05 Jul 2016
Risk Management as a Tool for Better Governance
Written by Nur Hasni
Edited and translated by Australia Awards in Indonesia
I had the opportunity to participate in the Australia Awards Better Governance – Public Sector Risk Management Short Term Awards at the Queensland University of Technology (QUT) Australia. This field was new territory for me. I knew the training would prove beneficial for me and for the Ministry of State Secretariat where I currently work. Aside from absorbing new knowledge, I also had the opportunity to meet selected participants from other ministries, as well as professionals in the Risk Management field in Australia. Here is my experience during the two-week course–—from 15 to 30 April 2016–—in Brisbane, Canberra and Sydney.
For the first seven days, we delved into an understanding of risk management at the QUT campus. Why is risk management necessary for an organisation? How does one build a risk culture at an organisation? These are key aspects for every official and employee to understand that no task is without risk.
We were also introduced to important tools such as risk management frameworks and risk management processes. The theory was introduced to us by Bob McDonald and Cathy Blunt, public sector risk management experts and our mentors at QUT. They were very patient and gave clear explanations when conducting the class, especially taking into consideration that not all the participants possessed basic comprehension of this subject, aside from those who have backgrounds in auditing. I personally started off not understanding what risk management is, but was able to gain a better comprehension by the end of the week-long activity.
The definition of "risk" as per ISO 31000 is "the effect of uncertainty on objectives". Each company or organisation is bound to have risks that could impact the goal of said organisation. Because of this, risk management is needed to mitigate, manage and avoid or even embrace risks. In Australia, most organisations—be it within the private or public sectors—already implement risk management as it provides added value for the organisation and strategic information for making decisions.
Perhaps for those new to risk management such as myself, the thought would occur as to what entails as risk for an organisation and how the organisation would manage it. It turns out that the question demands a comprehensive answer, as risk management is a continuous process that requires commitment from both leaders and employees. The risk management process consists of several steps and requires a strong commitment from high-ranking officials—for a ministry such as mine, it requires commitment from officials at the Minister and Echelon 1 levels.
It would be a shame to travel far to a different country for training to only do so in a classroom setting. I salute QUT and Australia Awards for their deep commitment in imparting the knowledge on risk management. We had the chance to visit several agencies in Brisbane to see the risk management processes firsthand. We had an interesting experience visiting Queensland Rail–—in Indonesia, the counterpart would be PT Kereta Api Indonesia. Queensland Rail has implemented risk management starting from risk identification, risk analysis, risk evaluation and how to handle them.
Risk can be categorised into the different levels of high, mid and low-level risk. In relation to transportation within the public sector, the risks that emerge are train accidents, train breakdowns, on-board safety, train delays, and rail suicides (which are also an occurrence in Australia), whereas a high-level risk would be a bomb threat at the train station (following bomb incidents at public transportations in Europe). One of the ways to mitigate suicide risks at train rails is by erecting fences along the train tracks, which Queensland Rail has begun to implement. After risk mitigation has been implemented, there of course needs to be a monitoring and evaluation process, as well as communication and consultation within the risk management process.
Another interesting example is disaster risk management in Queensland. This Australian state is very prone to natural disasters. In 2012, Queensland experienced floods. To minimise natural disaster risks, the Government of the State of Queensland manages these risks by taking various steps, one of them being drafting a Disaster Management Plan describing the roles and responsibilities of each agency in handling the disaster, disseminating information to the public regarding the disaster, as well as maintaining regular communication with other agencies as disaster management involves cross-agency effort.
In implementing risk management, agencies usually refer to the ISO 31000, which among other things, explains the risk management framework and risk management process. The framework is the underlying regulation serving as foundation for an organisation to design, implement, monitor, review, and continuously develop risk management. The organisation’s statement on its commitment in implementing risk management can also often be found within this framework. The risk management process itself consists of risk identification (financial, operational, reputation, technological, human resources, etc.), risk analysis (determining likelihood and consequences), as well as risk evaluation, which is evaluating risk by prioritising which risk to mitigate or control. Throughout this process, there has to be monitoring and evaluation, as well as communication and consultation.
The most exhilarating experience in Brisbane was the opportunity we had to have dinner with risk management professionals from the private and public sectors who served as guest speakers during our Short Term Awards. The guest speakers were very gracious in answering each question. Our conversation ranged beyond risk management, into matters related to Australia, such as Australian culinary delicacies, the Indonesia–Australia relationship and so forth. We were able to establish networks with them. I can now email them questions should I wish to delve deeper into risk management.
After five days of training material and agency field visits in Brisbane, Saturday was set aside for sight-seeing. We were excited to visit the Gold Coast. This stunning beach in Brisbane with its white sand and skyscrapers background is an attraction for international tourists. This is the second time I’ve visited the Gold Coast. We could also view the Gold Coast from atop the sky tower—despite my fear of heights, I found the experience exhilarating. From the top of the sky tower I learned how the Australian government carries out a very structured and beautiful urban planning. We also took pictures with the cute koalas and kangaroos at the Currumbin Wildlife Sanctuary.
During the Short Term Award, we were also required to create projects that we could implement at our workplace. This assignment was very challenging. Risk management has never been implemented in my office. As such, the risk management knowledge I gained would prove to be tremendously beneficial for Human Resources Bureau of the Ministry of State Secretariat. My wish is for risk management to be implemented within the institution, at the least in the smallest scale such as the sub-division or part of the Human Resources Bureau.
I learned tremendously from my experience in Brisbane, starting from the Short Term Awards material itself, the friendly and respectful Australians, as well as the amazing urban planning.