On this page
The new Policy and Advisory Library (PAL) is now available. This page will be redirected to PAL from the start of Term 3. Make sure to update your bookmarks to the new PAL site.
Purpose of this topic
To outline the Department's risk management process.
For any queries or advice, schools should email:
Risk management process
A risk management process will help to deliver objectives, promote sound decision-making, and prioritise resources. The process is outlined in the flowchart below.
The following table outlines the key steps in the risk management process.
|1. Establish the context|
Before you begin identifying risks:
- establish the environment of your objectives. This context can be assessed using PESTLE analysis, which examines the political, economic, social, technological, legal and environmental factors that affect the way you operate
- confirm the identity and concerns, issues and expectations of any related stakeholders.
PESTLE analysis (pdf - 101.76kb)
|2. Risk Identification|
Undertake a SWOT analysis to help identify risks and existing risk controls in your workplace. SWOT looks at internal and external factors, including the following:
- Strengths: what your workplace does well.
- Weaknesses: what it could do better.
- Opportunities: what is going on around you and how that might be useful.
- Threats: what might cause problems in the future.
SWOT Matrix (pdf - 113.86kb)
Then look at each risk in more detail and identify issues in the following areas.
- Causes: what would cause it to go wrong?
- Consequences: what are the effects if it does go wrong?
- Opportunity: what can go right?
- What existing controls are in place?
- Each risk should be recorded in the risk register.
Example Articulation of a Risk
|3. Risk analysis|
Risk is analysed in terms of the following:
Any existing controls should also be identified and explored. A control effectiveness chart has been developed to help you assess your current risk controls.
Control Effectiveness Chart (pdf - 59.02kb)
What is the effect of risk? Effects (consequences) are measured using the following terms:
Consequence Criteria (pdf - 501.23kb) which categorises educational outcomes, wellbeing, operational, financial, reputation and strategic factors by their level of significance.
How likely is the risk to occur? These are measured using the following descriptive terms
- almost certain
Likelihood Criteria (pdf - 83.6kb) for help in assessing likelihood.
Once determined, the consequence and likelihood can be assessed within the rating matrix to determine the overall level of risk, called the ‘current assessment’. See:
Risk Rating Matrix (pdf - 56.93kb)
Risk evaluation involves comparing the current risk rating with risk acceptability criteria established by the Department. Risks rated:
- low or medium do not necessarily require further treatments and are considered acceptable
- high or extreme will require further treatment to reduce their level of risk to a more acceptable level. Risks in this category will require a treatment, as outlined in the next step.
Acceptability Chart (pdf - 103.23kb)
|5. Risk treatment|
Risk treatment is based on the outcomes of your evaluation. Options include the following.
Share: if practical, share all or some of the risk with outsourced parties or insurers.
Terminate: cease the activity altogether.
Accept: this will require appropriate authority.
Reduce: apply additional treatments until the risk becomes acceptable.
Risk treatment is a cyclical process, starting with assessment, moving through to deciding if the risk levels are acceptable, and applying additional treatment options.Once your treatments are put in place, a second assessment is made to confirm the treatments will reduce the level of risk. This second round is called the ‘target assessment’ (after treatments) because that is where you hope the risk level will be once your treatments have been implemented. Once implemented they become existing controls.
6. Communication and Consultation
Relevant internal and external stakeholders should be consulted and updated throughout the process.
See: DET Risk Management Framework - Assessment Tools document, for a consolidated copy of the Consequence Criteria, Likelihood Criteria, Control Effectiveness, and Acceptability Charts.
Public Administration Act 2004 (Section 81, part 1b)