JS Risk Management Plan, 2

Juicy Sprouts

Risk Management Plan

Mohamed Younes 2009

1

Table of Contents 1 Executive Summary ...................................................................................... 3

2 Introduction and Business Description .......................................................... 3

3 Company Description .................................................................................... 4

3.1 Type of Business ................................................................................... 4

3.2 Legal Structure ....................................................................................... 4

3.3 History .................................................................................................... 4

3.4 Mission ................................................................................................... 5

3.5 Business Objectives ............................................................................... 5

4 Definitions ..................................................................................................... 5

5 Objectives of Risk Management Plan ........................................................... 6

6 Risk Management Policy ............................................................................... 7

6.1 Policy objectives .................................................................................... 7

6.2 Policy Statement .................................................................................... 8

6.2.1 Recognition of the Need for Risk Management .............................. 8

6.2.2 A Commitment to Implement Risk Management Effectively ........... 8

6.2.3 A Commitment to Training and Knowledge Development in the Area of Risk Management ......................................................................................... 8

6.2.4 A Commitment to Monitor Performance and Review Progress in Risk Management ................................................................................................. 9

7 Interdependency with Corporate Governance and Strategic Planning .......... 9

7.1 Code of Conduct .................................................................................... 9

7.2 Evaluation and Monitoring.................................................................... 10

8 Organisation and Responsibilities ............................................................... 11

9 Risk Management Programme.................................................................... 12

9.1 Annual Risk Management procedures ................................................. 13

9.2 Risk Management Programme - Risk Treatment Timeline .................. 14

10 Risk Management Processes .................................................................. 15

10.1 Description of Risk Management Processes ........................................ 15

10.2 Risk Treatment Processes (AS/NZS 4360:2004) ................................. 16

11 Performance Management Plan .............................................................. 17

11.1 Payment Packages .............................................................................. 18

12 Risk Management Implementation Plan .................................................. 20

13 Risk Management Framework ................................................................. 22

14 Risk Identification Process ...................................................................... 23

14.1 Sources of Information for Risk Identification ....................................... 23

14.2 Scope Covered by Identification .......................................................... 23

14.3 Approaches to Identification of Risks ................................................... 24

14.4 Participants Involved in the Risk Identification Process ....................... 24

Internal ........................................................................................................ 24

External ....................................................................................................... 24

15 Risk Register with Assessed Risks .......................................................... 25

16 Risk Assessment and Risk Matrix Profile ................................................ 27

16.1 Risk Assessment Matrix ....................................................................... 27

2

16.2 Risk Acceptance/ Risk Tolerance ........................................................ 27

16.3 Qualitative Measures of Consequences .............................................. 29

17 Control Evaluation ................................................................................... 30

18 Risk Ownership and Accountability ......................................................... 32

19 Risk Impact to Business Objectives ......................................................... 33

20 Risk Appetite and Tolerance Positioning ................................................. 33

20.1 Risk Appetite/Tolerance ....................................................................... 35

21 Risk Treatment Plans .............................................................................. 36

22 Communications Plan .............................................................................. 46

22.1 Objectives of the communication ......................................................... 46

22.2 Participants to be included, .................................................................. 46

22.3 Perspectives under Consideration ....................................................... 46

22.4 Communication Methods ..................................................................... 47

22.5 Evaluation ............................................................................................ 47

23 Monitor and Review Processes ............................................................... 47

23.1 Annual Review and Assurance Statement ........................................... 48

24 References .............................................................................................. 48

25 Appendixes .............................................................................................. 48

3

1 Executive Summary This report is prepared for Juicy Sprouts in recognition that Risk Management is an essential part of good management. It contains a Risk Management Plan following a previous report of a Risk Management Framework and Risk Register. This plan is necessitated as part of strategic decision making and achieving Juicy Sprouts business objectives in the short and long term perspective of the business. This report outlines,

The identification of risk areas and priority exposures

The incorporation of appropriate risk management strategies, risk improvements and contingency planning

A treatment plan addressing each major risk within the different business risk areas

The communication process of responsibilities of stakeholders and management

The process of developing an organisation culture that recognizes the importance of risk management, corporate governance standards, quality assurance and a strive for continuous improvement

A performance management system that supports desired employee behaviour in achieving strategic goals

The monitoring and reviewing of ongoing risks to enable well informed decisions of risk controls

The importance of appropriate training and effective management of risks.

2 Introduction and Business Description

4

Juicy Sprouts is an organic vegetable grower in the Bullsbrook region of Western Australia, with its head office near Fremantle, Western Australia. When it was first purchased in January 2002, the business has a total of six employees which consisted of a manager who is also the owner of the business, his wife and four other employees. Juicy Sprouts have always aims to produce sprouts of the highest quality and to maintain customer satisfaction. The primary objective of the business has been to achieve a higher profit than the previous year and additionally to stay afloat for the next five years. Due to the growing health conscious market, the health benefits of sprouts has increased consumer demand and competitors entering the market. This has necessitated the business to review its operations so as to continue achieving its business objectives and ensuring operational efficiency. A risk assessment will therefore be used to highlight the potential risk areas of the business.

3 Company Description

3.1 Type of Business

Juicy Sprouts is a wholesale business, supplying their sprout product line to major supermarket chains including Action, Coles and Woolworths. The company also supplies sprouts to smaller stores, restaurants and cafés within the Perth region. The Sprout Factory also has overseas operations supplying sprouts to local supermarkets within the region.

3.2 Legal Structure

The existing legal structure of Juicy Sprouts is a proprietary limited company. This legal structure has limited liability on the directors. They are only liable to the extent of the company assets and equity should the company fail its financial obligation in the event that the company is insolvent. But in the event of any criminal intent by the company, the directors are personally liable.

3.3 History

5

Juicy Sprouts has been operating since 2002 and was originally a home-based business situated on a property in Bullsbrook that concentrated on a growing quality produce for smaller retailers and weekend markets. John and Mandy Smith bought the company in 2002 recognising the enormous growth potential of sprouts. John‟s horticultural background coupled with Mandy‟s business and marketing expertise which made an impressive team that has significantly grown in Juicy Sprout‟s business.

3.4 Mission

Juicy Sprouts strives to always produce sprouts of the highest quality and seek to achieve a paramount level of customer service. As their mission statement states, “Health enhancing quality of our foods and its freshness is our mission.”

3.5 Business Objectives

To increase sales profits of sprouts by 4% in the next 2 years by expanding its current market share

To increase cash flow in the next 2 years by improving cost efficiency and production.

