We all have to manage risk. But how well do we do it? Some basic questions to ask yourself are:

1. Is your approach to risk management largely reactive or proactive?
2. Is it impressionistic and arbitrary rather than documented and structured?
3. If asked what your approach to risk management was, would you fumble or give a coherent and comprehensive response?
4. Have you experienced problems (or even disasters) which should have been prevented and were preventable but for a failure of management?
5. Is your approach to risk management in accordance with best practice (AS ISO 31000 Risk management – Guidelines)?

Depending upon your honest answers, you will know whether you should read on or can turn straight to the back page of the newsletter.

What is a Risk Management Framework?

So, what is a Risk Management Framework or Plan? Let’s start apophatically (look it up). It cannot predict the future. It does not guarantee that problems will not happen. It does not guarantee that you will achieve your objectives. So, why bother?

A Risk Management Framework is a structured analysis of the exposure to risk of your business. It allows you to focus on areas which are likely to be of greater concern. It stops you trying to address everything or nothing or the merely incidental (however interesting or easy the latter may be to address). By analysing your business into different areas, identifying and evaluating the risks in those areas and assessing whether your current responses to those risks is adequate or excessive will enable you to deploy the resources of your business (including time) more effectively and efficiently. A Risk Management Framework should be developed to support your strategic objectives. Whether your strategic objectives are clear and well-known is perhaps a matter for another article; nevertheless, you will have some. However, if you develop strategic objectives without considering what the uncertainties and obstacles to achieving them are, you may as well not bother. A Risk Management Framework helps you to understand what those uncertainties and obstacles are and to direct your attention towards managing them. Performance also has a better chance of improving if you consider and manage uncertainty proactively. This will not guarantee the achievement of your objectives but it will help. You cannot predict or prevent the future but you can plan rationally for it.

The benefits of a Risk Management Framework

If you don’t have a Risk Management Framework, the future will still happen, you may even avoid some pitfalls but it will always be more by luck than design. Now I cannot say that you will secure cheaper debt if you have a provable and active Risk Management Framework, but it will help your relationships with your financiers, if not other stakeholders; and that must surely reap some benefits. A lack of one will make such benefits harder to secure. Risk Management not only forms part of the responsibilities of those in governance and leadership but can also be positive evidence of the existence and nature of that governance and leadership. Conversely, its absence is evidence of a failure or absence of governance and leadership.

Furthermore, all large companies must comply with AASB S2 Climate-related Disclosures from 1 July 2027 (if not sooner). AASB S2 requires relevant companies to disclose the processes and related policies to “identify, assess, prioritise and monitor climate-related risks”. Only a documented Risk Management Framework, including climate-related risks, can provide you with actual, coherent and consistent information to satisfy the disclosure obligation.

What does best practice look like?

However, there are things to be avoided in developing a Risk Management Framework. It must be practical and sail between the Scylla of too much and the Charybdis of too little detail. The former can overwhelm, whilst the latter provides no insight: both are useless. It must interact with the business and support the strategic objectives of the business. It must not be self-enclosed, generating frequent and pointless reports and meetings which are wholly self-serving. It must also be proactive and iterative: a document that sits at the bottom of a drawer – perhaps along with your long-forgotten strategic plan – is a waste of time. The occurrence of some or all of these delinquencies is an incentive to develop an effective Risk Management Framework: it is not an excuse to abandon the whole exercise. Risk Management Frameworks, even perhaps in spite of your experience, do not all have to operate like that – only bad ones. Finally, a Risk Management Framework which adopts and adapts the principles, framework and process of AS ISO 31000 Risk management – Guidelines can also claim to be following best practice.

How Pilot can help

Pilot Partners can assist with the development of Risk Management Frameworks, facilitating the process, providing template documentation to be tailored to your business needs and helping you achieve a practical, interactive, proactive and iterative approach to risk which also meets best practice standards.

You know what your financials are and you know what you want to achieve and, no doubt, you can prove these. And, you say that you do manage risk? Prove it. Show me. If you can’t, you don’t.

Contact Pilot

Risk Management is a complex and evolving area that requires a structured and considered approach to manage effectively.

If you would like to discuss any of the above areas and how they apply to your business, or need clear, practical guidance to help develop and implement risk management measures tailored to your business, contact our Risk Advisory specialists, Daniel Gill or Chris King on (07) 3023 1300.