Skip to main contentData Migrators Documents

Risk Management Policy

This page describes Data Migrators’ policy and procedures around risk management.

Overview

See Purpose.

Purpose

To clarify Data Migrators’ policy on Risk Management, and the processes that support that policy.

Scope

This Policy applies to all Company officers, employees, partners, and contractors to facilities and systems controlled by the Company. The policy extends to all current and future activities, and new opportunities.

Where necessary, more detailed risk management policies and procedures will be developed to cover specific areas of the Company’s operations, such as financial management and business management.

Policy

Recognition of the need for risk management

Data Migrators recognises the need for risk management to feature as a consideration in strategic and operational planning, day-to-day management and decision making at all levels in the organisation.

A commitment to implement risk management effectively

Data Migrators is committed to managing and minimising risk by identifying, analysing, evaluating and treating exposures that may impact on the Company achieving its objectives and/or the continued efficiency and effectiveness of its operations. Data Migrators will incorporate risk management into its organisational planning and decision-making processes. Risk management must also be included as a consideration in sectional and operational planning as a delegated line management responsibility. Data Migrators staff must implement risk management according to relevant legislative requirements and appropriate risk management standards.

A commitment to training and knowledge development in the area of risk management

Data Migrators is committed to ensuring that all staff, particularly those with management, advisory, and decision making responsibilities, obtain a sound understanding of the principles of risk management and the requisite skills to implement risk management effectively.

A commitment to monitor performance and review progress in risk management

Data Migrators will regularly monitor and review the progress being made in developing an appropriate culture of risk management and the effective implementation of risk management strategies throughout the organisation as a basis for continuous improvement.

Principles

Responsibility for Risk Management

Risk must first and foremost be managed at the corporate level as part of the Company’s good governance and corporate management processes. Risk management is considered an integral part of all management and decision-making functions within Data Migrators. The responsibility for the identification of risk and the implementation of control strategies and follow up remains a delegated line management responsibility. All stakeholders have a significant role in the management of risk. This role may range from initially identifying and reporting risks associated with their own jobs to participation in the risk management process. Data Migrators Directors will facilitate the introduction and monitoring of risk management into key areas of Data Migrators’ activities

Objectives of and Rationale for Risk Management

  1. Data Migrators, in its need for risk management, aims to:
    • facilitate and review risk management activities across the institution through Data Migrators Directors;
    • integrate risk management into the management culture of the Company; and
    • foster an environment where staff assume responsibility for managing risks.
  2. To secure its commitment to implement risk management effectively, Data Migrators aims to:
    • implement risk management across all aspects of the Company in accordance with best practice guidelines.
  3. To secure its commitment to training and knowledge development in the area of risk management, Data Migrators aims to: ensure that performance in risk management is a consideration in the Company’s performance management systems; and ensure that staff and other stakeholders have access to appropriate information, training and other development opportunities in the area of risk management.
  4. To secure its commitment to monitoring performance and reviewing progress, Data Migrators aims to:
    • ensure that appropriate monitoring, review and reporting processes are in place in the area of risk management.
  5. The objectives of risk management are to:
    • provide a structured basis for strategic, tactical and operational planning across Data Migrators;
    • enhance Data Migrators’ governance and corporate management processes;
    • enable Data Migrators to effectively discharge its statutory and legislative financial management responsibilities;
    • provide a practical framework for managers to assess risks inherent in the decisions they take;
    • assist and motivate decision makers, at all levels, to make good and proactive management decisions that do not expose Data Migrators to unacceptable levels of risk of unfavourable events occurring which adversely impact on the attainment of organisational goals; encourage and commit decision makers to identify sound business opportunities that will benefit Data Migrators without exposing the Company to unacceptable levels of risk;
    • minimise the risks of not identifying sound business opportunities;
    • protect Data Migrators from unacceptable costs or losses associated with its operations;
    • safeguarding of Data Migrators’ resources - its people, finance, property and reputation;
    • assist Data Migrators in achieving its strategic objectives; and
    • create an environment where all staff assume responsibility for risk management

Procedures

Whole of Company Risk Management Process

Risk must first and foremost be managed at the corporate level as part of Data Migrators’ good governance and corporate management processes. This process, coordinated and facilitated by Data Migrators Directors, will involve the following key steps:

  1. an annual risk identification exercise undertaken by Data Migrators Directors, which involves assessment of the consequence and likelihood of risk, the development and/or review of individual risk management plans for the risks identified which exceed the Organisation’s defined acceptable risks;
  2. wherever practicable the inclusion of a Risk Management Assessment for all business activities;
  3. the incorporation of risk management into Company strategic planning, and operational and resource management planning processes;
  4. annual review of the risk management activities by Data Migrators Directors;
  5. at least annual assessment by Data Migrators Directors of action taken in respect of risk management;
  6. ensure risk management processes are incorporated into the quality assurance and improvement systems of the Company;
  7. clearly define and document escalation procedures for risk management;
  8. ensure a consistency in approach of responses to the same risk by different sections of the Company;
  9. document all risks with a potentially high impact, as assessed on the basis of their likely occurrence or impact; and
  10. test documented risk management procedures at appropriate intervals.

Risk Management as a Delegated Line Management Responsibility

Risk management is a delegated line management responsibility. It is the responsibility of all line managers to continually monitor their areas of responsibility to ensure that risks are identified and managed. Line managers should ensure that a contribution is made to the whole-of-Company risk management process, on behalf of their areas of responsibility, that identifies risks at all levels.

The sharing of documented responses to risks and knowledge of risk management principles and procedures will be fostered between line managers to ensure consistency across the Company.

On an annual basis, line managers should review all activities to ensure that any unacceptable risk exposures are identified and managed at an appropriate level. All operational sections will be required to report on risk management as part of the institution’s annual operational and resource management process.

Individual

Each employee or other stakeholder throughout the Company has a role in the risk management process and is responsible for actively participating in the risk management process as appropriate to their position within the Company.

Management of Risks Associated with New Opportunities

In addition to the risks that already exist, the Company is continually exposed to new risks particularly from the introduction of new activities. The new risks should be incorporated into the initial planning and assessment processes conducted prior to undertaking the activity and, subsequently, into the annual risk management assessment at the appropriate level(s) of activity and management.

Principles to be Applied

The principles of risk management shall be applied to all areas of risk exposure, insurable and non-insurable, and shall include, but not be limited to the following areas:

Insurable Risks

Non-Insurable Risks

  • Insurable workplace health and safety risks
  • Insurable fraud and corruption prevention activities
  • Unauthorised use of resources which represent an insurable risk
  • Reputation and image as an insurable risk
  • Fire prevention measures and security precautions
  • Property loss and damage
  • Computer security
  • Vehicle fleet management
  • Professional negligence
  • Other liability exposures
  • Legal liability
  • Non-insurable workplace health and safety risks
  • Non-insurable fraud and corruption prevention activities
  • Unauthorised use of resources which represent a non-insurable risk
  • Reputation and image as a non-insurable risk
  • Crisis contingency planning and disaster recovery
  • Accounting controls that are not cost effective
  • Loss of key staff and intellectual property
  • The impact of globalisation on risk exposures
  • Management system inadequacies and poor work quality
  • Failure or disruption of a major income source or investment

Review

Data Migrators Directors will regularly monitor and review the progress being made in developing an appropriate culture of risk management and the effective implementation of risk management strategies throughout the organisation.

Guidance on Acceptable Risk

Through its monitoring, review and reporting functions, Data Migrators’ Directors will ensure that the Company maintains a consistent approach to its assessment of acceptable risk.

Documentation

Each stage of the risk management process shall be appropriately documented. The extent of documentation required is dependent on the nature of the risk. Documentation will be controlled so as to inform part of an auditable quality management process.

Compliance

A representation and compliance statement should be provided by each project manager as formal acknowledgement of their responsibility to comply with risk management policies and procedures. Each employee should have included in their Position Description a responsibility for risk management, and Annual Performance Appraisals should include an appropriate assessment thereof.

Staff Development

Management shall ensure that staff have available to them appropriate information and training opportunities in risk management as appropriate to their position and role within Data Migrators.

References

None.

Related Documents

Definitions and Terms

None.

Edit this page on GitHub
Previous
Policies: Risk Assessment Policy
Next
Policies: Secure Software Delivery Lifecycle

      This site was last updated on 24 July 2023

      ©2020 Data Migrators Pty Ltd

      Data Migrators

      DM Icon RGB White