SECTION 7 SCOUTSAFE 7.8 RISK ASSESSMENT HANDBOOKscoutsqld.com.au/.../QBSI-7.8-Risk-Assessment-Handbook.pdfQueensland Branch Scouting Instructions (QBSI) SECTION 7 SCOUTSAFE: CHAPTER

Queensland Branch Scouting Instructions (QBSI) SECTION 7 SCOUTSAFE: CHAPTER 7.8 RISK ASSESSMENT HANDBOOK (Version 1) Page 1 of 15

SECTION 7 SCOUTSAFE 7.8 RISK ASSESSMENT HANDBOOK

7.8.1. INTRODUCTION

Risk Management exists on three levels: strategic, operational and activity. The strategic and operational risk registers overlay the activity risk register. Development of risk registers will complement and adhere to the Queensland Branch policy and overall strategic plan for the development and direction of Scouting in Queensland. Definitions of the terminology used throughout this document are available in Appendix 1.

7.8.1.1. QUEENSLAND BRANCH CORPORATE RISK ATTITUDE

Realising opportunity

Throughout this document reference is made to the acceptance of risk where the acceptance thereof is necessary to realise opportunities considered beneficial to the Branch. To be risk adverse can stifle progress and stagnation can result, on the other hand, to recklessly take on avoidable risk can result in irreparable harm to the Branch. When realising opportunity involves the need for the voluntary assumption of significant levels of risk the following principles needs to be considered:

(a) the potential benefits must clearly outweigh the assumption of the risks involved; (b) a balance needs to be established and all the risks freely accepted need to be

identified and treated to minimise the likelihood of harm to the Branch; (c) irrespective of the perceived benefits, the integrity of the Branch’s Enterprise Risk

Management context must not be compromised; (d) the principles contained in the Branch’s Risk Attitude Statement are to be carefully

considered and applied in all instances. Risk Attitude Statement - general acceptance criteria principles

The following Risk Attitude Statement is not designed to be a definitive list and/or totally descriptive in its definitions. It is intended to provide a broad outline upon which Leaders and Branch management can base risk acceptance decisions, i.e. what is justifiable, what is not and what is integral to the Branch risk ethic. Risk Attitude Statement

When considering opportunities that may involve the assumption of risk considered to be out of normal bounds, the following should be considered before making the decision to proceed otherwise.

Class Acceptance/Non-Acceptance

Financial

There will be no acceptance of decisions that have a significant negative impact on Branch’s long term financial sustainability.

Financial viability over the short, medium and long term must be highly certain.

Legal and Regulatory

There will be no acceptance of any non-compliance with legal, professional and regulatory requirements.

People

There will be no acceptance for compromising the safety and welfare of our Members and professional staff.

There will be no acceptance for the preventable loss of valued


volunteer leadership and professional staff due to unreasonable management action.

There will be no acceptance for compromising the welfare and safety of members of the public.

Operational

There is considerable acceptance for the improved efficiency of the Branch operations.

In considering opportunities a disciplined approach to the management of risk must be taken.

There is considerable acceptance for improvements to service delivery.

There will be no acceptance for running the Branch (which includes all its Formations) in a manner that does not meet the reasonable expectations of stakeholders.

Environmental

There will be no acceptance for operational decision making that does not have a sound basis.

There is considerable acceptance for decisions that promote ecologically sustainability.

There will be no acceptance of decisions that cause environmental harm especially those that are likely to result in government intervention.

Strategic

There is acceptance for the Branch Leadership to respond to the changing environment and seize opportunities where necessary.

Ethical

There will be no acceptance of the failure to conduct business honestly and ethically.

Reputation

There will be no acceptance for damage to the reputation of the Branch and Scouting generally.

No “justifiable” adverse media coverage is acceptable.

Leadership The Branch’s (which includes all its Formations) approach to managing its risk should set an example to the rest of the community.

Scouting Traditions and Community Support

There will be considerable acceptance of decisions that promote the maintenance of Scouting traditions and membership satisfaction.

There will be no acceptance of decisions that will have an adverse effect on community and political support and confidence.

7.8.2. ATTRIBUTES OF RISK AND RISK REGISTERS

Strategic Risks

These are aligned at the corporate perspective and encompass the Office of Chief Commissioner, the Branch Executive Committee, Branch Council and Executive Manager. The 2020 Plan, being the organisation’s strategic direction, sits at this level. Generally they will affect all of the organisation and its ability to survive and function according to its Charter and strategic priorities. The risks identified and recorded at a strategic level not only impact upon the organisation in an overall sense but will overlay the operational risk process and provide a clear direction in each of the risk contexts. Operational Risks

These are aligned more to the Queensland Branch operational plans which reside with and encompass the Branch (including the Regions, Districts and Groups business operations). They will include issues which have the potential to impede the ability to deliver specific services and activities as outlined in the 2020 Plan. They are therefore influenced by the


2020 Plan. The operational risk register will overlay the activity risk processes and provide a link between each of the contexts. Operational risks are issues that affect the viability of formational objectives and delivery outcomes. Activity Risks

Activity level risks are aligned with the 2020 Plan’s strategic priorities and continue the focus on internal and external relationships with our stakeholders. They may be further broken down to demonstrate that the activities of the Queensland Branch (which includes all its underlying Formations) meet strategic and operational priorities. These risks target the activities of the organisation. They are issues that affect the basic operations of the organisation and could impact on the delivery of outcomes. They are not limited to physical activities and rightfully reside at all formations from Queensland Branch to Group level. They target the specific activities delivered by the Branch (including the Regions, Districts and Groups business operations) and from a Branch Support Office perspective, its business processes. They are more mechanical procedures than strategic or operational. Project Risks

Project level risks are generally aligned with the 2020 Plan priorities in the context that approval for a specific project is predicated on a need to achieve one or more corporate objectives. These risks target the issues that are likely to affect the successful outcome of the project. They are not limited to physical activities rightfully reside at all Formations from Branch to Group level. The primary purpose of conducting a project risk assessment is to identify and mitigate the risks associated with the project that could impede its successful outcome. The general principles and procedures for the assessment of risk, as contained in this handbook, remain valid for project risks, however when assessing project risks it is necessary to look at these from two directions:

(a) the project risk - the risk of the project failing; (b) the corporate risk - this may include incurring additional risks, or the failure to

mitigate existing risks, because of the failure of the project. When considering project risks, multiple risk ratings need to be considered. For example:

(a) a specific project may have little impact on the Branch if it failed and the risk rating assigned may be classified as “low” from a corporate perspective;

(b) when assessing the risks associated with the successful realisation of the project, the prevailing conditions may return a high chance of failure and a rating of major may be assigned from a project perspective;

(c) both risk ratings, the risk of the project failing and the overall corporate risk, need to be identified and presented to the relevant level of leadership for a decision on the future of the project. This will allow an objective decision to be made on whether or not the project warrants the allocation of additional resources to ensure its success or if it should be postponed, abandoned, wound back etc.

