of this process, further escalation to subsequent management review registers such as; Hazard Register, Risk Register, Objectives Register, Aspects Register.
4.2.4 The components and details of the review register ensures the relevant actions and records are generated until an effective conclusion is realised
4.3 Business risk management
Business risk is the possibility of unforeseen circumstances in which the business will experience adverse conditions that result in loss or failure. Risks are managed by; identification, assessment, control, and review. Identification of risk usually is but is not limited to, observation, communication, audit, RIO, etc as described above. As needed such matters are then escalated to the relevant register for further management.
Risk assessment involves analysing the inherent risk and considering the components of likelihood and consequence. The residual risk is determined by considering the likelihood and consequence following the implementation of risk control options. The level of risk associated with particular hazards is assessed against two criteria: the probability that the identified situation will occur; and the likely outcome should that situation occur. Once a risk has been identified, resources will be allocated to determine how likely it is that specific circumstances could occur and what the consequence of those circumstances could be. This should include identifying factors that may be contributing to the risk, reviewing that is reasonably available from an authoritative source and is relevant to the particular risk, evaluating the likelihood of an event occurring and the likely severity of the outcome, and identifying the actions necessary to eliminate or control the risk; and identify records required to ensure that the risks are eliminated or controlled.
The inherent level of risk associated with each event is determined when the risk is identified. Risk management actions are developed as required to achieve the highest level of effectiveness. Risk categories and frameworks are identified in the myDemo risk matrix to help complete the details of an entry in the strategic risk register which also details the controls needed for mitigation.
4.4 Ongoing risk assessment
All risks are assessed as and when needed. However, the risk register is assessed and planned at intervals to ensure appropriate controls are managed. Such reviews are based on the following criteria: high/high - every 12 months, high/moderate - every 24 months, moderate/mderate - every 36 months and all others as needed.
Reviews
| Name | Type | Started | Target | Status |
|---|---|---|---|---|
| risk register due dates | Productivity | 31 Oct 2022 | 30 Dec 2022 | Closed |
| objectives register - annual review | Rolling | 20 Feb 2023 | 28 Feb 2030 | Open |
| risk register - procedure update | Opportunity | 20 Feb 2023 | 28 Feb 2030 | Closed |
| Risk Register - annual reviews | Rolling | 21 Aug 2023 | 31 Aug 2033 | Open |