Increase production by 2007 from 100,000 to 150,000 punnets per week in peak seasons.

4 Definitions

(AS/NZS 4360:2004)

6

Consequence: the outcome of an event expressed qualitatively or quantitatively, being a loss, injury, disadvantage or gain. There may be a range of possible outcomes associated with an event. Control: an existing process, policy, device, practise or other action that acts to minimise negative risk or enhance positive opportunities. Control Assessment: systematic review of processes to ensure that controls are still effective and appropriate. Likelihood: used as a qualitative description of probability or frequency. Risk: the chance of something happening that will have an impact on objectives. It is measured in terms of consequence and likelihood. Risk Analysis: a systematic use of available information to determine how often specified events may occur and the magnitude of their likely consequences. Risk Appetite: The amount of capital that can be willingly lost in order to generate a potential profit. Risk Assessment: the overall process of risk analysis and risk evaluation. Risk Management: the culture, processes and structures that are directed towards the effective management of potential opportunities and adverse effects. Risk Tolerance: the ability to withstand losses caused by one or more of the different types of risk. Risk Transfer: the extent to which insurance risk is shifted from the reinsured to the reinsurer Risk Treatment: Process of selection and implementation of measures to notify risk. Strategic Risk: the chance of something happening that will have an impact on the key strategic outcomes of the organisation. Treatment Action Plan: a planned appropriate action to be taken to deal with the risk.

5 Objectives of Risk Management Plan The risk management objectives for Juicy Sprouts include the following;

1. Implement effective risk management as a key element of good governance and performance management.

7

2. Consider risk is an integral part of corporate and business planning and service

delivery.

3. Encourage considered and responsible risk taking as a legitimate response to opportunity and uncertainty.

4. Achieve better outcomes for the Juicy Sprouts through a more realistic

assessment of the challenges faced, through improved decision-making, risk mitigation and control.

5. Engender, reinforce and replicate good practice in risk management.

Meeting the Objectives Effective risk management will require an iterative process of identification, analysis, prioritisation, action, monitoring and reporting of risk materials. The processes required to deliver the objectives will need to ensure:

1. Clear identification of corporate and operational objectives and targets 2. Specification of roles and responsibilities in respect of risk management 3. Consideration of risk as an integral part of corporate and business processes 4. Requirements to analyse, prioritise, respond to, monitor and report on risk

materials and significant risks. 5. Specification on guidance and support arrangements to assist managers in their

consideration of risks. 6. Facilitation of shared organizational intelligence and learning

Risks will be managed through requirements at five levels:

expression of the corporate risk tolerance at corporate level and over the medium term

at operational level through budget allocation and monitoring processes project level, through reporting to and monitoring by corporate level Through annual review of arrangements to assess against good practice through

examination of corporate and insurable risks.

6 Risk Management Policy

6.1 Policy objectives

The Risk Management Policy has been created to:

8

Protect Juicy Sprouts from those risks of significant likelihood and consequence in the pursuit of the organisation‟s strategic goals and objectives

Provide a consistent risk management framework in which the risks concerning business processes and functions of the Juicy Sprouts will be identified, considered and addressed in key approval, review and control processes;

Encourage pro-active rather than re-active management;

Provide assistance to and improve the quality of decision making throughout the Juicy Sprouts;

Meet legal or statutory requirements; and

Assist in safeguarding the Juicy Sprouts assets - people, finance, property and reputation.

6.2 Policy Statement

6.2.1 Recognition of the Need for Risk Management

Juicy Sprouts recognises the need for risk management as a consideration in strategic and operational planning, day to day management and decision making at all levels in the organisation.

6.2.2 A Commitment to Implement Risk Management Effectively

Juicy Sprouts is committed to managing and minimising risk by identifying, analysing, evaluating and treating exposures that may impact on the company achieving its objectives or the continued efficiency and effectiveness of its business operations. Juicy Sprouts will incorporate risk management into its institutional planning and decision making processes. Risk management must also be included as a consideration at operational planning as a delegated line management responsibility. Juicy Sprout staff must implement risk management according to relevant legislative requirements and appropriate risk management standards.

6.2.3 A Commitment to Training and Knowledge Development in the Area of Risk Management

Juicy Sprouts is committed to ensure that all staff, particularly those with management and decision making responsibilities to obtain a sound understanding of the principles of risk management and the skills required to implement risk management effectively. Training will also include Corporate Governance standards, values and Quality Assurance standards.

9

6.2.4 A Commitment to Monitor Performance and Review Progress in Risk Management

Juicy Sprouts will regularly monitor and review the progress being made in developing an appropriate culture of risk management and the effective implementation of risk management strategies throughout the organization as a basis for continuous improvement.

7 Interdependency with Corporate Governance and Strategic Planning

Juicy Sprouts is responsible for ensuring that its business is conducted in accordance with the law and proper standards of HB 407-2006, Corporate Governance for small businesses. Management should also ensure that the following essential corporate governance principals are adhered to and integrate business processes for governance in the organisation business. The manager will be responsible and accountable the following,

Overseeing the implementation and monitoring of the operation of essential corporate governance values from Standards Australia AS 8003-2003. This includes,

o Management and employee accountability in all aspects of the business o Increasing transparency through open communication and participation to

increase fairness, commitment and honesty in its business operations o Compliance with business and environmental legislations and corporate

governance standards o Compliance with code of conduct for an ethical organisation.

7.1 Code of Conduct

A code of conduct is designed to ensure that

High standards of corporate and individual behaviour are observed by management and employees in the context of their employment

Employees are aware of their responsibilities under their contract of employment and always act in an ethical and professional manner.

Requirement that Management and all employees avoid conflict of interests between their personal interests and those of the company and its clients

10

Not take advantage of opportunities arising from their position for personal gain or in competition with the company

Reporting any actual or potential breach of the law, the Code of Conduct or other company policies.

Promotes and encourages ethical behaviour and provides protection for those who report violations

All Managers and employees are required to conduct their duties at the highest level of honesty and integrity and not make improper use of any confidential information

Management to set a high standard of faireness, dilligence and competency in their positions.

7.2 Evaluation and Monitoring

Monthly reports reviewing business operations in accordance to Corporate Governance Standards and Code of Practice

Reporting annually to the Audit and Governance Committee on compliance and any changes that may be necessary to maintain and ensure effective practices

Identification, evaluation and managing key risks and is regularly reviewed on a yearly basis.

Ensuring that internal controls and procedures are in place at operational level for immediate reporting of any major control weaknesses identified.