If a project is considered to be important from a corporate perspective, and the risk of failure is high, then positive steps need to be taken to reduce the project’s risk of failure and offset the adverse corporate risk exposure.


A risk register covering project risks will follow the usual format, address the usual corporate risks, however it will be expanded to address the specific risks that may give rise to the failure of the project. It is also envisioned that this register will cross reference risks embedded in the Branch’s strategic, operational and activity risk registers so that a full appreciation of the project’s impact can be appreciated. The project consequence table is incorporated herein (refer appendix 9). The existing likelihood table (refer appendix 5) contains various options which are suitable for identifying a suitable likelihood priority for project risks. The expansion of this table to include the allocation of a “% probability” and a “description” was for this specific purpose. The existing risk analysis matrix (refer appendix 6) is suitable for allocating risk priority rating for project risks. Workplace Health & Safety Risks

WH&S level risks are generally aligned with the 2020 Plan priorities in the context that the safety and wellbeing of our Members, professional staff and the public are of the highest priority. The Branch Risk Management Committee has created specific guidelines and procedures for the administration of WH&S risks. This document is not designed to in anyway replace or detract from these guidelines and procedures; to the contrary, the prime purpose of including reference to WH&S risks is to institutionalise WH&S risk management in the Branch’s formal Enterprise Risk Management program. In a general sense the WH&S consequence table (appendix 8) should be read in conjunction with the corporate consequence table (appendix 4) and treated as an additional resource from which to sit in judgement on the WH&S risk component of a risk assessment. When dealing with risks associated with specific activity and or work procedures the WH&S guidelines and procedures take precedence over this document and should be used on all occasions. The existing likelihood table (refer appendix 5) and the risk analysis matrix (refer appendix 6) apply to the rating of WH&S risks. These also form part of the formal WH&S procedures. The primary purpose of conducting a WH&S Risk Assessment is to identify and mitigate the human risks associated with the Risk Assessment under consideration. As mentioned above these risks are considered to be of the highest priority. In support of this, reference is made to the Corporate Risk Attitude Statement contained in this document and the Branch’s Enterprise Risk Management Framework. In respect to safety it states:

(a) there will be no acceptance for compromising Member and professional staff safety and welfare;

(b) there will be no acceptance for compromising the welfare and safety of members of the public.

Unlike the previous section covering project risks, it is considered that the need for multiple risk assessments is unlikely in the context of a non WH&S specific risk assessment as the importance of human safety is unquestioned and it should be built in to any and all risk assessments and not treated in isolation.


In a WH&S specific configuration [i.e. when considering a series of tasks associated with a particular activity] it is highly probable that multiple risk assessments will be required. If in doubt consult with the Branch Risk Management Committee. Environmental Risks

Environmental level risks are generally aligned with the 2020 Plan priorities in the context that the community values the environment and expectations are high in this respect. Queensland Branch has in place specific guidelines and procedures in place for the administration of environmental risks. This document is not designed to in anyway replace or detract from these guidelines and procedures; to the contrary, the prime purpose of including reference to environmental risks is to institutionalise environmental risk management in the Branch’s formal Enterprise Risk Management program. In a general sense the environmental consequence table (appendix 9) should be read in conjunction with the corporate consequence table (appendix 4) and treated as an additional resource from which to sit in judgement on the environmental risk component of a risk assessment. The existing likelihood table (refer appendix 5) and the risk analysis matrix (refer appendix 6) apply to the rating of environmental risks. These also form part of the formal environmental risk management procedures. The primary purpose of conducting an environmental risk assessment is to identify and mitigate the environmental risks associated with the risk assessment under consideration. As mentioned above these risks are considered to be of the highest priority. In support of this, reference is made to the Corporate Risk Attitude Statement contained in the document and the Branch’s Enterprise Risk Management Framework. In respect to the environment it states:

(a) there is considerable acceptance for decisions that promote ecologically sustainable development;

(b) there will be no acceptance of decisions that cause environmental harm, especially those that are likely to result in DERM intervention.

The importance of environmental risk is clearly unquestionable and they should be carefully considered and built in to any and all risk assessments and not treated in isolation. If in doubt consult with the Branch Risk Management Committee.

7.8.3. RESPONSIBILITIES IN MANAGING RISK

This handbook provides essential information required for all involved in identifying and controlling Branch’s risks and in the development of Risk Registers for each individual Formation and the Branch Support Office operations. It highlights the:

(a) Risk Management approach and its context within the Queensland Branch; (b) Strategic, operational, activity, project, WH&S and environmental level risks and

processes; (c) Risk Categories and risk control measures; (d) Methodology and terminology.

Appendix 2: Highlights the Risk Management Flow Chart in accordance with Australian Standard AS/NZS ISO 31000:2009. Appendix 3: highlights the nature of risk (also known as the Risk Category), i.e. people,


financial etc. and provides guidance on the risk types usually associated with the risks. Appendices: Appendix 1 Definitions Appendix 2 Risk Management Flow Chart Appendix 3 Nature of Risk & Relevant Risk Category Appendix 4 Consequence Table Appendix 5 Likelihood Table Appendix 6 Risk Analysis Matrix Appendix 7 Supplementary Consequence Table #1 - Project Risks Appendix 8 Supplementary Consequence Table #2 – WH&S Risks Appendix 9 Supplementary Consequence Table #3 – Environmental Risks Forms: Appendix F1 Risk Register Template Appendix F2 Individual Risk Treatment Action Plan

7.8.4. SCOUTING’S VISION

For Scouting to be recognised as the pre-eminent and dynamic Movement for youth opportunities and the development of young people who contribute as responsible citizens to the community

7.8.5. SCOUTING’S MISSION

The Mission for Scouting is to extend to every community the opportunity to deliver Scouting using the Fundamental Principles, Educational Methods and recreational activities to develop self-reliant, supportive and committed people. This is achieved by:

(a) involving them throughout their formative years in a non-formal educational process;

(b) using a specific method that makes each individual the principal agent in his or her development as a self-reliant supportive, responsible and committed person;

(c) assisting them to establish a value system based upon spiritual, social and personal principles as expressed in the Promise and Law.

