Skip to main content.

Managing risk in organisations

Material about enterprise risk management, ISO 31000 and related risk management standards, how to develop ERM frameworks and how to implement them in your organisation.

  • Learning lessons and root cause analysis

    Organisations use root cause analysis to learn lessons from both successes and failures, and then to develop plans that will improve performance. This tutorial describes consistent and systematic methods that can be adopted for learning lessons and generating improvements. It describes two methods: fishbone analysis, and cause and effect analysis.

    Read more
  • Bow tie analysis

    Bow tie analysis is a simple process for identifying where new or enhanced controls may be worthwhile. It is a core part of risk treatment planning, particularly where there is a high level of risk or where control effectiveness is assessed as low.

    Read more
  • Controls 5: Developing an assurance program

    This tutorial is for directors and managers who need assurance that critical controls are in place and working, and that they will work in the future if they are needed. To be effective, assurance must be a planned and deliberate activity. This tutorial discusses how to develop an assurance plan that is appropriate for your organisation.

    Read more
  • Process and guidewords for organisational HAZOPs

    When organisations change their structures, there is great value in stress-testing the proposed new arrangements to ensure they will work as intended, and will not generate unintended adverse outcomes. Organisational HAZOPs provide one way of doing this. This technical note outlines the process we use for organisational HAZOPs and the guidewords we recommend for such studies.

    Read more
  • Showing that effective risk management adds value

    We have been advising large businesses and government entities on enterprise risk management (ERM) for many years. Managers often ask us to justify why they should invest in ERM and how they can demonstrate its value in measurable terms. This guidance note distils some of the empirical evidence on the benefits an organisation should expect from an effective ERM framework and process. The way each organisation implements change and assesses its benefits will depend on their context and culture.

    Read more
  • Controls 3: Conducting a simple control self-assessment

    This tutorial is for managers who need assurance that critical controls are in place and working, and that they will work in the future if they are needed. The approach described here will be useful for risk owners, for the key controls associated with their risks; for control owners, for the controls for which they are accountable; and for those managers who conduct assurance activities.

    Read more
  • Controls 2: Introduction to control design

    This tutorial is for line managers who are also risk owners, first to help them to think about where new or modified controls might be necessary, and then to select the most appropriate kinds of controls to address the risks for which they are responsible.

    Read more
  • Controls 1: Introduction to control assurance

    This tutorial introduces important concepts associated with controls and control assurance. The ideas and definitions provided here form a basis for more detailed material discussed in other related Broadleaf tutorials.

    Read more
  • Headline risks – seeing the big picture

    Risk assessments are often undertaken in great detail, or several assessments are conducted on different parts of an organisation, project or program. The detail may be appropriate for tactical decisions and specific risk treatment planning, but there is often too much detail for high-level decisions and important insights about the whole organisation might pass unnoticed. Headline risks provide a high-level summary of what might happen and what the consequences might be. This resource note describes how headline risks can be developed and used, with examples from recent case studies.

    Read more
  • Introductory guide: Preparing for a risk assessment

    This guide is designed for anyone needing to carry out or take part in a risk assessment who is not familiar with the process. Risk assessment is only part of risk management but it is often where people enter the process for the first time.

    Read more
  • Getting the most out of risk assessment

    Dr Stephen Grey made a presentation on recent developments in qualitative risk analysis to the Melbourne Chapter of the Project Management Institute on 29 April 2014. It covered 3 topics; recent developments in approaches to risk management, the benefits a risk assessment can bring to a project team outside of the core risk management activity, and what we can learn from the relationships between risks.

    Read more
  • Governance oversight and the risk management framework

    The risk management framework is the foundation for effective risk management. The new ASX Principle 7 requires organisations to implement a sound framework and for boards to carry out annual assessments of the effectiveness of these frameworks. This means that organisations have to move on from sending reports containing 'lists of risks' to Boards to provide them with information on their framework and its effectiveness. This presentation describes a risk management framework and its components and shows how companies can report to a board on the effectiveness of its approach to risk management.

    Read more
  • Effective risk management under PGPA

    Broadleaf has developed a range of innovative risk management services to assist Commonwealth entities in meeting their risk management obligations under the new *Public Governance, Performance and Accountability Act 2013* (the PGPA Act).

    Read more
  • Starting points

    The starting point for a discussion about risk management might not always use the language of a formal standard. This material sets out requests and questions we sometimes receive with explanations and links to material that can clarify how to address them.

    Read more
  • Risk assessment and risk treatment

    This tutorial describes a practical approach to risk assessment and risk treatment based on ISO 31000. It stresses the importance of preparation to ensure the assessment is efficient, suitably rigorous and reliable.

    Read more
  • Evaluating the effectiveness of risk management

    This guide describes a systematic way of finding how effective is an organisation’s current approach to managing risk, leading to a realistic improvement program. It stresses how management must be involved in all stages to ensure success.

    Read more
  • Enterprise risk management

    This guide describes how organisations can go about the transition needed to achieve a more encompassing and less silo-based approach to managing risk. It includes practical advice on a simple, seven-step process that we recommend organisations adopt to ensure a successful transition

    Read more
  • A simple guide to risk and its management

    This guide describes the current definition of risk and how risks can be characterised. The risk management process is discussed in the context of that definition and the concepts of risk appetite and risk tolerance are explained. Finally, the guide describes briefly how organisations can put risk management into practice through a framework.

    Read more
  • Starting out with risk management

    If you are interested in developing your risk management practices in general or need to carry out a focussed exercise on a specific project or business venture, you will find a few pointers here.

    Read more