Continuous development of an organisational culture in acceptance, commitment and compliance to corporate governance

Identify the need for improvements to further enhance corporate governance arrangements. Implementation and operation will be reviewed once every 6 months.

11

8 Organisation and Responsibilities

4.1 The manager will have the authority and the responsibility for :

ensuring the awareness of, and implement, the requirements of risk management policy;

the identification and control of risks within the business;

the initiation of risk management analyses for the business;

the preparation of a Risk Treatment Plan where the adequacy of existing controls is determined to be unacceptable;

reviewing and approving completed risk management documentation;

the implementation of actions detailed in Risk Treatment Plans; and

Ensuring the risk registers are updated annually.

Responsible for promoting and cultivating a culture of risk management initiatives, Corporate Governance values and Quality Assurance Standards throughout Juicy Sprouts by appropriate communication, education and training.

Developing and implementation of a performance management program that recognises and rewards risk management initiatives.

Assume general oversight of Risk Management in the business.

4.2 The supervisor will be responsible for:

coordination of the Juicy Sprouts‟ risk management program;

facilitation of risk management sessions to address the business requirements;

Presenting relevant information and documentation to the Manager and the maintenance of the risk register.

12

9 Risk Management Programme

Risk management will be integrated with all Juicy Sprouts planning and management processes. The following must be considered,

the business activities and its capabilities;

the identified risks;

risk treatment strategies;

mechanisms to review the risks and their treatments;

strategies for communicating requirements, training and acquiring necessary skills and ;

Effectiveness of the risk management process which will be monitored and reviewed annually.

Risk Management Process steps Timeline

1. Establishing the context i.e. the risk environment

1 week

2. Identifying the risks

2 weeks

3. Analysing the risks

3 weeks

4. Evaluating the risks

4 weeks

5. Treating the risks

1 year

6. Monitoring and reviewing the risks

Continuous

7. 7. Communicate and consult

Continuous

13

9.1 Annual Risk Management procedures

PROCESS RESPONSIBILITIES

Facilitate the updating of the Risk Registers Manager

Analyse and evaluate programs to identify new or confirm existing risks on the Risk Register

Manager

Identify new or confirm control processes on the Risk Register

Manager

Assign a rating (High, Medium or Low) against each risk and control identified on the Risk Register

Manager

Sign-off the Risk Register Manager

Review the accuracy of the Risk Registers Manager

Approval of Risk Registers Manager

Rank areas identified in the Risk Registers according to priority for action/Internal Audit coverage

Manager

14

9.2 Risk Management Programme - Risk Treatment Timeline

Risks in accordance to Risk Register

Q1 (Jan-Mar)

Q2 (April-June) Q3 (July-Sept) Q4(Oct-Dec)

Actions to be carried out Risk 1 Poor Cash Flow (Financial)

Implement

Review/Monitor success

Monitor Success

Review and success and improve.

Risk 16 Lack of Retention (Human Resources)

Implement - Get feedback from staff Review success

Risk 12 Increased Competitors (Marketing)

Implement

Review/Monitor success Review/ Monitor success Review/Monitor success

Risk 22 Lack of protective clothing (Occupational Health and Safety)

Implement

Review success Monitor success Monitor success

Risk 23 Lack of emergency procedures (OHS)

Implement


Risk 20 Poor maintenance of equipment (Technology)

Implement

- Review/Monitor success Review/Monitor success

Risk 34 Low security levels (Security)

Implement


Risk 3 Poor records management (Administration)

Implement

Review/Monitor/Train success

Review/Train/Monitor success

Review/Train/Monitor success

Risk 6 Reliance on a single product (Management)

Implement

Review/Monitor success Review/ Monitor success Review/Monitor success

15

10 Risk Management Processes

10.1 Description of Risk Management Processes

All risks at Juicy Sprouts shall be documented and monitored through the use of a controlled risk register (See Appendix A). The management process will involve the following steps: -

i) Establishing the context i.e. the risk environment. This is in consideration

with the business objectives and concerns.

ii) Identifying the risks. This step seeks to identify the risks to be managed. A

comprehensive identification using a well-structured systematic process is

critical. This aims to generate a comprehensive list of risks, which might

affect each risk area.

iii) Analysing the risks. The objective of analysis is to separate the minor

acceptable risks from the major risks and to establish data to assist in the

assessment and treatment of risks. Risk analysis involves consideration of

the sources of risk, their consequences and the likelihood that those

consequences may occur. Risk is analysed by combining estimates of

Likelihood and Consequence in the context of existing control measures.

iv) Evaluating the risks. This involves comparing the level of risk found during

analysis with established risk criteria. The priorities of how the risks will be

treated are identified.

v) Treating the risks. Risks assessed as 10 and above require Treatment Action Plans, as this is the first risk assessment for the business. Risk treatment will involve identifying the range of options for treating risk, assessing those options, preparing risk treatment plans and implementing them. Risk treatment options include the following:

a) Reducing the likelihood

b) Reducing the consequences

vi) Monitoring and reviewing the risks and the risk environment regularly and

continuously communicating and consulting with the stakeholders.

16

10.2 Risk Treatment Processes (AS/NZS 4360:2004)

Risk treatment will involve identifying a range of options for treating the risks, evaluating the options and preparing the treatment plan and implementing them. The implementation will be associated with priorities and also the costs involved and the budget allocated. Residual Risks-

Any implementations that are deemed not cost effective by management will be retained by the business.

Risk treatment objectives

To minimise the consequences/likelihood of the risk

To take advantage of emerging opportunities.

No

Analyse risk

Evaluate risks

Risks to be treated +risk treatment objectives

Identify Options Develop/design treatment options

Evaluate Options Do they satisfy treatment objectives? Are they cost beneficial?

Risk Treatment Plan

Residual Risks

17

11 Performance Management Plan

Risk No. Risk Risk Score

Performance Management Indicators

Compensable Factors Methods to assist in P.M evaluation

1 Poor cash flow 25 Effectiveness of costing systems and forecasts to assist in financial management and decision making Increase cost efficiency Increasing cash flow by 2% within the next year.

