Risk Management Policy Version rev 2 Date 31/05/2024
WDMOC inc recognises that risk is inherent in a motorcycle club and that everyone in it manages risk. WDMOC inc promotes the adoption of a culture which embraces a strategic and formal approach to risk management which improves decision-making and enhances outcomes and accountability.
This risk management policy is to provide a way of managing WDMOC inc’s potential liability exposure.
It is not to create another level of compliance but to educate and to create a culture of risk awareness in day-to-day activities in a convenient and cost-effective manner.
1. This Risk Management Policy contains:
(a) information on the concept of risk and its application
(b) roles and responsibilities regarding the implementation and ongoing working of the policy
A Risk Management Plan which contains:
(a) procedures, principles, techniques and tools to be applied in all areas of risk exposure with special emphasis on safety and other risks which may affect WDMOC Inc
(b) an outline of how the risk management process is to be conducted on a day-to-day basis.
WDMOC Inc will have A Risk Register to:
· record the findings of internal risk assessments
· potential risks identified
· current controls in place to mitigate risks and/or suggested improvements on controls.
2. REGULATORY REQUIREMENTS
There is legislation in place for the management of specific risks, etc. Internal Risk management does not relieve WDMOC inc of its responsibility to comply with legislation such as relating to Workplace Health and Safety, Equal Opportunity, or similar obligations.
3. RESPONSIBILITIES
All Members are responsible for minimising risks to themselves, others and WDMOC inc.
The WDMOC inc. Committee, with the assistance of the risk assessment committee, has the ultimate responsibility for successful risk management, with the “ride lead” taking responsibility for that day’s ride.
4. THE RISK MANAGEMENT PROCESS
WDMOC inc’s approach to risk management requires a number of key steps:
1. identify risks
2. analyse risks
3. evaluate risks and
4. treat risks
This risk management process includes communicating and consulting with stakeholders, and the continuous monitoring and review of risks. The process adopted by WDMOC inc is explained below:
Communicate and Consult
WDMOC inc will communicate and consult with relevant internal and external stakeholders as appropriate at each stage of the risk management process and for the process as a whole.
Types of risk
(a) Risks can be classified into 5 types:
· Strategic Risks - protection of intellectual property, pursuing or not pursuing a new opportunity.
· Operational Risks – breakdown of procedures or technology causing service delays, data security, dealing with WHS risks.
· Financial Risks - increase in interest rates, non-payment by member/s, managing bad debts.
· Compliance – failure to comply with a regulation or standard, responding to the introduction of new legislation.
· Environmental - external risks that WDMOC inc has little control over such as major storms or natural disasters, global financial crisis, changes in government legislation or policies.
Note: Risks can fit more than one type. For example, a change in government policies may impact environmental as well as compliance risks.
Identifying Risks
Risk identification involves asking and answering the following questions:
· What can happen, where and when?
· How and why might it happen?
By asking these questions, risk identification is a simple process requiring a systematic approach to identifying risks.
Identification Methods
Both retrospective and prospective risks need to be considered.
Retrospective risks are seen as incidents or accidents that have occurred in the past.
There are many sources of information about retrospective risks including:
· hazard or incident logs or audit reports
· complaints
· accreditation documents and reports
· member surveys
· newspapers or professional media, such as journals and websites.
Prospective risks are harder to identify. These are things that have not yet happened, but might happen in the future.
Methods for identifying prospective risks may include:
· brainstorming with members and external stakeholders
· researching the economic, political, legislative and operating environment
· interviewing members to identify potential problems
· flow charting a process
· reviewing system design or preparing system analysis.
Analysing risks
The objective is to provide the Committee with the top 5 to 10 most important risks which shape the club’s performance. It will enable proper risk oversight by the Committee.
This step in the process involves analysing the likelihood and consequences of each identified risk to determine its severity and ensure that relevant actions can be implemented. The analysis, generally, utilises a qualitative approach, however from time to time a quantitative approach may be possible based on data available.
To assist the analysis process, a three-by-rating scale will be used. Through use of the rating scale, a clear picture of the risk degrees associated with each risk can be identified allowing the Club to prioritize resource usage to manage the most critical risks.
Within the Risk Register, each identified risk is assigned a level for both Likelihood and Consequence, in line with the three-point descriptive rating scales detailed below. These figures are then multiplied together to provide a Risk Rating.
Risk analysis involves asking and answering the following questions:
What is the likelihood of the risk happening?
What will be the consequence if the risk occurs?
