Risk Management

Preamble

Risk management is the identification, assessment, and treatment of "risks" that may affect an organization, negatively, including those which can occur through accidents, disasters, legal or financial liabilities or legislative change. A risk management policy and plan will help manage such risks though careful consideration and awareness of vulnerabilities arising from potential and existing risk sources.

AMAPCEO’s Risk Management policy forms part of the union’s good business practices and strategic planning. An organized approach to risk management is not only good practice, but it helps to ensure that the health of the organization’s governance and management systems are monitored, reported to the Board of Directors and continuously improved.

Purpose

AMAPCEO recognises that the organisation is exposed to certain risks due to the nature of its activities and the environment in which it operates.

Risks arise due to the organisation’s operational undertakings and from external sources. They can occur in numerous ways and have the potential to impact financial performance, reputation, health and safety, and the overall health of the organisation.

The purpose of this policy is to outline AMAPCEO’s underlying framework approach to risk management.

Accordingly, this policy strives to:

• Ensure a consistent and effective approach to risk management
• Incorporate risk management into the culture and strategic planning processes of the AMAPCEO by supporting and facilitating decision making and resource allocation at both the operational and strategic levels.
• Foster and encourage an organizational risk-aware culture where risk management is seen as a positive attribute of decision-making rather than a corrective measure.

Policy

To fully understand organizational risks, AMAPCEO has established this policy to provide a framework for how risk will be managed. The Policy is based on the CAN/CSA ISO 31000 Risk Management – Principles and Guidelines Standard, and forms part of the governance framework of the organisation. AMAPCEO aims to achieve better practice in the management of risks that threaten to adversely impact its objectives, operations, assets, staff, members, or the public.

The policy addresses strategic and operational risks and the requirement of the organisation to operate within its regulatory environment. It applies to all plans, activities, business processes, policies, procedures, individuals, and property.

It is the policy of AMAPCEO to:

• Manage risks across financial, strategic, and operational areas.
• Manage risk and leverage opportunities in accordance with best practices.
• Determine an appropriate method for addressing identified risks.
• Repeat the process of risk identification on an appropriate periodic basis.
• Regularly re-assess AMAPCEO’S risk profile and the effectiveness of risk treatments on an appropriate periodic-basis.
• Anticipate and respond to changing social, environmental, and legislative requirements.

Risk Tolerance

AMAPCEO’s risk tolerance will be determined by the Board of Directors following advice provided by the Chief Operating Officer. Organizational tolerance to adverse risk will be used to determine which risks are managed to an acceptable level.

Roles and Responsibilities

The Board of Directors is responsible for establishing the Risk Management Policy and oversee its implementation.

The Chief Operating Officer and management establish and implement the Risk Management Policy, integrate Risk Management into the development of strategic plans and operational decisions, report on the risk profile to the Board of Directors semi-annually, including keeping the Board apprised of emerging threats and opportunities facing the organization.

AMAPCEO staff are responsible for effectively managing risks in their area of responsibility and identifying and advising their supervisors of identified potential risks.