Definition of Risk

A risk is defined by the Australia/New Zealand Standard for Risk Management (AS/NZS 4360:2004)  as  “…the possibility of something happening that impacts on your objectives.  It is the chance to either make a gain or a loss.  It is measured in terms of likelihood and consequence.” 

The effective management of risk enables you to maximise opportunities and achieve your outputs.  As outlined in the Risk Management process, the risk assessment is undertaken within the context of your goals.  The identification / validation of your goals is therefore a critical first step in the risk management process.  Effective risk management requires a thorough understanding of the context in which your Department or Agency operates.  The analysis of this operating environment enables you to define the parameters within which the risks to your outputs need to be managed.  The context sets the scope for the risk management process.  The context includes strategic, organisational and risk management considerations.  According to the Standard, strategic context defines the relationship between the organisations and its environment.  Factors that influence the relationship include financial, operational, competitive, political (public perceptions / image), social, client, cultural and legal.  The definition of the relationships is usually communicated through frameworks such as the SWOT (Organisational strengths, weaknesses, opportunities and threats) and PEST (Political, Economic, Societal, and Technological).  The organisational context provides an understanding of the organisation, its capability and goals, objectives and strategies. 

According to the Standard, organisational context is important because: 

a.        risk management occurs within the context of endeavouring to achieve the goals and objectives,

b.       failure to achieve the objectives is one set of risks that need to be managed, and

c.        the goals and strategies assist to define whether a risk is acceptable or unacceptable. 

The risk management context defines that part of the organisation (goals, objectives, or project) to which the risk management process is to be applied. 

Useful References -    Standards Australia SAA/NZS HB 143: 2004, Guidelines for managing risk in the Australian and New Zealand public sector -    Standards Australia SAA/NZS HB 221:2003, Business Continuity Management -   Standards Australia (risk management portal) This site includes details about the purchase of electronic and hard copies of their publications and products