Continuous improvement Leadership, Judgement and Decision Making, Job Knowledge, Communication/Interpersonal Skills

Performance Appraisals, Employee Feedback Financial Reports

16 Lack of retention strategies (Human Resources)

25 Monitor employee absenteeism rates Monitor employee turnover at the end or end of employment contract

Continuous improvement, Leadership, Judgement and Decision Making, Job Knowledge, Communication/Interpersonal Skills

Performance Appraisals, Employee Feedback

12 Increasing competitors (Marketing) 20 Number of Customers Acquired, Status of Existing Customer relationships, Profitability, Achievement of Sales Targets


Customer, Supplier, Distributor Feedbacks, Monthly Sales Reports, Competitor Analysis, Performance Appraisals

22 Absence of protective clothing (OHS) 20 Monitor employee absenteeism rates, employees‟ compliance with health and safety standards, Number of accidents, injuries or medical leaves

Continuous improvement, Judgement and Decision Making, Job Knowledge, Communication/Interpersonal Skills

Monthly meetings, End year accident report, performance appraisals, Employee Feedback

23 Absence of emergency procedures (OHS) 20 Monitor employee absenteeism rates, employees‟ compliance with health and safety standards, Number of accidents, injuries or medical leaves


Monthly meetings, emergency drills, end year accident reports, performance appraisals and employee feedback

20 Poor maintenance of equipment (Technology)

20 Number of incidents where machines break down, Production levels, Lost of Sales and production delays. Use of scenario planning

Continuous improvement, Leadership, Judgement and Decision Making, Job Knowledge,

Quarterly record of equipment break down, performance appraisals,

18

and contingency planning to mitigate risks

Communication/Interpersonal Skills

employee feedback, production and sales reports

34 Low security levels (Security) 20 Monitor number of break-ins, lost of internal resources due to theft


Quarterly record of break ins and theft rates. Performance appraisals, employee feedback, store checklist

3 Poor records management (Administration) 15 Accuracy of data entry and ability of information system to assist in decision making effectively. How timely data entry is keyed into systems. Availability of information and data for all stakeholders.


Employee, supplier, distributor and customer feedback, Performance appraisals.

6 Reliance on a single product (Management) 20 Sales profits, Number of new customers acquired, Improvement in existing customer, supplier distribution relationships. Achievement of sales targets.


Monthly sales reports, End year sales reports, Employee, Supply Chain and customer feedbacks. Performance appraisals.

11.1 Payment Packages

Juicy Sprouts remuneration packages aims to match with industry rates and levels.

Cash Compensation Benefits Relational Returns

Individual Base pay Work life Balance Recognition and Status

Short-term incentives Allowances (transport) Training and Development

Long-term incentives Other benefits Employment security

Challenging Work

19

The compensable factors are used to enable managers and supervisors to evaluate employees‟ performance within a proper framework that is strategically aligned with Juicy Sprouts business objectives and the external regulatory environment. This aims to ensure that all levels of employees are striving towards similar organisational goals and behaviours. Simultaneously, the compensable factors and evaluation criteria will have to be transparent, fair and properly communicated to all employees. Compensable factors are also directed to signal desired behaviours particularly to increase involvement and participation in risk management, corporate governance and quality initiatives. These behaviours should be noted and initiatives that are actually implemented. It should also be noted that training and development should be provided to assist employees towards desired performances.

20

12 Risk Management Implementation Plan

i) Analysing the risks. The objective of analysis is to separate the minor

acceptable risks from the major risks and to establish data to assist in the

assessment and treatment of risks. Risk analysis involves consideration of the

sources of risk, their consequences and the likelihood that those consequences

may occur. Risk is analysed by combining estimates of Likelihood and

Consequence in the context of existing control measures.

ii) Evaluating the risks. This involves comparing the level of risk found during

analysis with established risk criteria. The priorities of how the risks will be treated

are identified.

iii) Treating the risks. Risks assessed as 10 and above require Treatment Action Plans, as this is the first risk assessment for the business. Risk treatment will involve identifying the range of options for treating risk, assessing those options, preparing risk treatment plans and implementing them. Risk treatment options include the following:

a) Reducing the likelihood

b) Reducing the consequences

iv) Monitoring and reviewing the risks and the risk environment regularly and

continuously communicating and consulting with all stakeholders.

Treatment Action Plans. Risks assessed as 10 and above or with a Catastrophic Consequence require Treatment Action Plans. Risk treatment involves identifying the range of options for treating risk, assessing those options, preparing risk treatment plans and implementing them. Risk treatment options include the following:

Avoid the risk by not proceeding with the activity/project.

Reduce the likelihood of the occurrence.

Reduce the consequences.

Transfer the risk (eg insurance).

Retain the risk in an acceptable reduced format by the application of controls such as effective policies, procedures or physical changes.

21

a. Re-assess the Risk. Following re-assessment of treated risks, a decision must be made on acceptance of the re-assessed risk.

Please see appendix A for a detailed the Risk Management Process

22

13 Risk Management Framework Juicy Sprouts has never had a risk assessment conducted before and is unaware of various risks and their severity that may pose a threat to achieving the organisation‟s objectives. Problem solving and decision making is often made as and when problems arise. A SWOT analysis structure has been used to identify risks in the internal and external environment. This assessment will therefore focus on the potential risks that may face the business operations and management, prioritise them and treat them. The key concerns of Juicy Sprouts have been to achieve a higher profit than the previous year and additionally stay afloat for the next five years. Due to the growing health conscious market, the health benefits of sprouts has increased consumer demand and competitors entering the market. This has necessitated the business to review its operations so as to continue achieving its business objectives and to ensure operational efficiency. As this will be Juicy Sprout‟s first assessment, any risks above the risk score of fifteen will be treated and priority will be given to risks that have a financial impact on the business. This has been necessitated due to the absence or lack of effective controls for most of the risks being assessed. The assessment will also focus on introducing a risk procedure into the business so that risk assessment will be an ongoing process to ensure continuous improvements at Juicy Sprouts. The outcome of the assessment will be treated under a limited budget using a treatment plan. The treatment plan will give priority to the risks that will negatively affect the business objectives and concerns, particularly the financial aspects. The responsibilities of the outcome should be a consistent process driven by the manager and involving all employees at Juicy Sprouts. This aims to cultivate a culture that integrates Risk Management into its strategic direction and business operations. Please see appendix A for a detailed the Risk Management Process

23

14 Risk Identification Process

14.1 Sources of Information for Risk Identification

Information was collected from the following sources for risk identification. They include,

Historical Information

Focus Group Discussions

Structured Interviews

Strategic and Business Plans including SWOT analysis and environmental scanning

Results from Reports, Audits and Inspections and Site Visits

14.2 Scope Covered by Identification

The key questions adapted from (AS/NZS 4360:2004) were asked in relation to risk areas of the business, a) What is the source of the risk? b) What might happen that could lead to the following-: i) Increase or decrease the effective achievement of objectives? ii) Make the achievement of the objectives less efficient?

iii) Cause stakeholders to take action that may influence the achievement of objectives?

c) The effect on objectives? d) When and where these risks might likely occur? e) Who might be involved or impacted? f) What controls presently exist to treat these risks? g) What would cause the control not to have the desired effect on the risk?