7.8.6. QUEENSLAND BRANCH SCOUTSAFE APPROACH

Queensland Branch is committed to the development of pro-active Risk Management strategies that reduces risks to our Members, community and the financial stability of the Branch. Overall objective

‘To develop and establish an effective Enterprise Risk Management System which will promote a risk reduction ethic and lead to a safer environment for Members to enjoy the “Great Game of Scouting” as they develop the life skills they need to take them into constructive citizenship.’ Risk Management objective

The objectives of the project are to clearly identify the risks faced by Queensland Branch and to identify treatment strategies. These treatment strategies will be tailored to each risk individually and will include preventative, recovery and additional control measures as appropriate. Risk Management vs. Risky Management “Management” may be defined as the process of planning, organising, leading and controlling the resources and activities of an organisation in order to fulfil its objectives most


cost-effectively. On the other hand, “Risk Management” is the process of making and carrying out decisions that will minimise the adverse effects of accidental losses upon an organisation. They are not at odds. They would be best described complimentary as Management without Risk Management is in reality “Risky Management” A Risk Culture A risk culture is not tantamount to creating a culture marked by fear and paranoia. Instead, the ideal risk culture is one that is steeped in a commitment to executing activities according to approved processes while also maintaining a balance that fosters initiative and innovation. It displays a deep seated commitment to the achieving of organisational goals and objectives and the preservation of financial resources, organisational prestige and basic human values. No amount of insurance can compensate for human suffering in all its manifestations.

7.8.7. RISK CONTEXT

General Introduction and Overview Risk is inherent in every activity and is a fundamental and necessary element of any activity if the organisation is to move forward. Risk Management is a business tool and an integral part of good governance, management and planning processes. It establishes principles for the management of risk rather than the elimination of the activity and forms one element of the overall decision making process. Queensland Branch is committed to:

(a) promoting a culture of awareness and active management of risks; (b) providing regular education to its Members in Risk Management practices; (c) using generally accepted best practice for managing its risks; (d) regular assessment of its exposure and development of plans to reduce its level of

risk; (e) prioritisation of risks so that resources can be devoted to managing high priority

risks; (f) regular monitoring to its Risk Management plans to ensure that they are achieved; (g) provision of information and reports to decision-makers so that they are able to

make informed decisions; (h) requiring all Members and full time professional staff and other stakeholders to

assume responsibility for managing risks within their own areas; (i) developing systems that continually improve our ability to manage risks and reduce

our exposure. Risk Management involves adopting and applying a systematic process to identify, analyse, evaluate, treat and monitor risk so that it is reduced and maintained within an acceptable level. The management of Queensland Branch’s risks is a “top down” approach focusing on three major areas.

(a) Strategic level risks. (b) Operational level risks. (c) Activity level risks.

This document outlines the context within which the main three areas of risk will focus and detail the impact areas across Queensland Branch. Throughout all future Risk Management activities whether it is a new program or review, the guidelines and scope should be


delivered within the boundaries outlined within the established risk context. The determination of the context “sets the scene” of the Risk Management process. The context provides:

(a) Scope; (b) Objectives; (c) Relationship to Queensland Branch; (d) Risk criteria; (e) Acceptance criteria.

The risk context provides the criteria in which to define the risk and future direction in the control thereof. This prevents scope creep within the exercise and assists with project delivery. The risk context provides the criteria in which to define the risk and future direction in the control thereof. This prevents scope creep within the exercise and assists with project delivery. The context has been established for each of the three major risk levels combining the relationship to the organisation to the level of risk. Risk Acceptance Criteria

The risk acceptance criterion determines at what point a risk should be accepted by the organisation. This information is generally based on general principles of risk acceptance. These principles need to be considered in light of the current situation. General Principles Risks should be accepted when one or more principles apply:

(a) the financial cost of reducing the risk outweighs the benefits; (b) the reduction of one risk creates one or more risks of a greater risk rating; (c) reduction of the risk significantly interferes with the achievement of the Branch’s

strategic objectives and or service or outcome of delivery. Risk Acceptance Plan

The Risk Acceptance Plan demonstrates the Branch’s risk mitigation strategy to ensure: (a) no extreme risks are accepted; (b) no high risks are accepted without all reasonable control measures in place and

signed off; (c) all medium and low risks are monitored and have all control measures in place.

Summary

The context has outlined the direction and scope for Risk Assessment within each of the three levels of risk utilised throughout the Queensland Branch. It is a living document designed to provide guidelines for the Risk Assessment. As a living document it is designed to change with the Branch’s increased understanding of risk and the implementation of Risk Management processes. It must always reflect any changes in the Branch’s risk profile and control methodology Risks are constantly changing along with the environment in which we work. Nothing is sedentary and to use an old adage the only thing we know for certain is that things will change. Risk Management establishes a continuous process to cater for such changes within this environment. The process being undertaken in the Queensland Branch follows the principles as set out in the Australian Standard AS/NZS ISO 31000:2009 for Risk Management. The standard recommends a documented process from risk identification through to


development of treatment strategies. This process applies to the strategic, operational and activity risk registers. appendix 2 - Risk Management flow chart provides a brief outline of the risk process to be undertaken. Strategic Priorities

Firstly it is essential that the strategic priorities are identified as these must dictate the direction of the Queensland Branch to our internal and external “customers”. The priorities are broken down into:

(a) what our Members and the community expects and our commitment to them; (b) our organisation and our stewardship over its direction and sustainability.

The Branch’s objectives and strategic priorities provide the basis of the strategic context. It is important that these priorities are outlined in this document to define the context scope. In making decisions about whether to accept, avoid or treat risks close regard needs to be given to these priorities. Strategies for managing and treating risk must be designed and implemented in a way that furthers the achievement of these strategic priorities. For example, the Branch has little desire to accept any risks that may damage biodiversity. Such risks would therefore need to be avoided or carefully managed to an acceptable level. OUR ORGANISATION Organisational Leadership Effective leadership through caring, accountable and ethical standards of behaviour. Financial Management Ensure the long term financial viability of the Branch and provide accountability in financial management. Knowledge Management Increase the intellectual capital of the organisation through training and retaining of Leadership. Traditions of Scouting Ensure the traditions of Scouting are retained with flexibility to meet changing community needs. People Management Development of organisational values and people behaviours in order to achieve the Aims and Principles of the Association. Safety & Welfare of Members Development of standards and procedures in order to ensure the safety and development of Members. Image Ensure the image and values of Scouting are vigorously promoted. THE COMMUNITY Natural Environment Ensure the enhancement of the environment through adherence to the Australian Scout Environment Charter. Community Service Provide a range of community services and activities to support the basic qualities of community life through the training and personal development of youth. Youth Affairs Take a leading role in advising Government and the Community generally on contemporary and emerging youth needs. Image Ensure the image and values of Scouting are vigorously promoted.

