Plan International Australia sees the development of a strong risk culture as the overarching component of its risk management framework. Making risk management an integral part of its organisational culture is essential to improving the organisation's strategic planning and decision making. This involves ensuring that risk management is embedded into business as usual and not seen as distinct from day to day activities.
The policy sets out the way in which risks facing the Organisation should be assessed, monitored, reported and details the responsibilities within the Organisation for risk.
The Board is accountable for Plan’s systems of internal control and for the management of risk. The Finance & Audit Committee is responsible for monitoring and reporting to the Board on the effectiveness of these systems.
In its governance role, the Board of Plan assumes ultimate responsibility to ensure that adequate risk management procedures are adopted to protect the assets and undertaking of the organisation. Underpinning this policy, the Board adopts an active approach to risk management on the basis that Plan is a risk-aware organisation, rather than a risk-averse one.
The Board recognizes that prudent risk management does not require that all risks be identified and eliminated, but that procedures are in place to identify material risks arising out of the day to day operation of Plan and, where the likelihood and/or consequences of such a risk occurring demand that steps be taken to minimize, eliminate or transfer that risk, that such steps are indeed taken.
The role and responsibilities of the Financial Audit Committee (FAC) as defined in the FAC Terms of Reference in regards to risk management are:
In the context of a risk assessment framework and with a particular focus on child protection across Plan, the Committee shall review and make recommendations as to the organizations risk assessment practices and procedures and risk management systems in respect to all aspects of its operations, legal, operational, regulatory, ethical, environmental etc.
The organisation is responsible for ensuring it has its own policies for identifying, monitoring and managing significant risks.
The NED is responsible to the Board to ensure that a Risk Management Plan is developed and implemented for risk management procedures to become part of the day-to-day operation of Plan in its dealings.
The NED shall report through the Finance & Audit Committee to the Board on the development and continuing implementation, monitoring and modification of the Risk Management Plan.
The NED is responsible to review Plan’s Global Risk Register on a quarterly basis and report through the Legal and Risk team to the Financial Audit Committee and the Program Evaluation and Audit Committee of the International Board on any significant risk that could impact on the global organization.
Management is responsible for establishing and implementing the risk management system to identify, control and manage strategic, technical, operational and other material risks.
Risk management is the culture, processes and structures that are directed towards the effective management of potential opportunities and adverse effects to be within the Plan environment. The aim of this policy is not to eliminate risk, rather to manage the risks involved in all of Plan’s activities to maximise opportunities and minimise adversity.
The risk profile of the organisation can be categorised as follows:
- Hazard (Political, Environmental, Regulatory)
- Approach & method for managing risk
Plan will maintain procedures to provide the organisation with a systematic view of the risks faced in the course of our activities. Where appropriate these procedures will be consistent with the Standards Australia risk management standard, AS/NZS 4360:1999 – Risk Management.
Risks are required to be managed systematically with the adoption of a rigorous, comprehensive, transparent process for identifying, prioritising and treating all risks. Risk management involves establishing an appropriate infrastructure and needs to become part of the organisations culture. As such it requires input from all levels of the organisation with direction from the Board and senior management.