24

14.3 Approaches to Identification of Risks

Team-based brainstorming was used in facilitated workshops to consider different perspectives. During these workshops, scenario analysis was used to encourage participation

Structured techniques including flow charting and systems analysis were used in potential catastrophic consequences.

These methodologies were used so as to increase the accuracy and reliability of information and additionally to source additional information for specific risk areas. Participants were contacted again where information were insufficient or ambiguous.

14.4 Participants Involved in the Risk Identification Process

Participants involved in the process included internal and external stakeholders. They include,

Internal

John Smith, Owner and Manager

Mandy Smith, Owner and Assistant Manager

Chris Johnson, Supervisor

5 operational workers

External

Buyers and Sellers (e.g. Woolworths, Action and Coles)

End Users

Suppliers

Community

Government bodies (e.g.: health board, consumer commission)

25

15 Risk Register with Assessed Risks The following is a simple risk register in which the risk score is rated based on a Risk Assessment Matrix and Risk Acceptance/ Tolerance Scale. (See appendix B for complete risk register represented across risk area framework) No. as in

Risk Register

Risk Risk Area Consequence Likelihood Risk Level

Risk Score Risk Priority Acceptability

2 Inability to service future loans

Financial Catastrophic Almost Certain Very High

25 High No

16 Lack of retention strategies

Human Resources

Catastrophic Almost Certain Very High

25 High No

19 Lack of succession planning

Human Resources

Catastrophic Almost Certain Very High

25 High No

20 Poor Ventilation OHS Catastrophic Almost Certain Very High

25 High No

1 Poor Cash Flow Financial Catastrophic Likely Very High

20 High No

5 Lack of adequate planning

Management Major Almost Certain Very High

20 High No

11 Poor customer relationship

Marketing Major Almost Certain Very High

20 High No

12 Increasing competitors Marketing Major Almost Certain Very High

20 High No

14 Poor Supplier Relationships

Supply Chain Management

Major Almost Certain Very High

20 High No

22 Absence of protective clothing

OHS Major Almost Certain Very High

20 High No

23 Absence of emergency procedures

OHS Major Almost Certain Very High

20 High No

26 Poor Cleanliness OHS Major Almost Certain Very High

20 High No

20 Poor Maintenance of equipment

Technology Major Almost Certain Very High

20 High No

26

28 Lack of Costing Software

Administration Major Almost Certain Very High

20 High No

29 Disposal of Materials Environmental Major Almost Certain Very High

20 High No

32 Climate change on crop growth

Natural Events Major Rare Very High

20 High No

33 Pests attack on crops Natural Events Major Rare Very High

20 High No

34 Low security levels Security Major Almost Certain Very High

20 High No

3 Poor Records Management

Administration Moderate Almost Certain High 15 High No

4 Poor Accounting Management

Administration Moderate Almost Certain High 15 High No

6 Reliance on a single product

Management Moderate Almost Certain High 15 High No

15 Inadequate recruitment Human Resources

Moderate Almost Certain High 15 High No

17 Absence of orientation program

Human Resources


18 Absence of training and development programs

Human Resources


21 High Noise Levels OHS Moderate Almost Certain High 15 High No

24 Lack of good lighting OHS Moderate Almost Certain High 15 High No

25 Lack of floor space OHS Moderate Almost Certain High 15 High No

30 Pollution of soil Environmental Moderate Almost Certain High 15 High No

31 Floods Natural Events Catastrophic Unlikely High 10 Low Yes

10 Recession Economic Major Unlikely Low 10 Low Yes

7 Inconsistency of quality assurance checks

Management Minor Rare Low 6 Low Yes

8 Change in government regulations

Political Catastrophic Rare Medium 5 Low Yes

9 Lack of policy review Political Moderate Rare High 5 Low Yes

27

16 Risk Assessment and Risk Matrix Profile Risk tolerance level is 15 and preference will be given to risks that have a financial impact on Juicy Sprout‟s business and strategic objectives. Risk appetite is medium as all risks that are higher than 10 will be treated if adequate funds are sufficient.

16.1 Risk Assessment Matrix

CONSEQUENCE

LIKELIHOOD Insignificant Minor Moderate Major Catastrophic

Almost Certain 5 10 15 20 25

Likely 4 8 12 16 20

Moderate 3 6 9 12 15

Unlikely 2 4 6 8 10

Rare 1 2 3 4 5

16.2 Risk Acceptance/ Risk Tolerance

Level of Risk LOR Category Initial Risk Evaluation Re-assessed Risk Evaluation

15 - 25 Very High Treatment Action Plan Required Risk is unacceptable – refer to Manager

10 - 14 High Treatment Action Plan Required Risk is undesirable. Decision on acceptance of risk should be made by the Manager

6 - 9 Moderate Risk may be accepted by the Manager but when Catastrophic a treatment plan will be required

Decision on acceptance of risk should be referred to the Manager.

28

1 - 5 Low Risk is acceptable – manage by routine procedures but when Catastrophic a treatment plan will be required.

Risk is acceptable – The manager should be informed about it.

29

16.3 Qualitative Measures of Consequences

Risk Level Rank Financial Administration Political Management

5 Catastrophic > AU $10,000 No records kept All staff are affected All staff are affected 4 Major AU $5000-10,000 >20% of data incorrectly recorded More 20% of staff affected More 20% of staff affected 3 Medium AU$1000-4000 20% of data missing or incorrect More 20% of staff affected More 20% of staff affected 2 Minor AU$5000-1000 10% of data missing or incorrect 10% of staff is affected Only 10% of staff is affected 1 Insignificant <AU$500 5% error in record entries 10% of staff is affected Only 10% of staff is affected

Risk Level Rank Economic Marketing Human Resources Technological

5 Catastrophic 0% sales made 0% sales All staff are affected No maintenance done 4 Major 1% - 5% sales

made 1% - 5% sales made

More 20% of staff affected ½ yr service maintenance done 3 Medium 6% - 10% sales


More 20% of staff affected ½ yr service maintenance done 2 Minor 10% - 15% sales


10% of staff is affected ¼ yr service maintenance done 1 Insignificant > 15% sales made > 15% sales made < 10% of staff is affected ¼ service maintenance done

Risk Level Rank OHS Environmental Natural Events Security

5 Catastrophic Severe disability affecting 2 staff

Serious long term environmental effects

Closure of business All goods and equipment stolen

4 Major Severe disability affecting 1 staff

Serious long term environmental effects

Damages causes > 50% losses > 50% goods/equipment

stolen 3 Medium Hospitalisation

required for staff On going permanent damage

Damages causes > 30% losses

> 30% goods/equipment stolen

2 Minor Medical treatment required for staff

Minor repairable damages

Damages not severe < 30% goods/equipment stolen

30

1 Insignificant No medical treatment required

Minor repairable damages

Damages not severe < 10% goods/equipment stolen

17 Control Evaluation The following are 9 risks from various risk areas in the business with a score above 15 to be treated immediately. This section consists of the control evaluation of these 9 risks.

