What are the commonly used terms in context to risk management?
Risk - The chance of something happening that will impact upon objectives. It is measured in terms of consequences and likelihood.
Risk Identification - The process of determining what can happen, why and how events arise as the basis for further analysis.
Risk Evaluation - The process used to determine risk management priorities by comparing the level of risk against predetermined standards, target risk levels or other criteria.
Risk Control - Part of risk management that involves the implementation of policies, standards, procedures and physical changes to eliminate or minimise adverse risk.
Risk Rating - The combined effect of the likelihood of the occurrence of the event and the severity of the impact of the event
Likelihood - Used as a qualitative description of probability or frequency
Risk Avoidance - An informed decision not to become involved in a risk situation
Impact - The outcome of an event expressed qualitatively or quantitatively, being a loss, injury, disadvantage or gain. There may be a range of possible outcomes associated with an event.
Why do we need to identify risks and controls?
Understanding what risks are associated with particular activities helps us avoid undesirable events or problems. By considering the risks, better plans and processes can be put in place to avoid the potential problem or minimise the consequences if something undesirable does happen despite our efforts to ‘control’ the risk.
While identifying risks is an important aspect of healthy financial management, arguably more important, is putting in place control activities that minimise the risks to an acceptable level.
Why do we need controls?
It is the University’s mission to achieve the objectives as detailed in the Strategic Intent. Associated with these objectives are risks to their achievement. Controls help manage these risks. In short, control activities help achieve the University’s mission.
Who do I contact if I have a query on a control activity?
UNSW Finance has established a control support team (risk champions) to assist the university with implementing efficient and proactive control.
How do I know when I have enough control?
The level of required control will always be determined by balancing the cost or risk with the benefit achieved by managing the risk. You should always assess the likelihood and impact of a control both before and then after control activities to determine when you have enough control activities in balance.