The rating scales are detailed as follows:
Qualitative measures of Likelihood
· . Unlikely
· . Possible
· . Almost certain
Qualitative Measures of Consequence
Risk rating
· . High
Major risks that are likely to arise and have potentially serious consequences requiring urgent attention or investigation
· . Medium
Medium risks that are likely to arise or have serious consequences requiring attention
· . Low
Minor risks and low consequences that may be managed by routine procedures
Evaluating risks
Risk evaluation involves deciding whether the identified risk rating is acceptable, after considering:
· . the controls already in place
· . the cost impact of managing the risks or leaving them untreated
· . benefits and opportunities presented by the risk
· . the risks borne by other stakeholders.
During this process, the risk rating identified during the analysis step, is compared against all other risks and the known priorities and requirements of WDMOC inc. Any risks that have been accorded a rating that is too high are adjusted with a record of the adjustment being retained for tracking purposes.
The outcome is a list of risks, with agreed priority ratings, recorded in the Risk Register.
Treat Risks
Treatment strategies will aim to achieve one or a combination of the following outcomes:
· . risk elimination (avoidance or discontinuance)
· . risk transfer
· . risk reduction
· . risk retention/acceptance
The types of actions that may result can involve:
· . education & training
· . administration controls (i.e. policy and/or procedures)
· . audits
· . contingency planning
· . risk transfer (including insurance).
Treatment strategies will be recorded into WDMOC inc’s Risk Management Action plan. Responsibility for implementation of the Action Plan will be assigned to the relevant Committee members. Implementation will involve integration into existing procedures including budgeting, event management, development of resources, and communication systems.
6. RISK MONITORING AND REVIEW
6.1 Procedure
The Committee will periodically assess the effectiveness of risk treatment measures. They will undertake periodic reviews, including an annual review.
6.2 Risk Closure
When all recommended actions have been undertaken and the risk is either reduced to an acceptable level or eliminated altogether, the risk will be closed off. This will involve the risk being updated to the status ‘closed’ on the Risk Register and transferred to a closed items register.
7. COMMUNICATE AND CONSULT
7.1 Communication and consultation play an integral part in WDMOC inc’s Risk Management framework. Using WDMOC inc’s established communication strategies, identified risks will be brought to the attention of relevant members. This includes:
. email correspondence
. website
. club meetings
. media releases (where necessary).
The WDMOC inc Risk Management Policy adopted at Board Meeting held on 30 May 2024
Endorsed by General Meeting 11 July 2024
WDMOC inc recognises that risk is inherent in a motorcycle club and that everyone in it manages risk. WDMOC inc promotes the adoption of a culture which embraces a strategic and formal approach to risk management which improves decision-making and enhances outcomes and accountability.
This risk management policy is to provide a way of managing WDMOC inc’s potential liability exposure.
It is not to create another level of compliance but to educate and to create a culture of risk awareness in day-to-day activities in a convenient and cost-effective manner.
1. This Risk Management Policy contains:
(a) information on the concept of risk and its application
(b) roles and responsibilities regarding the implementation and ongoing working of the policy
A Risk Management Plan which contains:
(a) procedures, principles, techniques and tools to be applied in all areas of risk exposure with special emphasis on safety and other risks which may affect WDMOC Inc
(b) an outline of how the risk management process is to be conducted on a day-to-day basis.
WDMOC Inc will have A Risk Register to:
· record the findings of internal risk assessments
· potential risks identified
· current controls in place to mitigate risks and/or suggested improvements on controls.
2. REGULATORY REQUIREMENTS
There is legislation in place for the management of specific risks, etc. Internal Risk management does not relieve WDMOC inc of its responsibility to comply with legislation such as relating to Workplace Health and Safety, Equal Opportunity, or similar obligations.
3. RESPONSIBILITIES
All Members are responsible for minimising risks to themselves, others and WDMOC inc.
The WDMOC inc. Committee, with the assistance of the risk assessment committee, has the ultimate responsibility for successful risk management, with the “ride lead” taking responsibility for that day’s ride.
4. THE RISK MANAGEMENT PROCESS
WDMOC inc’s approach to risk management requires a number of key steps:
1. identify risks
2. analyse risks
3. evaluate risks and
4. treat risks
This risk management process includes communicating and consulting with stakeholders, and the continuous monitoring and review of risks. The process adopted by WDMOC inc is explained below:
Communicate and Consult
WDMOC inc will communicate and consult with relevant internal and external stakeholders as appropriate at each stage of the risk management process and for the process as a whole.
Types of risk
(a) Risks can be classified into 5 types:
· Strategic Risks - protection of intellectual property, pursuing or not pursuing a new opportunity.
· Operational Risks – breakdown of procedures or technology causing service delays, data security, dealing with WHS risks.
