AS/NZS 4360-1999 Risk Management

1 Title:Licensee:Date:Conditions of use(Click here for full conditions of Licence)WWWWEB EB EB EB SSSSEARCHEARCHEARCHEARCHC heck if currentStandardsWatch (Info and Login)Find similar documentsVisit our websiteStandards AustraliaLICENCEA ustralian/ new zealand StandardTMRisk managementLicensed to Ken Madill on 15 Sep 2003. 1 user personal user licence only. Storage, distribution or use on network 4360: 1999 Licensed to Ken Madill on 15 Sep 2003. 1 user personal user licence only. Storage, distribution or use on network Joint Australian/ new zealand Standard was prepared by Joint Technical CommitteeOB/7 Risk Management . It was approved on behalf of the Council of StandardsAustralia on 2 April 1999 and on behalf of the Council of Standards new zealand on22 March 1999 .

2 It was published on 12 April following interests are represented on the Committee OB/7:Australian Computer SocietyAustralian Customs ServiceAustralian Institute of Risk ManagementDepartment of Administrative Services, AustraliaDepartment of Defence, AustraliaEnvironmental Risk Management Authority, New ZealandInstitution of Engineers, AustraliaInstitution of Professional Engineers, New ZealandInsurance Council of AustraliaInsurance Institute of New ZealandMinistry of Agriculture and Forestries, New ZealandMinistry of commerce , New ZealandMinistry of Emergency Management and Civil Defence, New ZealandLocal Government new zealand Department of Urban Affairs and Treasury Managed FundNational Insurance Brokers Association of AustraliaSecurities Institute of AustraliaThe Association of Risk and Insurance Managers of AustralasiaUniversity of New South WalesThis Standard was issued in draft form for comment as DR published as AS/NZS 4360 AS/NZS 4360 0 7337 2647 X Australian Standard is a registered trade mark.

3 Copyright Standards Association of Australia. All rights are reserved. No part of thisAustralian Standard may be reproduced, copied, stored, distributed or transmitted in anyform, or by any means, including photocopying, scanning or other mechanical orelectronic methods without the prior written permission of the by Standards Association of Australia, PO Box 1055, Strathfield NSW 2135 Review of Australian StandardsTo keep abreast of progress in industry, Australian Standards are subject to periodic review and arekept up-to-date by the issue of amendments or new editions as necessary. It is important thereforethat Standards users ensure that they are in possession of the latest edition, and any details of all Australian Standards and related publications will be found in the StandardsAustralia Catalogue of Publications; this information is supplemented each month by the magazineThe Australian Standard, which subscribing members receive, and which gives details of newpublications, new editions and amendments, and of withdrawn for improvements to Australian Standards, addressed to the head office of StandardsAustralia, are welcomed.

4 Notification of any inaccuracy or ambiguity found in an AustralianStandard should be made without delay in order that the matter may be investigated and appropriateaction to Ken Madill on 15 Sep 2003. 1 user personal user licence only. Storage, distribution or use on network 4360: 1999 Risk ManagementPrefaceThis Joint Standard was prepared by the Joint Standards Australia/Standards new zealand Committee OB/7 on Risk Management as arevision of AS/NZS 4360:1995 Risk Management . Accordingly it retainsthe objective of providing a generic framework for establishing thecontext, identification, analysis, evaluation, treatment, monitoring andcommunication of risk. It should be read in conjunction with otherapplicable or relevant Standard specifies the elements of the risk Management process, butit is not the purpose of this Standard to enforce uniformity of riskmanagement systems.

5 It is generic and independent of any specificindustry or economic sector. The design and implementation of the riskmanagement system will be influenced by the varying needs of anorganization, its particular objectives, its products and services, and theprocesses and specific practices Management is an iterative process consisting of well-defined stepswhich, taken in sequence, support better decision-making bycontributing a greater insight into risks and their impacts. The riskmanagement process can be applied to any situation where an undesiredor unexpected outcome could be significant or where opportunities areidentified. Decision makers need to know about possible outcomes andtake steps to control their Management is recognized as an integral part of good managementpractice.

6 To be most effective, risk Management should become part ofan organization's culture. It should be integrated into the organization sphilosophy, practices and business plans rather than be viewed orpracticed as a separate program. When this is achieved, risk managementbecomes the business of everyone in the for any reason it is not possible to integrate risk Management across anentire organization, it may still be possible to apply it successfully toindividual departments, processes or terminology used in this Standard has been chosen to be acceptableacross as wide a range of risks and risk Management disciplines aspossible. Words which have slightly different meanings in differentbranches of risk Management have been avoided and replaced by wordswhich might be less commonly used in current practice but which couldbe defined to have a precisely common meaning.

7 An example is the termrisk treatment which is defined to cover more than is usually meant by theterm risk control . AS/NZS 3931 Risk analysis of technological systems Application guide,(which is identical with IEC 60300-3-9:1995, DependabilityManagement, Part 3: Application guide, Section 9: Risk analysis ofLicensed to Ken Madill on 15 Sep 2003. 1 user personal user licence only. Storage, distribution or use on network 4360: 1999 Risk Managementtechnological systems) defines the risk Management process as starting atrisk analysis without the first two steps of establishing the context andidentifying risks . This definition of the risk Management process was notfollowed in this Standard because it was not sufficiently generic to riskmanagement, as practiced across all disciplines, and did not allowsufficient weight to be given to the initial steps necessary to establishmanagement of all term informative has been used in this Standard to define theapplication of the appendix to which it applies.

8 An informative appendixis only for information and to Ken Madill on 15 Sep 2003. 1 user personal user licence only. Storage, distribution or use on network 4360: 1999 Risk Management1 Scope, application and definitions Scope Application Definitions 22 Risk Management requirements Purpose Risk Management policy Planning and resourcing Implementation program Management review 63 Risk Management overview General Main elements 74 Risk Management process Establish the context Risk identification Risk analysis Risk evaluation Risk treatment Monitoring and review Communication and consultation 205 Documentation General Reasons for documentation 21 AppendicesA Applications of risk Management 23B Steps in developing and implementing a risk Management program 25C Stakeholders 28D Generic sources of risk and their areas of impact 30E Examples of risk definition and

9 Classification 34F Examples of quantitative risk expressions 36G Identifying options for risk treatment 38H Risk Management documentation 40 ContentsLicensed to Ken Madill on 15 Sep 2003. 1 user personal user licence only. Storage, distribution or use on network page has been left blankLicensed to Ken Madill on 15 Sep 2003. 1 user personal user licence only. Storage, distribution or use on network : Application1AS/NZS 4360: 1999 Risk Management1 Scope, application and ScopeThis Standard provides a generic guide for the establishment andimplementation of the risk Management process involving establishingthe context and the identification, analysis, evaluation, treatment,communication and ongoing monitoring of ApplicationRisk Management is recognized as an integral part of good managementpractice.

10 It is an iterative process consisting of steps, which, whenundertaken in sequence, enable continual improvement in Management is the term applied to a logical and systematic methodof establishing the context, identifying, analyzing, evaluating, treating,monitoring and communicating risks associated with any activity,function or process in a way that will enable organizations to minimizelosses and maximize opportunities. Risk Management is as much aboutidentifying opportunities as avoiding or mitigating Standard may be applied at all stages in the life of an activity,function, project, product or asset. The maximum benefit is usuallyobtained by applying the risk Management process from the a number of differing studies are carried out at different stages ofa : This Standard may be applied to a very wide range of activities oroperations of any public, private or community enterprise, or are given in Appendix to Ken Madill on 15 Sep 2003.