7.8.8. PROCESS AND TERMINOLOGY

7.8.8.1. AUSTRALIAN STANDARD AS/NZS ISO 31000:2009

In order to ensure that the Branch has continuity of process and methodology each level of


Risk is linked through standardised terminology of Australian Standard AS/NZS ISO 31000:2009 and the organisation structure. The following information is reoccurring throughout each risk context level: (a) Risk categories; (b) Risk acceptance criteria.

7.8.8.2. HOW TO DETERMINE RISK

Risk Assessment Forum Risks are best assessed in a formal meeting configuration. Ensure you have the expertise within the group to adequately assess the risk. This is best carried out in an atmosphere which includes:

(a) encouragement to actively participate; (b) freedom from criticism; (c) active discussion on past experiences; (d) no thought is irrelevant; (e) ideas are built on to seek a realistic assessment.

Rely on Personal Experience and Statistical Data It is imperative that when assessing a risk that those involved have the necessary experience and exposure to the risk to be able to objectively view the risk in its true context. Where this experience is limited actively seek out those who may know and refer to available statistics to formulate an informed opinion. It is unwise for a risk to be rated by one person in isolation. A group discussion often reaches a consensus which is nearer to the true value of the risk.

Over Estimation of Risk The tendency is to overstate the rating of a risk. Almost invariably the first cut of any Risk Register reflects a distorted picture of extreme and high risks. It is natural for participants to think of scenarios where the risk being assessed was present, however, often the tendency is to base the scenario on the worst case experienced as this is recalled more readily than those of lesser impact. Remember we need “balance” in the assigning of risk.

Causal Factors – Identify and Treat the Risk not the Symptoms It is easy to confuse a symptom of a risk as the risk. Care should be taken to drill down to establish what the risk is and what are the symptoms. Example: We are assessing a risk associated with equipment failure.

(a) Statistics reveal six cases of failure within the past five (5) years. (b) Injuries received in only one instance (the last). Hospitalisation required. (c) Investigations reveal that in all cases the equipment had not been inspected for at

least three (3) years. (d) In place are existing controls which require a professional inspection each 12

months and user inspection before each use. What is the causal factor requiring attention? Is it:

(a) Unavailability of procedures? (b) Lack of training? (c) Wilful defiance of procedures? (d) Managerial non-compliance? (e) Poor managerial leadership? (f) Lack of respect? (g) Something else?


It is the duty of the risk assessment team to investigate and delve into the problem until the real cause of the matter is identified. Once the causal factors have been identified and treated, the likelihood of the risk reoccurring will be reduced. Treat the symptoms and the risk will remain untreated.

7.8.8.3. CONTROL MEASURES

Our goal is to eliminate all risks which fall in the extreme and high risk categories according to the designated time frames contained in this document. In the course of conducting Risk Assessments across the organisation it may be discovered that this is not possible without inhibiting the necessary functions of Queensland Branch. The only absolute risk control measure available is that of risk avoidance which means to no longer carry out that function in any degree whatsoever, however the Association has a social responsibility to its Members which dictates that we cannot, in all cases, utilise this risk control measure. Risk is an un-avoidable part of any function. Good Risk Management is the art of controlling risk. Once the risks have been identified and realistic control measures put in place the controller of the activity can spend more energy in pursuing their goals knowing that they have prepared well for the associated risks. There are a number of factors which we must first take into consideration:

(a) the necessity for the function to be undertaken; (b) the importance of the function to achieving the Branch’s objectives; (c) the potential cost of the risk; (d) the cost associated with implementing future control measures to further reduce or

eliminate the risk. When considering acceptance of the risk as it relates to the costs, due consideration should be given to the “Law of Diminishing Returns” in as much as it may cost more to engineer out the risk than to accept the risk. However, it should be remembered that it is foolhardy to rely on insurance alone to reduce the organisational risk. The volatile nature of the insurance industry make this unwise and it should also be remembered that no amount of insurance can make up for basic human suffering and loss of organisational prestige. In rare cases it may be necessary for consideration to be given to the retention of extreme or high risks, however, this must be seen as the exception rather than the rule and acceptable only after all reasonable control measures have been implemented. Before any extreme risk or high risk is deemed to be acceptable it is proposed that risk be “signed off” by the Chief Commissioner and the Branch Executive Committee. The identified risks will be reviewed annually at which time the level of risk acceptance could change depending on Queensland Branch’s risk profile.

7.8.8.4. FIVE STEPS IN THE RISK ASSESSMENT PROCESS

The risk register template in appendix 7 will be used throughout the five steps.

1. Risk Identification (Complete columns 1 - 5 in the risk register template - appendix 7). This is the first step in the risk process. (What can happen to prevent the activity from


meeting objectives?). Identify all major activities. These activities will provide the basis of assessment. In order to identify a risk we need to understand what we do. Each activity we undertake has associated risks. Under this phase three major functions occur:

(a) Risk Identification – what are the risks? (b) Consequence - what impact could it have? (c) Existing Treatments - what do we currently do to prevent this risk occurring?

Additional Reference Material quoted from AS/NZS ISO 31000 “The organisation should identify sources of risk, areas of impacts, events (including changes in circumstances) and their causes and their potential consequences. The aim of this step is to generate a comprehensive list of risks based on those events that might create, enhance, prevent, degrade, accelerate or delay the achievement of objectives. It is important to identify the risks associated with not pursuing an opportunity. Comprehensive identification is critical, because a risk that is not identified at this stage will not be included in further analysis. Identification should include risks whether or not their source is under the control of the organisation, even though the risk source or cause may not be evident. Risk identification should include examination of the knock-on effects of particular consequences, including cascade and cumulative effects. It should also consider a wide range of consequences even if the risk source or cause may not be evident. As well as identifying what might happen, it is necessary to consider possible causes and scenarios that show what consequences can occur. All significant causes and consequences should be considered. The organisation should apply risk identification tools and techniques that are suited to its objectives and capabilities, and to the risks faced. Relevant and up-to-date information is important in identifying risks. This should include appropriate background information where possible. People with appropriate knowledge should be involved in identifying risks.” (Reference 5.4.2 - Pages 17 - AS/NZS ISO 31000)

