Title: Risk Management
Category: Safety and Security
Implement Date: 1 December 2009
|6.1||Strategic Risk Register|
|6.2||Directorate/Business Unit Risk Register|
|7.||Risk Treatment Managers|
|8.1||Custodial Operations and Probation and Parole|
To provide for a systematic approach to identifying, assessing, monitoring and managing risks at the strategic, business unit and project management levels within Queensland Corrective Services. The concept of risk incorporates both uncertainty and opportunity, and is not limited to hazard only.
“corrective services facility” - refer Corrective Services Act 2006, Schedule 4
The Agency is committed to managing risk in accordance with the Financial Accountability Act 2009, Financial and Performance Management Standard 2009, and the process outlined in the Australian/New Zealand Standard for Risk Management (AS/NZS4360:2004). This procedure should be read in conjunction with the Department of Community Safety (DCS) Risk Management Framework.
Refer - Risk Management Framework (Department of Community Safety) (in-confidence)
The Agency is committed to using risk management as a tool to support organisational performance, defensible decision-making and to support accountability.
The Agency will ensure a suitable system of internal control and risk management and:
Documenting, reviewing, monitoring and communicating risk processes and outcomes form part of a continuous performance improvement process. Each stage of the risk management process must be appropriately recorded. Assumptions, methods, data sources, analyses, results and the rationale for decisions must all be recorded and are an important aspect of effective and efficient corporate governance.
The main elements of the risk management process are:
Refer to - Risk Management Framework (Department of Community Safety) (in-confidence), Safety Risk Management Policy (Department of Community Safety); Guidelines for the Management of Risk; and Guidelines for Maintaining the Risk Management System; Australian/New Zealand Standard for Risk Management (AS/NZS4360:2004)
The Commissioner for Corrections is accountable to the Director-General for ensuring that all risk management responsibilities are met within the Queensland Corrective Services division.
All deputy commissioners, executive directors, directors, and general managers are accountable for the implementation, integration and maintenance of sound risk management processes in their respective areas of responsibility.
All Agency staff are responsible for identifying and managing risk in their area of operation and reporting of those risks they cannot manage to their supervisors.
Coordination and monitoring of risks at the departmental level is undertaken by the Audit and Risk Management Working Group
The Committee monitors the internal control and risk management environment within the Department of Community Safety.
The Queensland Corrective Services Strategic Risk Register must be maintained by the Risk Management Coordinator, Queensland Corrective Services, concentrating on high to extreme risk. The high to extreme risks recorded in a Directorate or Business Unit Risk Register will be reported by the Coordinator to the Board of Management for review and analysis.
The Strategic Risk register must also include any risks pertinent to the Agency not otherwise included in business unit registers. For a detailed description of the processes and templates used in identifying, analysing, evaluating and monitoring risks refer to the Guidelines for Maintaining the Risk Management System.
The Strategic Risk Register must be updated-
Strategic Risk Registers are subject to review by the Internal Audit Branch.
Risks of strategic significance (high to extreme) must be reported to the Director-General through the Board of Management.
Directorate/Business Unit Risk Registers must be made available to the Internal Audit Branch during the course of their operational audit program.
Risk Registers of each work unit must be updated-
Copies of updated Risk registers must be provided to the Risk Management Coordinator, Queensland Corrective Services, who must review the registers for consistency in defining, assessing and treating risk across the state.
Generally, a risk of strategic significance (high to extreme) will have a single Risk Treatment Manager assigned to it, however, the Board of Management reserves the right to determine if more than one Risk Treatment Manager is required. Risk Treatment Managers are responsible for ensuring the reporting and coordination of the completion of risk mitigation strategies. Risk Treatment Managers are responsible for ensuring that mitigation strategy's are implemented and monitored.
The Agency's Board of Management must oversee the Agency's compliance with the State's Counter-Terrorism Risk Framework, as well as the Agency's ongoing involvement in counter-terrorism activities and exercises.
This corporate role requires the identification of the nature and source of potential business interruptions (including acts or threats of terrorism), analysing the consequences of such events and implementing strategies to effectively mitigate and manage any disruption.
Interruptions can include, but not limited to:
Refer procedure - Contingency Planning
Custodial Operations and Probation and Parole must develop a Business Impact Analysis (BIA) to identify processes that are to be implemented at a corrective services facility to ensure the successful recovery of critical services from an interruption to normal business operation.
Refer appendices - Business Impact Analysis (in-confidence); Guidelines for Completing Business Impact Analysis (in-confidence)
Correctional centres must develop a Business Continuity Plan (BCP) to provide recovery plans for identified critical services.
Refer appendices - Corrective Services Facility Business Continuity Plan Template (in-confidence); Guidelines for Completing Business Continuity Plans (in-confidence)
Appropriate training and instruction on risk management procedures must be developed and maintained by the Principal Officer, Risk (Department of Community Safety) to enable staff, supervisors and managers to discharge their responsibilities. Training may be delivered through induction programs, workshops and other facilitated seminars.