Risk No. Risk Risk Score

Description of Controls in place Control Effectiveness

Staff in Charge

1 Poor cash flow 25 No financial controls in place Unsatisfactory Mandy


25 No controls in place Unsatisfactory None

12 Increasing competitors (Marketing) 20 No marketing plan/strategy in place

Unsatisfactory Mandy

22 Absence of protective clothing (OHS) 20 No protective clothing provided Unsatisfactory John

23 Absence of emergency procedures (OHS) 20 No emergency procedures in Unsatisfactory John

31

place

20 Poor maintenance of equipment (Technology) 20 ½ year service maintenance is done

Unsatisfactory John

34 Low security levels (Security) 20 An alarm system is installed only in office area. Warehouse and stores are secured by padlocks.

Unsatisfactory Chris

3 Poor records management (Administration) 15 Information is inputted by one staff into a computer. No backup in place or checks for accuracy of information.

Unsatisfactory Mandy

6 Reliance on a single product (Management) 20 No contingency planning or marketing strategies in place.

Unsatisfactory John

32

18 Risk Ownership and Accountability The Manager is responsible for all risks at Juicy Sprouts as he has the authority and ability to implement the risk management plan. The manager may delegate supervision responsibilities to operational staff, but he will ultimately be responsible and accountable for overseeing the effective implementation of the risk management plan. However, in order to create an organisational culture that integrates risk management initiatives and corporate responsibility, all employees have to be involved in the continuous improvement process.

33

19 Risk Impact to Business Objectives

Risk No.

Risk Risk Score Control Effectiveness

Impact on Business objectives

1 Poor cash flow 25 Unsatisfactory Poor cash flow will affect the business‟s ability to stay afloat and repay its bank loans for investment. The lack of cash flow forecasting will lead to liability exceeding income received, leading to poor return on investment.


25 Unsatisfactory Unplanned absence of staff required for labour leading to financial loss and loss of profit. Additionally, this would affect objectives to increase production of punnets by 2007.

12 Increasing competitors (Marketing) 20 Unsatisfactory Reduction of profit margin of business, affecting objectives to increase sales profits and expanding market share.

22 Absence of protective clothing (OHS) 20 Unsatisfactory Staff injury, increased absenteeism and reduced motivation may lead to poor performance and financial losses. Additionally this will affect business reputation and corporate responsibility issues.

23 Absence of emergency procedures (OHS) 20 Unsatisfactory Loss of lives, injuries leading to litigation, bad reputation thus affecting sales and profits.

20 Poor maintenance of equipment (Technology) 20 Unsatisfactory Frequent machine break downs affecting quality, production hiccups delaying product availability to end users leading to increasing supplier dissatisfaction and poor return on investment.

34 Low security levels (Security) 20 Unsatisfactory Financial loss, loss of important documentation and material leading to production hiccups, delays and profit losses.

3 Poor records management (Administration) 15 Unsatisfactory Loss of important data from various areas including marketing, accounting, supplier and production information. Barrier in assisting with tracking process, competitor disadvantage leading to bad reputation among suppliers and financial losses

6 Reliance on a single product (Management) 20 Unsatisfactory Competitive disadvantage, inability to retain customer loyalty preventing increasing market share, product obsolete and reduce profit margins.

20 Risk Appetite and Tolerance Positioning The risk tolerance level is 15 and preference will be given to risks that have a financial impact on the business and its strategic objectives. When risk is close to the intolerable level as viewed in the ALARP principle, it is expected that the risk will be reduced unless management deems that the cost of reducing the risk is grossly disproportionate to the benefits gain. When risks are close to the negligible level, then action may be taken to reduce risk where benefits exceed the costs of reduction.

34

To ensure that the strategic objectives of Juicy Sprouts are met, the risk appetite of the business is medium. Depending on the availability of funds, all risks that have a score of 10 and above will be treated. High score risks that have financial implications on the business will be treated as priority.

35

20.1 Risk Appetite/Tolerance

General Level of acceptable risk

34,5,11,12,14,22,23, 26,20,28,29

2, 6, 16, 19, 20

3,4,6,15, 17,18,21,24,25,30

1

10

31

32, 33

8

9

7

Almost Certain

Likely

Possible

Unlikely

Rare

L I KEL I HOOD

CONSEQUENCE

Insignificant Minor Moderate Major Catastrophic

General Level Of Unacceptable

Risk

36

21 Risk Treatment Plans The following is a risk treatment schedule plan adopted from AS/NZS 4360:2004 to record the actions from strategic decision making.

Risk no. from Risk Register and Risk

Possible Treatment Options

Preferred Options Result of Cost

Benefit Analysis A) Accept B) Reject

Person responsible for implementation

of options

Timetable for implementation

Risk and Monitoring Methods

1: Poor cash flow Hiring a financial or accounting executive. Attend training programs on financial forecasting and management planning. Purchase of professional financial software to assist in bookkeeping and costing activities. Formulate excel sheets to assist in financial data entry rather than manual bookkeeping.

Attending training programs to increase financial management knowledge. After training, train administration staff of basic financial knowledge. Increase supervision of accounting entries. Using Excel software for data entry and backup of all data.

A

Mandy Smith 6 months Monitoring the updating of accounting data on a weekly basis. Monitoring cash inflows and outflows bi weekly to deem effectiveness of financial forecasting plans. Improve; update to ensure continuous improvement in financial planning and system process.






of options



37

16: Lack of retention strategies (Human Resources)

Provide better benefits and remuneration for employees in accordance to strategic direction Outsourcing retention HR activities to agency Attending training workshops on HR Implement employee working contracts

Use focus groups and interviews to identify motivation incentives effective for employees. Alter remuneration package to motivate employees according to strategic objectives. Provide incentives for risk mgmt incentives, corporate responsibility initiatives. Provide training for continuous improvement. Implement employee working contracts.