· Financial Risks - increase in interest rates, non-payment by member/s, managing bad debts.
· Compliance – failure to comply with a regulation or standard, responding to the introduction of new legislation.
· Environmental - external risks that WDMOC inc has little control over such as major storms or natural disasters, global financial crisis, changes in government legislation or policies.
Note: Risks can fit more than one type. For example, a change in government policies may impact environmental as well as compliance risks.
Identifying Risks
Risk identification involves asking and answering the following questions:
· What can happen, where and when?
· How and why might it happen?
By asking these questions, risk identification is a simple process requiring a systematic approach to identifying risks.
Identification Methods
Both retrospective and prospective risks need to be considered.
Retrospective risks are seen as incidents or accidents that have occurred in the past.
There are many sources of information about retrospective risks including:
· hazard or incident logs or audit reports
· complaints
· accreditation documents and reports
· member surveys
· newspapers or professional media, such as journals and websites.
Prospective risks are harder to identify. These are things that have not yet happened, but might happen in the future.
Methods for identifying prospective risks may include:
· brainstorming with members and external stakeholders
· researching the economic, political, legislative and operating environment
· interviewing members to identify potential problems
· flow charting a process
· reviewing system design or preparing system analysis.
Analysing risks
The objective is to provide the Committee with the top 5 to 10 most important risks which shape the club’s performance. It will enable proper risk oversight by the Committee.
This step in the process involves analysing the likelihood and consequences of each identified risk to determine its severity and ensure that relevant actions can be implemented. The analysis, generally, utilises a qualitative approach, however from time to time a quantitative approach may be possible based on data available.
To assist the analysis process, a three-by-rating scale will be used. Through use of the rating scale, a clear picture of the risk degrees associated with each risk can be identified allowing the Club to prioritize resource usage to manage the most critical risks.
Within the Risk Register, each identified risk is assigned a level for both Likelihood and Consequence, in line with the three-point descriptive rating scales detailed below. These figures are then multiplied together to provide a Risk Rating.
Risk analysis involves asking and answering the following questions:
What is the likelihood of the risk happening?
What will be the consequence if the risk occurs?
The rating scales are detailed as follows:
Qualitative measures of Likelihood
· . Unlikely
· . Possible
· . Almost certain
Qualitative Measures of Consequence
Risk rating
· . High
Major risks that are likely to arise and have potentially serious consequences requiring urgent attention or investigation
· . Medium
Medium risks that are likely to arise or have serious consequences requiring attention
· . Low
Minor risks and low consequences that may be managed by routine procedures
Evaluating risks
Risk evaluation involves deciding whether the identified risk rating is acceptable, after considering:
· . the controls already in place
· . the cost impact of managing the risks or leaving them untreated
· . benefits and opportunities presented by the risk
· . the risks borne by other stakeholders.
During this process, the risk rating identified during the analysis step, is compared against all other risks and the known priorities and requirements of WDMOC inc. Any risks that have been accorded a rating that is too high are adjusted with a record of the adjustment being retained for tracking purposes.
The outcome is a list of risks, with agreed priority ratings, recorded in the Risk Register.
Treat Risks
Treatment strategies will aim to achieve one or a combination of the following outcomes:
· . risk elimination (avoidance or discontinuance)
· . risk transfer
· . risk reduction
· . risk retention/acceptance
The types of actions that may result can involve:
· . education & training
· . administration controls (i.e. policy and/or procedures)
· . audits
· . contingency planning
· . risk transfer (including insurance).
Treatment strategies will be recorded into WDMOC inc’s Risk Management Action plan. Responsibility for implementation of the Action Plan will be assigned to the relevant Committee members. Implementation will involve integration into existing procedures including budgeting, event management, development of resources, and communication systems.
6. RISK MONITORING AND REVIEW
6.1 Procedure
The Committee will periodically assess the effectiveness of risk treatment measures. They will undertake periodic reviews, including an annual review.
6.2 Risk Closure
When all recommended actions have been undertaken and the risk is either reduced to an acceptable level or eliminated altogether, the risk will be closed off. This will involve the risk being updated to the status ‘closed’ on the Risk Register and transferred to a closed items register.
7. COMMUNICATE AND CONSULT
7.1 Communication and consultation play an integral part in WDMOC inc’s Risk Management framework. Using WDMOC inc’s established communication strategies, identified risks will be brought to the attention of relevant members. This includes:
. email correspondence
. website
. club meetings
. media releases (where necessary).
The WDMOC inc Risk Management Policy adopted at Board Meeting held on 30 May 2024
Endorsed by General Meeting 11 July 2024