2. Risk Analysis (Complete columns 6 - 7 in the risk register template). Once a risk has been identified the assessment attaches a rating based upon the likelihood of the risk occurring and the consequence should the risk occur. Likelihood rating - is the frequency of risk occurring. Consequence rating - is the impact to the Branch if the risk occurs The ratings are assessed according to the consequence table (appendix 4) and likelihood table (appendix 5). Risks are rated according to the likelihood and impact of the risk. Additional Reference Material quoted from AS/NZS ISO 31000 “Risk analysis involves developing an understanding of the risk. Risk analysis provides an input to risk evaluation and to decisions on whether risks need to be treated, and on the most appropriate risk treatment strategies and methods. Risk analysis can also provide an input into making decisions where choices must be made and the options involve different types and levels of risk. Risk analysis involves consideration of the causes and sources of risk, their positive and negative consequences, and the likelihood that those consequences can occur. Factors that affect consequences and likelihood should be identified. Risk is analysed by determining consequences and their likelihood, and other attributes of the risk. An event can have multiple consequences and can affect multiple objectives. Existing controls and their effectiveness and efficiency should also be taken into account. The way in which consequences and likelihood are expressed and the way in which they are combined to determine a level of risk should reflect the type of risk, the information available and the purpose for which the risk assessment output is to be used. These should all be consistent with the risk criteria. It is also important to consider the interdependence of different risks and their sources. The confidence in determination of the level of risk and its sensitivity to preconditions and assumptions should be considered in the analysis, and communicated effectively to decision makers and, as appropriate, other stakeholders. Factors such as divergence of opinion among experts, uncertainty, availability, quality, quantity and ongoing relevance of information, or limitations on modelling should be stated and can be highlighted. Risk analysis can be undertaken with varying degrees of detail, depending on the risk, the purpose of the analysis, and the information, data and resources available. Analysis can be qualitative, semi-quantitative or quantitative, or


a combination of these, depending on the circumstances. Consequences and their likelihood can be determined by modelling the outcomes of an event or set of events, or by extrapolation from experimental studies or from available data. Consequences can be expressed in terms of tangible and intangible impacts. In some cases, more than one numerical value or descriptor is required to specify consequences and their likelihood for different times, places, groups or situations.” (Reference 5.4.3 - Page 18 - AS/NZS ISO 31000)

3. Risk Evaluation (Complete column 8 “current risk rating” in the risk register template). Once risks are assessed they are then evaluated and prioritised according to the severity of the risk. Risks are rated and prioritised according to the risk matrix (appendix 6). This matrix combines the ratings from the likelihood and consequence in order to determine the overall rating. After prioritisation it is necessary to review the risks against the context to ensure that they fall within the criteria. All risks identified will be addressed, however, those that fall outside the acceptance criteria are to be specifically and aggressively dealt with during the risk control process. Additional Reference Material quoted from AS/NZS ISO 31000 “The purpose of risk evaluation is to assist in making decisions, based on the outcomes of risk analysis, about which risks need treatment and the priority for treatment implementation. Risk evaluation involves comparing the level of risk found during the analysis process with risk criteria established when the context was considered. Based on this comparison, the need for treatment can be considered. Decisions should take account of the wider context of the risk and include consideration of the tolerance of the risks borne by parties other than the organisation that benefits from the risk. Decisions should be made in accordance with legal, regulatory and other requirements. In some circumstances, the risk evaluation can lead to a decision to undertake further analysis. The risk evaluation can also lead to a decision not to treat the risk in any way other than maintaining existing controls. This decision will be influenced by the organisation's risk attitude and the risk criteria that have been established.” (Reference 5.4.4 - Page 18 - AS/NZS ISO 31000)

4. Risk Treatment (Complete column 9 - 14 in the risk register template). All risks falling outside the criteria identified and accepted in the risk context will be treated according to need. The risk controls available include: Avoid: Cease the activity causing the risk. This is the only “definite” treatment response, however, it is difficult to achieve as it means the total avoidance of the activity in which the risk is domiciled. Reduce: Implement procedures that target and reduce the causal factors associated with the risk. Transfer: Insurance, outsourcing or other contractual remedies. Accept: Monitor and review. Risks are accepted according to the criteria established in the context. It is important to understand that some risks are accepted and necessary in order to achieve our objectives. All accepted risks should be documented within the risk register (appendix F1) and monitored for changes. Unacceptable risks move onto the treatment phase. Risks deemed acceptable according to the risk acceptance criteria will be assigned dates for review and will be dealt with on an individual basis with an overall strategy applied. These


risks will not be left uncompleted. Risks accepted because of necessity will be monitored. Future treatments - what else can the Branch do to prevent this risk occurring? Residual risk rating - using the risk matrix, what is the risk rating likely to be once the future treatments are implemented? Time frame - when the future treatments are to be implemented. Responsible officer - the person responsible for the implementation of the treatments and mitigating the risk. Risk owner - the owner of the risk is responsible to ensure that the treatments are put in place. Budget - the monies allocated or required to mitigate the risk to an acceptable level. Additional Reference Material quoted from AS/NZS ISO 31000 “General Risk treatment involves selecting one or more options for modifying risks, and implementing those options. Once implemented, treatments provide or modify the controls. Risk treatment involves a cyclical process of:

assessing a risk treatment;

deciding whether residual risk levels are tolerable;

if not tolerable, generating a new risk treatment; and

assessing the effectiveness of that treatment. Risk treatment options are not necessarily mutually exclusive or appropriate in all circumstances. The options can include the following:

(a) avoiding the risk by deciding not to start or continue with the activity that gives rise to the risk; (b) taking or increasing the risk in order to pursue an opportunity; (c) removing the risk source; (d) changing the likelihood; (e) changing the consequences; (f) sharing the risk with another party or parties (including contracts and risk financing); and (g) retaining the risk by informed decision.

Selection of risk treatment options Selecting the most appropriate risk treatment option involves balancing the costs and efforts of implementation against the benefits derived, with regard to legal, regulatory, and other requirements such as social responsibility and the protection of the natural environment. Decisions should also take into account risks which can warrant risk treatment that is not justifiable on economic grounds, e.g. severe (high negative consequence) but rare (low likelihood) risks. A number of treatment options can be considered and applied either individually or in combination. The organisation can normally benefit from the adoption of a combination of treatment options. When selecting risk treatment options, the organisation should consider the values and perceptions of stakeholders and the most appropriate ways to communicate with them. Where risk treatment options can impact on risk elsewhere in the organisation or with stakeholders, these should be involved in the decision. Though equally effective, some risk treatments can be more acceptable to some stakeholders than to others. The treatment plan should clearly identify the priority order in which individual risk treatments should be implemented. Risk treatment itself can introduce risks. A significant risk can be the failure or ineffectiveness of the risk treatment measures. Monitoring needs to be an integral part of the risk treatment plan to give assurance that the measures remain effective. Risk treatment can also introduce secondary risks that need to be assessed, treated, monitored and reviewed. These secondary risks should be incorporated into the same treatment plan as the original risk and not treated as a new risk. The link between the two risks should be identified and maintained. Preparing and implementing risk treatment plans The purpose of risk treatment plans is to document how the chosen treatment options will be implemented. The information provided in treatment plans should include:


the reasons for selection of treatment options, including expected benefits to be gained;

those who are accountable for approving the plan and those responsible for implementing the plan;

proposed actions;

resource requirements including contingencies;

performance measures and constraints;

reporting and monitoring requirements; and

timing and schedule. Treatment plans should be integrated with the management processes of the organisation and discussed with appropriate stakeholders. Decision makers and other stakeholders should be aware of the nature and extent of the residual risk after risk treatment. The residual risk should be documented and subjected to monitoring, review and, where appropriate, further treatment.” (Reference 5.5 - Pages 18-20 - AS/NZS ISO 31000)

5. Monitor and Review Throughout each step in the risk methodology it is important to review the information against the:

(a) Context (b) AS/NZS ISO 31000:2009.

