2.8 Risk management
Risk management is a part of everyday operations that for some entities is best integrated into aspects of asset management decisions.
Risk identification and mitigation are key aspects of the day-to-day management of most entities. Entities that have significant asset portfolios or whose assets are integral to their ability to deliver program outcomes, are more likely to also integrate risk management into aspects of the decision-making processes associated with asset management. Risk arises out of uncertainties about future events and their associated consequences, and is the chance of something happening that will impact on the asset portfolio’s ability to meet the program delivery requirements of the entity. Table 2.6 details how an organisation could identify the key risks relating to asset acquisitions.
Table 2.6: Identification of asset acquisition risk
| Factor | Description |
|---|---|
| Risk identification | Identify risk associated with the asset purchase or asset holding. What risk does the asset pose to the entity and what would cause this to occur? |
| Risk assessment | Assess the likelihood and consequence of the risk occurring. |
| Risk mitigation | Develop strategies for predicting and treating the risk. |
| Risk allocation | Allocate responsibility for implementing the risk treatment strategy. |
| Monitoring and control | Identify emerging risks and the consequent changes to existing risks that require changes to the risk treatment strategy. |
Once the exposures for each risk have been identified they can be prioritised to determine if the exposure requires treatment, what risk mitigation strategies are required, and how the risks can be quantified. This can be achieved by looking at the likelihood of the risk occurring and the consequence if it does occur. The Commonwealth Procurement Guidelines advise that risks should be borne by the party which is best placed to manage them. The Comcover branch within the Department of Finance and Deregulation provides risk management advice, information and other services to assist entities in identifying and treating risk.
Having identified its asset management related risks an entity has several options available to treat exposures to risks that include acceptance, risk mitigation, avoidance and risk sharing. Table 2.7 details these options.
Table 2.7: Treatment of risk exposures for assets
| Option | Outcome | Option rationale |
|---|---|---|
| Acceptance | Accept and retain the exposure to risk. | An entity may choose to make an informed decision to accept a risk associated with asset ownership, for example because of its specialised function. |
| Risk mitigation | Manage the effect of exposures to risk and losses | This involves developing asset solutions that prevent or reduce the likelihood of a risk occurring or limit the consequence should it occur. |
| Avoidance | Avoidance Avoid or reject the exposure to risk. | An entity may make a decision to not expose the organisation to the potential risk resulting from asset ownership, by, for example, leasing it. |
| Risk sharing | Share the risk exposure with another party. | It is mandatory for all general government sector entities to insure their property assets and the Commonwealth’s Comcover fund is designed as the primary insurance cover for all government assets. An entity may also share the effects of exposure to risks if it is unable to manage them, through partnering arrangements (joint ventures, etc) and contracts (outsourcing, etc). |
Quantification of risk can be achieved through analysing exposures against two predetermined criteria, and this is detailed in Table 2.8.
Table 2.8: Quantification matrix for asset risk identification and assessment
| Matrix | Identification | Assessment |
|---|---|---|
| Identification matrix | Area of risk that may be exposed to loss: health and safety, environmental conditions, legal, contractual, strategic, political, assets and property, financial and commercial, etc. | Source of risk: things that possess the potential to cause harm through their effect on those entities exposed to loss. |
| Assessment matrix | Consequence: the impact of the risk if it occurs. | Likelihood: that a risk may occur, i.e. the probability that the consequence will occur. |