Risk Management

Sydney Energy Cooperative is committed to reducing risks faced by members, employees, users and clients that may result from its activities. We want people to have fun, but in a sustainable way.

Our approach to managing risk comprises four parts:

- A Risk Management Policy;

- Risk Assessment Forms;

- A Risk Management Plan; and

- Appropriate Insurance Cover

Risk Management Policy

The cooperative requires a risk management policy to codify and communicate its stance on risk management.

Objective

Managing risk and compliance are critical matters to achieving the goals and objectives of the coop. Risks are defined as the chance of anything happening that would impact on the coop’s ability to achieve its goals.

Policy Statement

1. The coop faces a variety of risks from external and internal sources that must be identified and managed. Risk management derives directly from the objectives of the organisation, and an assessment of the financial, operational, systems and compliance risks that are involved in pursuit of the objectives. Some need to be eliminated, others insured and others managed internally.

2. Sydney Energy Cooperative is committed to building an organisational culture where active and effective risk management is an integral part of all university activities, and a core management capability and responsibility.

3. Effective risk management requires:

• a strategic focus;

• forward thinking and proactive approaches to management;

• an astute balancing of the cost of managing risks with the anticipated benefits; and

• contingency planning in the event that mission critical threats are realised.

Scope

This policy applies to all stakeholders of the coop – staff, members, users and clients. It covers all aspects of the coop’s operations, including day-to-day activities conducted in an office setting, and project activities conducted off site (including outside and within hostile environments such as roof cavities).

Approach

Model
The model of risk management adopted by Sydney Energy Cooperative is similar to that in AS/NZS4360

This model requires that coop leadership:

• establish the context of risk analysis;

• provide a policy on the priority of risk management; and

• approve proposals for the treatment of risk.

This process takes into account the cost of mitigation of risks in relation to the consequences of loss.

Five major risk areas have been identified:

• Duty of care (for example, duty of care to clients and employees, safe work practices, etc);

• Service delivery (quality of service, timeliness of service delivery);

• Managing resources (asset tracking, asset management, asset maintenance);

• Managing relationships (legal implications of contracts with service providers and clients); and

• Compliance (legal and regulatory obligations).

Risk Acceptance

For each of the risks identified, sufficient analysis is undertaken to present a risk management grid as set out in Figure 2. The board of directors sets the policy on the classification of combinations of loss and probability (i.e. what is extreme, high, ‘moderate’ or ‘low’).

Programme of Implementation

Risks identified for active mitigation are allocated a mitigation implementation plan, with a management representative nominated to take active responsibility for the mitigation. The plan includes reporting responsibilities for all relevant related events. A detailed consolidated report is made to the Audit Committee and presented in summary to the board of directors.

Information Collection

Coop leadership executes a process that identifies the risk environment of the coop. This process includes a review of the potential risks by leadership through the Audit Committee. The process is reviewed on at least an annual basis to identify emerging risks that result from either a change of operations, change of operating environment or change of information. It is important that this process explicitly recognises the need for fresh review of risks so as to avoid the possibility of familiarity with the previous review(s) clouding the judgement of those involved.

Incident Analysis

Any serious incidents, or frequent minor incidents where a systemic issue may be involved, is reviewed in a debrief process by the Audit Committee. This process includes a causal analysis, and a review of the risk management structure related to the incident. The resulting report to the board of directors includes recommendations for changes to the risk management structure that emerge from incidents which indicate a systematic failure.

Compliance

Compliance with the implementation and management of risk mitigation policies is audited and reported to the board of directors through the Audit Committee.

Effectiveness

Periodic independent review of the effectiveness of the coop’s risk management approach is commissioned by the Audit Committee and reported to the board of directors.

Responsibilities

The coop uses a multilevel approach to managing risk.

There are three levels of risk management activity within management. At each level the following questions are addressed:

• what are the relevant goals and objectives?

• what are the key risks to achieving these objectives?

• what are the characteristics of these risks (likelihood and impact)?

• how can the risks be mitigated and who is responsible for implementing actions?

• who needs to be informed? and

• how will risks be monitored and reviewed?

1. Corporate/Organisational

The Chairperson or other future designated officer (through the Planning and Resources Committee):

• undertakes regular assessments of risk focusing on coop wide risks (including strategic risk and reputational risk);

• monitors and reviews consolidated risk assessments (risk management reports) from the other two levels;

• produces a cooperative level risk management report; and

• reports on risk management to the Audit Committee and the leadership.

2 Division/University Affiliate Group/Regional Group/Focus Area Group

Each branch or unit:

• undertakes regular risk assessment focusing on strategic, financial, operational, compliance and reputational risks; and

• produces a regular unit level risk management report.

3 Project level

Before significant new projects proceed (e.g. business ventures, IT projects, building projects, major research projects, CRCs), a business case must be established (according to a specified methodology) and approved. A key feature of each business case is the completion of a risk analysis. Project implementation is based a standard project management methodology which includes risk management.

Policy Provisions

Corporate governance and risk management
Risk management is an integral component of corporate governance and builds on transparent and accountable processes consistent with sound business practice. Risk management is applied to the development and implementation of policy, procedures, plans and future directions of Sydney Energy Cooperative.

Executive and management commitment
The Chairperson and the board of directors, the deputy Chairperson and the secretary, and management at all levels are committed to the pro-active management of risk in a systematic way in order to enhance the operation of the coop. The risk management process makes a significant contribution towards establishing priorities in the allocation of resources.

Managers and staff at all levels are accountable for risk management.

Culture of risk management
All staff are committed to ensuring that their behaviours relating to their individual performance encompass informed decisions to do or not do things based on a reasonable analysis of foreseeable risks, opportunities and their associated impacts on the implementation of coop strategies and the attainment of goals.

Review and monitoring risks

Formal mechanisms for review and monitoring are in place to measure and benchmark the effectiveness of risk management throughout the coop at all governance and management levels.

Reporting

Risk management information systems are in place to communicate and report on risks that have been identified and the status of actions implemented to mitigate risks.

Risk tolerance

The risk tolerance of the coop is ultimately determined by the board of directors.

Opportunity

Risk management also involves the coop identifying and taking advantage of opportunities in a way that ensures that any risks are managed on the basis of informed decision-making and on a realistic analysis of possible outcomes.

Supporting/Related Documents

- AS/NZS4360;
- Sydney Energy Cooperative Risk Assessment Form – Equipment
- Sydney Energy Cooperative Risk Assessment Form – Site

Review Date
20 August 2008 (Compliance Officer / Audit Committee)

Insurance Cover

The Coop maintains a public liability insurance policy with Calliden for AUD$5 Million. Copies of the certificate are available on request.

Clean Energy

More Information

Current Projects

Cooperative Environmental Values

Risk Management

Links

Sustainable Energy Groups

BCSE - Business Council for Sustainable Energy ATA - ATA - Alternative Technology Association ANZSES - Australia and NZ Solar Energy Society PVSoc - Photovoltaic Students Society (UNSW) Nunnery Bike Workshop - Newtown Community Bike Workshop

Risk Management

Risk Management Policy

Insurance Cover

Clean Energy

More Information

Sustainable Energy Groups

Languages

Links