Risk is defined as uncertainty of outcome, whether positive opportunity or negative threat, of actions and events. It is something that could potentially have an undesirable or desirable impact on the delivery of an organisation’s goals or objectives sometime in the future.
Risk management is the process by which an organisation identifies and manages both:
- the threats it faces in pursuit of its goals and objectives; and
- the risks it wishes to take to make the most of opportunities to achieve or exceed those goals and objectives.
This includes assessing the impact and likelihood of risks being realised and the arrangements to mitigate and manage them. It also includes having clarity about roles and responsibilities for identifying and mitigating risks as well as clear routes for escalation of risks as they arise or increase.
This policy outlines the Commission’s approach to risk management within the context of our corporate governance arrangements. It describes our risk tolerance and appetite, responsibilities for implementing the policy, details of key processes, along with reporting arrangements and expected outcomes.