A Mandy Smith 1 year Use employee surveys to gain feedback on implementation. Make changes for improvement. Monitor employee staff turnover for the year. Conduct exit interviews to identify reasons for leaving and make possible improvements.

12: Increasing competitors (Marketing)

Strengthen supplier chain relationships Strengthen customer brand loyalty with customer management programs and marketing Extend product line Increase quality assurance

Strengthen supplier chain management relationships to increase barrier of entry. Increase marketing and reinforce end users perceptions of brand through a customer management program and quality assurance.

A John Smith 6 months Monitor marketing programs or events quarterly and customer management databases and follow ups. Ensure that sales targets are met semi annually. Depending on marketing budget, ensure marketing activities are continuous to increase market share. Seek suppliers‟ feedback to ensure positive relationship management. Ensure

38

continuous improvement.

22: Absence of protective clothing (OHS)

Purchase of relevant protective clothing to prevent hazards.

Purchase gloves, protective boots, ear plugs and uniforms necessary.

A Chris Johnson Immediate Seek feedback from employees on the job. Conduct inspections to ensure protective clothing are used by staff. Monitor accident rates continuously through the year.

23: Absence of emergency procedures (OHS)

Hiring of a part time fire and safety manager to implement safety plans and training for staff Preparing emergency procedure documentation and inform all staff

Hiring of a part time licensed fire and safety manager and conduct training for all staff.

A John Smith Immediate Conduct fire and emergency drills annually to ensure all staff are clear on procedures. Set OHS as a topic in the agenda for monthly meetings to seek areas for continuous improvements.






of options



20: Poor maintenance of equipment (Technology)

Avoid Risk Conduct ¼ maintenance schedule of equipment Conduct ½ year maintenance schedule of equipment Conduct yearly maintenance of equipment.

Conduct yearly maintenance of equipment

A Chris Johnson 1 year Monitor frequency of machine breakdown throughout the year. Consider options of purchasing new machines with at the end of the year.

34: Low security levels (Security)

Avoid Risk Set up alarm systems to all areas including warehouse and stores.

Setting up alarm systems for warehouse and store areas.

A John Smith 1 year Quarterly update and report on theft or break ins. Use store checklist to check for lost items and use

39

preventive measures accordingly.

3: Poor records management (Administration)

Use computer software to update accounting information. E.g. Excel Increase supervision on administration staff to check for errors. Hire additional staff to maintain records keeping. Send admin staff record management or software training.

Use software for efficient record management. Increase supervision for record management and checks.

A Mandy Smith 1 year Monitor to see if all records and transactions are properly recorded. Improve software system management for better assistance in decision making if necessary.

6: Reliance on a single product (Management)

Avoid Risk Consider expanding sprouts product line and including e.g. Sango Sprouts, Broccoli Sprouts Focus on quality assurance as a competitive strength on current product line Increase marketing activities for brand reinforcement and expand market share on current product line.

Increase marketing activities for brand reinforcement and expand market share on current product line. Focus on quality assurance as a competitive strength on current product line.

A John Smith 1 year Quarterly feedback on sales targets to measure effectiveness of marketing activities.

40

Risk Treatment Plan (AS/NZS 4360:2004)

Risk 16 Lack of Retention Strategies (Human Resources)

Summary Recommended response: Improve employee remuneration package and provide training. Set employee contracts in place to reduce risks.

Action plan: Implement bonuses for employees to reward performance and initiatives directed at continuous improvement. Provide training needs for employees. Setting up employee contracts e.g. 6 months to 1 year with renewal after. Refer to performance management plan in section 13.

Resource requirement : Budget Allocation

Responsibility : Mandy Smith, Co-owner and Assistant Manager

Timing: 1 year

Reporting and monitoring required: Industry survey on compensation packages, increase employee feedback and post training review including monitoring on the job performance. Conduct exit interviews to understand reasons for leaving.

Compiled by

29/10/2006

Risk 12 Increasing Competitors (Marketing)

Summary Recommended response: Increase supply chain relationship management and marketing activities.

Action plan: Increase supplier and distributor visits to gain feedback for continuous improvement and relationship building. Implement a customer management plan to reinforce brand and to increase customer loyalty. Seek potential customers to expand market share. Eg, supplying sprouts to hospitals and hotels.

Resource requirement : Budget for transport, entertainment and sales and marketing activities

41

Responsibility : John Smith, Owner and Manager

Timing: Risk should be monitored for 6 months

Reporting and monitoring required: Fortnightly review of the sales in distribution outlets and figures of new customers attained.

Compiled by

29/10/2006

Risk 22 Absence of Protective Clothing (OHS)

Summary Recommended response: Purchase of protective wear such as gloves, and boots

Action plan: Purchase of safety clothing for employees. Ensure employees comply with safety code by putting on safety wear when on the job.

Resource requirement : Budget Allocation of AUS $500 for purchase of protective clothing for staff.


Timing: Monitor staff weekly to ensure protective clothing are used when on the job.

Reporting and monitoring required: Quarterly review of the absenteeism levels, injury and accident rates.

Compiled by

29/10/2006

Risk 23 Absence of Emergency Procedures

Summary Recommended response: Hiring of a part time licensed fire and safety manager and conduct training for

42

all staff.

Action plan: Ensure that there are adequate fire extinguishers, fire blankets and smoke detectors. All employees should be trained according to health and safety code and conduct drills to ensure knowledge in times of emergencies. Ensure first aid kits are available at various areas and Managers and Supervisors are trained in first aid.

Resource requirement : Budget of AUS$800 for part time fire and safety manager to draw up procedures and conduct training. Allow AUS$300 for additional safety items that are currently absent on premises.


Timing: Risk should be monitored throughout the year.

Reporting and monitoring required: Conduct drills to ensure all employees know the procedures in times of emergencies. Ensure all health and safety items are serviced and first aid kit is replenished. Monitor incident rate reports semi-annually and seek continuous improvement during monthly meetings.

Compiled by

29/10/2006

Risk 20 Poor Maintenance of Equipment (Technology)

Summary Recommended response: Conduct yearly maintenance of equipment

Action plan: Source for good reliable technicians to service equipment.

Resource requirement : Allocate budget of AUS$500 for yearly servicing.

Responsibility : Chris Johnson, Supervisor

Timing: 1 year

43

Reporting and monitoring required: Record the number of breakdown of equipments throughout the year. If breakdown occurs more than four times a year, consider purchase of new machine/s.

Compiled by

29/10/2006

Risk 34 Low Security Levels (Security)

Summary Recommended response:

Setting up alarm systems for warehouse and store areas.

