This topic provides guidance on the development of a risk management framework. It looks at the Australian standards for risk and the useful guidelines laid down by the ASX which are equally applicable across all organisations. It considers relevant risk management tools and how they may be used, together with other important aspects of risk management including business continuity, reputational risk and, finally, risk transfer (or insurance).

The purpose of this topic is to provide the reader with a ready-reference and some useful practical guidance on the most important aspects of risk management for any legal counsel or company secretary.

Risk is an inherent part of everyday business activity. Without some measure of risk, business would not be transacted. Generally, the higher the level of risk, the higher the level of return. However, every organisation needs to understand its tolerance for risk and consider its risk appetite in order to effectively manage organisational risk.

The key is to identify and manage risks through a pro-active approach to risk management, which enables a company to understand its risk environment and anticipate new and evolving risks. A risk management framework that enables the effective identification and management of risk is an integral component of good corporate governance.

See Risk management framework.

There are several tools that are commonly used in risk identification and management, including:

• risk management policies and procedures;

• risk and control self-assessment;

• risk profiling;

• risk registers;

• risk matrix;

• scenario analysis; and

• loss event databases.

See Relevant tools used in risk management.

Enterprise-wide risk management is a holistic approach to risk management that incorporates the risk management needs of the entire organisation into a single risk management framework.

See Enterprise-wide risk management.

Business continuity management is a risk mitigation activity that enables a business to maintain operations during or in the wake of significant business interruption, whether that interruption is from a natural disaster, major technological incident or other serious event.

See Business continuity.

Insurance can be an effective means of transferring risk, especially where the probability of the risk occurring is volatile and/or the risk has the potential to be highly damaging.

There are two fundamental duties in relation to the establishment of an insurance contract: the duty of good faith and the duty of disclosure.

See Insurance.