It is critical throughout the project that all stakeholders are consulted and updated with the most relevant information. Monitoring of the risks and controls is an important function throughout the assessment and treatment process. Risks will change depending on the environment at the time and existing controls may not always be effective, monitoring will assist in capturing those changes before the risk eventuates. Monitoring of risks and controls is also important to ensure that any adverse effects resulting from the reduction of the risk can be captured and re-assessed. The owner of the risk is responsible to ensure the monitoring and review of the risk takes place at least annually and more often for high and extreme risks. Additional Reference Material quoted from AS/NZS ISO 31000 “Both monitoring and review should be a planned part of the risk management process and involve regular checking or surveillance. It can be periodic or ad hoc. Responsibilities for monitoring and review should be clearly defined. The organisation's monitoring and review processes should encompass all aspects of the risk management process for the purposes of:

ensuring that controls are effective and efficient in both design and operation;

obtaining further information to improve risk assessment;

analysing and learning lessons from events (including near-misses), changes, trends, successes and failures;

detecting changes in the external and internal context, including changes to risk criteria and the risk itself which can require revision of risk treatments and priorities; and

identifying emerging risks. Progress in implementing risk treatment plans provides a performance measure. The results can be incorporated into the organisation's overall performance management, measurement and external and internal reporting activities. The results of monitoring and review should be recorded and externally and internally reported as appropriate, and should also be used as an input to the review of the risk management framework.” (Reference 5.6 - Page 20 AS/NZS ISO 31000).

Appendix 1: Terminology/Definitions [Supported by the Australia New Zealand Standard: AS/NZS ISO 31000:2009] Activity Risks: Issues that affect the basic services and/or could impact on delivery of target outcomes. Consequence: The outcome of an event affecting objectives. An event can lead to a range of consequences. A consequence can be certain or uncertain and can have positive or negative effects on objectives and can be expressed qualitatively or quantitatively and can escalate through knock-on effects. Control: A measure that is modifying risk. Controls include any process, policy, device, practice, or other actions which modify risk. Communication and Consultation: The continual and iterative processes that an organisation conducts to provide, share or obtain information and to engage in dialogue with stakeholders regarding the management of risk. The information can relate to the existence, nature, form, likelihood, significance, evaluation, acceptability and treatment of the management of risk. Consultation is a two-way process of informed communication between an organisation and its stakeholders on an issue prior to making a decision or determining a direction on that issue. Consultation is a process which impacts on a decision through influence rather than power; and an input to decision making, not joint decision making. Corporate Governance: Is the way in which an organisation is controlled and governed in order to achieve its objectives. The control environment makes an organisation reliable in achieving these objectives within an acceptable degree of Risk. Event: An occurrence or change of a particular set of circumstances. An event can be one or more occurrences, and can have several causes. It can consist of something not happening. It can sometimes be referred to as an “incident” or “accident”. An event without consequences can also be referred to as a “near miss”, “incident”, “near hit” or “close call”. Likelihood: The chance of something happening. Monitor: Monitoring is the continual checking, supervising, critically observing or determining the status in order to identify change from the performance level required or expected and can be applied to a risk management framework , risk management process, risk or control. Nature of Risk: Nature of Risk means, People; Financial; Property etc. Operational Risks: Issues that affect the viability of The Branch’s objectives and delivery. Residual Risk: The risk remaining after risk treatment. Residual risk can contain unidentified risk and can also be known as “retained risk”.

Risk: The effect of uncertainty on objectives. “An effect is a deviation from the expected - positive and/or negative. Objectives can have different aspects (such as financial, health and safety, and environmental goals) and can apply at different levels (such as strategic, organisation-wide, project, product and process). Risk is often characterized by reference to potential events and consequences, or a combination of these.

Risk is often expressed in terms of a combination of the consequences of an event (including changes in circumstances) and the associated likelihood of occurrence.

Uncertainty is the state, even partial, of deficiency of information related to, understanding or knowledge of an event, its consequence, or likelihood.” (Reference 2.1 – Page 1 - AS/NZS ISO 31000)

Risk Assessment: The overall process of risk identification, risk analysis and risk evaluation. Risk Attitude: The organisation's approach to assess and eventually pursue, retain, take or turn away from risk. Risk Context: Definition of the external and internal parameters to be taken into account when managing risk, and setting the scope and risk criteria for the risk management policy. Risk Context – External: This is the external environment in which the organisation seeks to achieve its objectives. “These can include the cultural, social, political, legal, regulatory, financial, technological, economic, natural and competitive environment, whether international, national, regional or local; key drivers and trends having impact on the objectives of the organisation; and relationships with, and perceptions and values of external stakeholders.” (Reference 2.10 – Page 3 - AS/NZS ISO 31000)

Risk Context – Internal: This is the internal environment in which the organisation seeks to achieve its objectives. “These can include governance, organisational structure, roles and accountabilities; policies, objectives and the strategies that are in place to achieve them; the capabilities, understood in terms of resources and knowledge (e.g. capital, time, people, processes, systems and technologies); information systems, information flows and decision-making processes (both formal and informal); relationships with, and perceptions and values of, internal stakeholders; the organisation's culture; standards, guidelines and models adopted by the organisation; and form and extent of contractual relationships.” (Reference 2.11 – Page 3 - AS/NZS ISO 31000)

Risk Criteria: The terms of reference against which the significance of a risk is evaluated. “These are based on organisational objectives, and external and internal context and can be derived from standards, laws, policies and other requirements.” (Reference 2.22 – Page 5 - AS/NZS ISO 31000)

Risk Identification: The process of finding, recognising and describing risks. “Risk identification involves the identification of risk sources, events, their causes and their potential consequences. It can involve historical data, theoretical analysis, informed and expert opinions, and stakeholder's needs.” (Reference 2.15 – Page 4 - AS/NZS ISO 31000)

Risk Management: The coordinated activities to direct and control an organisation in regard to risk. Risk Management Framework: The set of components that provide the foundations and organisational arrangements for designing, implementing, monitoring, reviewing and continually improving risk management throughout the organisation. Risk Management Plan: A scheme within the risk management framework specifying the approach, the management components and resources to be applied to the management of risk. Management components typically include procedures, practices, assignment of responsibilities, sequence and timing of activities and can be applied to a particular product, process and project, and part or whole of the organisation.