Action plan: Source alarm and security companies for quotes on alarm systems to be set up at store and warehouse location.

Resource requirement : Allocate budget of AUS$1000 for security alarm systems.


Timing: 1 year

Reporting and monitoring required: Quarterly update and report on theft or break ins. Use store checklist to check for lost items and use preventive measures accordingly.

Compiled by

29/10/2006

Risk 3 Poor Records Management (Administration)

44

Summary Recommended response: Use software for efficient record management. Increase supervision for record management and checks.

Action plan: Set up Excel or Microsoft Access to assist in costing, data records and customer management programs. Identify if training is required for staff. Key in data entry information for all records. Enable information sharing for Managers and Supervisors through the computer network.

Resource requirement : Allocate budget of $300 for administrative staff who may require knowledge of setting up software programs.


Timing: Ongoing, identify training needs or software upgrades when necessary.

Reporting and monitoring required: Monitor efficiency of the software programs and how to enable better assistance in decision making or filtering of relevant information. Increase supervision to ensure all data entry is entered on a daily basis if possible. Ensure backup of all information in network systems.

Compiled by

29/10/2006

Risk 6 Reliance on a Single Product (Management)

Summary Recommended response: Increase marketing activities for brand reinforcement and expand market share on current product line. Focus on quality assurance as a competitive strength on current product line.

Action plan: Use advertising methods such as in store marketing to increase awareness on the health benefits of sprouts. This aims to reinforce the product brand and to create a unique selling position among other vegetables. Comply to a strict quality assurance program from seed retrieval to delivery of sprouts to store adheres and market on stringent procedures covering hygiene, temperature control, product handling testing and storage.

Resource requirement : Allocate budget of $10,000 for marketing activities.

45

Responsibility : John and Mandy Smith

Timing: Ongoing marketing and quality assurance activities should be monitored weekly throughout the year.

Reporting and monitoring required: Monitor progress through monthly sales reports, feedback from supplier and distributors and feedback from end users.

Compiled by

29/10/2006

Risk 1 Poor Cash Flow (Financial)

Summary Recommended response: Attending training programs to increase financial management knowledge especially cash flow forecasting. This is particularly important for financial management and for approval of ongoing bank loans for investment. Upon training, train administration and supervisors on basic costing functions and goals to enable better tracking and financial management. Use Excel software to assist in monitoring of cash inflows and outflows.

Action plan: Source for training workshops to increase financial management knowledge. This should direct ideas in creating software programs to assist in record management. Identify ways to encourage early payments by debtors to maintain cash flow.

Resource requirement : Allocate budget of AUS$500 for training needs.


Timing: Ongoing and monitoring should be daily when first implemented and weekly after 2 months after implementation.

Reporting and monitoring required: Monitor monthly cash flows to see improvements in decision making with financial forecasts. Investment budgets and bank loans for investment should be considered due to other risk budget allocation.

Compiled by

29/10/2006

46

22 Communications Plan

22.1 Objectives of the communication

Building awareness and understanding about particular issues including risk areas,

Implementation process, updates, feedback, identifying bottlenecks and problems that may affect operational issues.

Identify training needs

Assistance in performance management, rewarding risk management initiatives

Checks and improvements in compliance to corporate governance issues

Emphasis on the importance and compliance to Quality Assurance programs

Learning from stakeholders, supplier chain management, distributors, government bodies, end users, potential customers, target audience

Obtaining a better understanding of the context, the risk criteria, the risk or the effect of risk treatments

Supporting a culture of continuous improvement and adaptation of risk management initiatives at Juicy Sprouts.

Demonstrate accountability and responsibility and commitment to continuous improvement.

22.2 Participants to be included,

Internal: All Juicy Sprouts Employees External: Suppliers, Distributors, Government Bodies, End Users, Potential Customers

22.3 Perspectives under Consideration

Problems and improvement areas of risk treatment implementation

Ensuring that all projects adhere to time schedules

Improving better integration of risk management initiatives, corporate governance and quality assurance programs into strategic and operational level

Continuous monitoring of risks that may prevent achievement of objectives at all risk areas

47

22.4 Communication Methods

A monthly meeting will be held with all staff

Previous minutes of meeting will be reviewed at the beginning of each meeting.

Ensure that risks are continuously identified and all employees‟ views are appropriately considered, both positive and negative suggestions.

Encourage participation and involvement to allow ownership of risks

A quarterly meeting will be held with the stakeholders to update them on treatment progress in line with the changing macro environment.

Management should play an active role rather than simply mandating production of reports.

Empower employees to manage risk effectively

Acknowledge, reward and publicise good risk management initiatives

22.5 Evaluation

Ensure that at least one employee is responsible for recording of all minutes of meeting (MOM) and preparation of the agenda before each meeting.

Ensure that MOM are typed and made available for staff within 2 days e.g. email or hard copy made available

Monitor and ensure that all tasks are followed up within timeframe allocated in MOM

Ensure all employees are aware of expectations before each meeting.

Ensure follow up after quarterly meeting with all stakeholders

Ensure all agendas and MOM are properly filed and made available for all employees through a central filing system.

23 Monitor and Review Processes

48

Management should ensure that the risk management implementation plan aligns well with Juicy Sprouts‟ critical performance measures and organisational objectives. This should be closely linked with the performance management plan to ensure employees are directed towards desired performance behaviours. The following questions should be consistently observed,

Are the organisational objectives valid and measurable?

Are performance indicators measurable in line with the organisation‟s objectives?

Is the risk management approach consistent with the organisation‟s objectives and context?

Are risk management reports assisting in management‟s decision making process?

Management should also ensure that processes support risk management implementation by and staff at all levels seek continuous improve performance. Processes should support by,

Providing a structured approach for reporting of risk management initiatives

Providing a structured approach to decision making

Encourage thinking „out of the box‟ approach for all employees

Having processes that promote learning from error rather than punishing

Identify ways to simplify processes and support more effective, efficient and appropriate use of resources

Avoid responding to problems by introducing restrictive, rigid controls.

Ensure all improvements are measurable and can be communicated to employees involve

Provide education and training for continuous improvement

23.1 Annual Review and Assurance Statement

An annual review of the effectiveness of Juicy Sprouts‟ corporate governance arrangements, including its risk management and internal control processes should be reported to the Audit and Governance Committee. This will form the basis of an assurance statement in accordance with best practices.

24 References Australian /New Zealand Standard HB 436:2004, Risk Management Guidelines. Companion to AS/NZS 4360:2004

25 Appendixes

Documents

JS Risk Management Plan, 2