Risk Management Policy: A statement of the overall intentions and direction of an organisation related to risk management. Risk Management Process: A systematic application of management policies, procedures and practices to the activities of communicating, consulting, establishing the context, and identifying, analysing, evaluating, treating, monitoring and reviewing risk. Risk Mitigation: Developing processes and/or actions that reduce the level of Risk to the organisation. Risk Owner: A person or entity with the accountability and authority to manage a risk. Stakeholder: A person or organisation that can affect, be affected by, or perceive themselves to be affected by a decision or activity. Risk Rating: The priority assigned to a Risk for the purpose of the implementation of Control Measures and future monitoring. Risk Register: Template used to record information of the risk assessment and includes a description of the Risk, the risk ratings and the agreed treatments. Strategic Risks: Are issues that affect the sustainability of the organisation or its ability to deliver on its corporate objectives. Tasks: Are the actions or work performed in order to complete an activity. Type of Risk: Type of Risk means, Strategic, Operational and Activity.

Appendix 2: The Risk Management Process Flowchart The process and the all important inter-relationship between the “process” and “communication” is clearly demonstrated in the following diagram extracted from AS/NZS ISO 31000:2009.

Appendix 3: Nature of Risk & Relevant Risk Type The following Risk categories are designed to provide guidance on Queensland Branch’s major areas of impact across all business and activity functions. These categories may be used throughout the process of identification and assessment of Risks.

Nature of Risk Descriptor Strategic Risks Operational Risks Activity Risks

People Includes HR issues, safety & customers Leadership & innovation

Business processes, & services

Internal systems, supply chain services & products delivered

Economic & Financial

Revenue/expenses

Environmental Natural hazards

Adverse environmental consequences from operations + impact of natural hazards on operations

Assets & Property

Physical infrastructure

Leadership & Innovation

Sustainability of leadership including training and retention. Encouragement in innovation and growth in Membership.

Security All forms to protect life, property & information

Technology Data & knowledge

Capacity to support business operations

Commercial/legal liability

Contractual, public/professional & product liability, Risks of commercial ventures and Personal Injury.

Scouting Traditions

Membership dissatisfaction, loss of community/political support/confidence.

Colour Coding

These Risks are those most likely to require BHQ intervention.

These Risks are those most likely to require Regional intervention.

These Risks are those most likely to require District intervention.

These Risks are those most likely to require Group intervention.

Appendix 4: Consequence Table The consequence table provides guidance on the severity rating of a Risk should it occur.

Strategic Operational Activity Priority Consequence

Childrens’ Commission and/or Government Intervention; Prosecution; Members adversely effected; Bad Publicity Financial Loss: $250,000 - $500,000

Childrens’ Commission and/or Government Intervention; Prosecution; Members adversely effected; Bad Publicity Financial Loss: $150,000 -$250,000

Childrens’ Commission and/or Government Intervention; Prosecution; Members adversely effected; Bad Publicity Financial Loss: > $50,000

Severe

Loss of life: Fatalities have occurred. Injury/Illness: Significant injury/illness has occurred requiring hospitalisation and ongoing treatment. Membership: Potential for high impact on Membership Levels. Financial: Significant long term impact. Organisation operation change required. Environmental: Significant environmental impact with long term effects. Building/Assets: Activities disrupted. Significant loss of asset. Governance: Significant number public queries to be dealt with. Planned media releases and other media coverage required.


Childrens’ Commission and/or Government Intervention; Prosecution; Members adversely effected; Bad Publicity Financial: $100,000 - $150,000

Childrens’ Commission and/or Government Intervention; Prosecution; Members adversely effected; Bad Publicity Financial Loss: $20,000 – $50,000

Major

Loss of life: A fatality. Injury/Illness: Serious Injury/illness hospitalisation has occurred. Some ongoing treatment required. Membership: Potential for medium impacts on Membership Levels. Financial: Long term financial impact. Environmental: Medium to long term damage requiring immediate intervention. Building/Assets: Activities disrupted. Governance: Planned response to public detailing events and response. Branch Executive updated. Management intervention required. Full report to Branch Executive.




Medium

Loss of life: Nil. Injury/Illness: Minor medical or hospitalisation required with no long term effects. Membership: Potential for some impact on Membership Levels. Environmental: Minor damage short term effect. Financial: Some financial redirection required medium impact. Building/Assets: Damage occurred. Short term impact. Governance: Public concern dealt with as queries arrive. Branch Executive notified through report. Report required to Queensland Branch although matter handled during normal business operation.

Bad Publicity; Matter handled internally. Financial Loss: $20,000 - $50,000

Bad Publicity; Matter handled internally Financial Loss: $10,000 -$50,000 .

Matter handled internally. Matter handled internally. Financial Loss: $3,000 - $5,000

Low

Loss of life: Nil. Injury/Illness: Medical attention required. Membership: Potential impact on Membership Levels minimal if any. Financial: Low financial impact. Absorbed in normal business operation. Environmental: Matter handled as a part of normal business operation. Building/Assets: Minor damage does not impact on normal business. Governance: Required to address minor public concern. Incident can be handled within normal business.

Bad Publicity; Matter handled internally. Financial Loss: < $20,000

Bad Publicity; Matter handled internally. Financial Loss: < $10,000

Matter handled internally.

Financial Loss: $3,000

Insignificant

Loss of life: Nil. Injury/Illness: No medical attention required. Membership: Nil impact on Membership Levels. Financial: Insignificant financial impact. Absorbed in normal business operation. Environmental: Matter handled as a part of normal business operation. Building/Assets: No damage. Governance: Incident can be handled within normal business.

Appendix 5: Likelihood Table

Queensland Branch – Likelihood Table

Likelihood Quantification % Probability Description

Almost Certain 0-12 months 95% - 100% Expected to occur in most circumstances.

Likely 1-3 years 65% - 95% Will probably occur in most circumstances.

Possible 3-6 years 35% - 65% Might occur at some time.

Unlikely 6-10 years 5% - 35% Could occur at some time but it is improbable.

Rare Beyond 10 years < 5% May occur only in exceptional circumstances.

Appendix 6: Risk Analysis Matrix

RISK LEVELS

Likelihood

Consequences

Level 1 Insignificant

Level 2 Low

Level 3 Medium

Level 4 Major

Level 5 Severe

Lik

eli

ho

od

5 Almost Certain

M-10 H-20 H-30 E-40 E-50

4 Likely M-8 M-16 H-24 E-32 E-40

3 Possible L-6 M-12 M-18 H-24 E-30

2 Unlikely L-4 L-8 M-12 M-16 H-20

1 Rare L-2 L-4 L-6 M-8 M-10

L = Low; M = Medium; H = High; E = Extreme

Appendix 7: Supplementary Consequence Table #1 - Project Risks The consequence table provides guidance on the severity rating of a Project Risk should it occur.

Priority

Consequence

Severe

Time: Vital or legislative deadlines not met. Project Deliverables: Major deficiencies with project deliverables. Cost: 100% of budget expended without achieving any key deliverables.

Major

Time: Severe impact on project milestones. Project Deliverables: Significant requirements not met. Cost: Significant additional costs (>25% of the approved budget).

Medium

Time: Significant impact on project milestones. Project Deliverables: A number of key requirements not met. Cost: Additional costs (> 15%) requiring submission for supplementary funding.

Low

Time: Minimal impact on project milestones. Project Deliverables: Some project requirements not met. Cost: Additional costs requiring reprioritisation and/or reallocation of available funds.

Insignificant

Time: Insignificant impact on project milestones. Project Deliverables: Meets majority of requirements. Cost: Justifiable additional costs that can be absorbed in the project's budget.

Appendix 8: Supplementary Consequence Table #2 – WH&S Risks The consequence table provides guidance on the severity rating of WH&S Risks.

Priority

Consequence

Severe

People: Fatality(s) Plant & Equipment: Act immediately to mitigate risk. Implement risk treatment in accordance with

advice from Plant Assessor. Hazardous Substances: Death, toxic release of chemicals.

Major

People: Serious injury(s), requiring hospitalisation. Plant & Equipment: Act immediately to mitigate risk. Implement risk treatment in accordance with

advice from Plant Assessor. If the appropriate permanent risk treatments are not immediately accessible establish interim risk treatment strategies. Permanent risk treatments must be implemented within one week. Hazardous Substances: Extensive health effect, site shutdown.

Medium

People: Minor medical treatment required. Plant & Equipment: Take reasonable steps to mitigate and monitor the risk. Implement risk treatment

in accordance with advice from Plant Assessor. Permanent risk treatments must be implemented within one month. Hazardous Substances: Medical treatment, spillage contained with outside help.

Low

People: Minor injuries treated by first aid. Plant & Equipment: Take reasonable steps to mitigate and monitor the risk. Implement risk treatment

in accordance with advice from Plant Assessor. Permanent risk treatments must be implemented within three months. Hazardous Substances: First Aid treatment only, spillage controlled at site.

Insignificant

People: Minor incidents. No treatment required. Plant & Equipment: No hazards identified through Plant Assessor. Hazardous Substances: No potential for injury.

Appendix 9: Supplementary Consequence Table #3 – Environmental Risks The consequence table provides guidance on the severity rating of Environmental Risks.

Se

ve

re

Sta

te

Gove

rnm

en

t

involv

em

en

t

Significant environmental impact with long term effects or irreversible damage

Serious Environmental Harm (Irreversible, high impact, widespread, causes >$50,000 damage)

Offence under the legislation (e.g. 1665 to 4165 penalty units)*

Immediate containment required, extensive cleanup, extensive or ongoing remediation required

Major impact to a protected species or habitat greatly contributing to or causing localised extinction risk (in the Shire), requiring long term recovery efforts. (>40% loss of an ecosystem type, >40% loss of a species, locally).

Ma

jor

Sta

te

or

Loca

l

Go

ve

rnm

en

t

involv

em

en

t

Significant medium to long term impact, potentially reversible

Material Environmental Harm (Significant effect and extent, causes $20,001 - $50,000 damage)


Immediate containment required, large cleanup, significant remediation required Serious impact to a protected species or habitat significantly contributing to local (in the Shire) extinction pressures, requiring medium to long term recovery efforts (5-40% loss of an ecosystem type, 5-40% loss of a species, locally).

Me

diu

m

Sta

te

or

Loca

l

Go

ve

rnm

en

t

ad

vis

ed

Significant short to medium-term impact, can be reversed

Material Environmental Harm (Significant effect and extent, causes $5,001 - $20,000 damage)


Immediate containment required, medium cleanup, some remediation required Impact to a protected species or habitat, requiring short term recovery efforts (in the immediate area). (<5% loss of an ecosystem type, <5% loss of a species, locally).

Lo

w

Go

ve

rnm

en

t a

dvis

ed

ma

tte

r h

and

led

inte

rna

lly

Minor short-term impact, almost no effect, potentially cumulative if not cleaned up, reversible

Environmental Nuisance (Offensive, causes $3000-$5,000 damage)


Containment required, minor cleanup, no remediation required Minor impact to a protected species or habitat, no recovery efforts required

Ins

ign

ific

an

t

Go

ve

rnm

en

t a

dvis

ed

ma

tte

r h

and

led

inte

rna

lly

Very minor, no real effect, reversible. No impact or potential impact off site

Environmental Nuisance (Offensive, causes <$3000 damage)

Offence under the legislation (e.g. up to 67 penalty units)*

Minor cleanup, no remediation required Insignificant impact to a protected species or habitat, no recovery efforts required

*Note: Refer to EP Act Chapter 8 – for current value of penalty unit.

Appendix F1: Risk Register Template Group:

1 2 3 4 5 6 7 8 9 10 11 12 13 14

Risk Type: Strategic,

Operational or Activity

Nature: People,

Financial etc

Risk Consequence Existing Treatments

Likeli hood

Rating

Conse quence Rating

Current Risk

Rating

Control Future Treatments

Residual Risk

Rating

Time frame

Responsible Officer

Budget

Example Only – Electronic Copy Available in A4 & A3 Formats

Appendix F2: Individual Risk Treatment Action Plan

Risk Treatment Plan Risk:

Current Risk Rating:

Causal Factors:

Existing Treatments:

Resource Requirements:

Future Treatments:

Control Technique

Strategy Responsibility (By Whom?)

Date of Implementation

Residual Risk Rating (once actions have been implemented)

Sign Off:

Leader/Manager:

Responsible Officer:

Review Date:

Documents

SECTION 7 SCOUTSAFE 7.8 RISK ASSESSMENT HANDBOOKscoutsqld.com.au/.../QBSI-7.8-Risk-Assessment-Handbook.pdfQueensland Branch Scouting Instructions (QBSI) SECTION 7 SCOUTSAFE: CHAPTER