JS Risk Management Plan, 2

Juicy
Sprouts
Risk Management Plan
Mohamed Younes 2009

1
Table of Contents
1 Executive Summary ...................................................................................... 3
2 Introduction and Business Description.......................................................... 3
3 Company Description.................................................................................... 4
3.1 Type of Business ................................................................................... 4
3.2 Legal Structure....................................................................................... 4
3.3 History.................................................................................................... 4
3.4 Mission................................................................................................... 5
3.5 Business Objectives............................................................................... 5
4 Definitions ..................................................................................................... 5
5 Objectives of Risk Management Plan ........................................................... 6
6 Risk Management Policy............................................................................... 7
6.1 Policy objectives .................................................................................... 7
6.2 Policy Statement.................................................................................... 8
6.2.1 Recognition of the Need for Risk Management .............................. 8
6.2.2 A Commitment to Implement Risk Management Effectively ........... 8
6.2.3 A Commitment to Training and Knowledge Development in the Area of
Risk Management ......................................................................................... 8
6.2.4 A Commitment to Monitor Performance and Review Progress in Risk
Management ................................................................................................. 9
7 Interdependency with Corporate Governance and Strategic Planning.......... 9
7.1 Code of Conduct.................................................................................... 9
7.2 Evaluation and Monitoring.................................................................... 10
8 Organisation and Responsibilities............................................................... 11
9 Risk Management Programme.................................................................... 12
9.1 Annual Risk Management procedures ................................................. 13
9.2 Risk Management Programme - Risk Treatment Timeline .................. 14
10 Risk Management Processes.................................................................. 15
10.1 Description of Risk Management Processes........................................ 15
10.2 Risk Treatment Processes (AS/NZS 4360:2004)................................. 16
11 Performance Management Plan.............................................................. 17
11.1 Payment Packages .............................................................................. 18
12 Risk Management Implementation Plan .................................................. 20
13 Risk Management Framework................................................................. 22
14 Risk Identification Process ...................................................................... 23
14.1 Sources of Information for Risk Identification....................................... 23
14.2 Scope Covered by Identification .......................................................... 23
14.3 Approaches to Identification of Risks ................................................... 24
14.4 Participants Involved in the Risk Identification Process ....................... 24
Internal........................................................................................................ 24
External....................................................................................................... 24
15 Risk Register with Assessed Risks.......................................................... 25
16 Risk Assessment and Risk Matrix Profile ................................................ 27
16.1 Risk Assessment Matrix....................................................................... 27

2
16.2 Risk Acceptance/ Risk Tolerance ........................................................ 27
16.3 Qualitative Measures of Consequences .............................................. 29
17 Control Evaluation ................................................................................... 30
18 Risk Ownership and Accountability ......................................................... 32
19 Risk Impact to Business Objectives......................................................... 33
20 Risk Appetite and Tolerance Positioning................................................. 33
20.1 Risk Appetite/Tolerance....................................................................... 35
21 Risk Treatment Plans .............................................................................. 36
22 Communications Plan.............................................................................. 46
22.1 Objectives of the communication ......................................................... 46
22.2 Participants to be included,.................................................................. 46
22.3 Perspectives under Consideration ....................................................... 46
22.4 Communication Methods ..................................................................... 47
22.5 Evaluation ............................................................................................ 47
23 Monitor and Review Processes ............................................................... 47
23.1 Annual Review and Assurance Statement........................................... 48
24 References .............................................................................................. 48
25 Appendixes.............................................................................................. 48

3
1 Executive Summary
This report is prepared for Juicy Sprouts in recognition that Risk Management is an
essential part of good management. It contains a Risk Management Plan following a
previous report of a Risk Management Framework and Risk Register. This plan is
necessitated as part of strategic decision making and achieving Juicy Sprouts business
objectives in the short and long term perspective of the business.
This report outlines,
 The identification of risk areas and priority exposures
 The incorporation of appropriate risk management strategies, risk improvements
and contingency planning
 A treatment plan addressing each major risk within the different business risk
areas
 The communication process of responsibilities of stakeholders and management
 The process of developing an organisation culture that recognizes the
importance of risk management, corporate governance standards, quality
assurance and a strive for continuous improvement
 A performance management system that supports desired employee behaviour
in achieving strategic goals
 The monitoring and reviewing of ongoing risks to enable well informed decisions
of risk controls
 The importance of appropriate training and effective management of risks.
2 Introduction and Business Description

4
Juicy Sprouts is an organic vegetable grower in the Bullsbrook region of Western
Australia, with its head office near Fremantle, Western Australia. When it was first
purchased in January 2002, the business has a total of six employees which consisted
of a manager who is also the owner of the business, his wife and four other employees.
Juicy Sprouts have always aims to produce sprouts of the highest quality and to
maintain customer satisfaction.
The primary objective of the business has been to achieve a higher profit than the
previous year and additionally to stay afloat for the next five years. Due to the growing
health conscious market, the health benefits of sprouts has increased consumer
demand and competitors entering the market. This has necessitated the business to
review its operations so as to continue achieving its business objectives and ensuring
operational efficiency. A risk assessment will therefore be used to highlight the potential
risk areas of the business.
3 Company Description
3.1 Type of Business
Juicy Sprouts is a wholesale business, supplying their sprout product line to major
supermarket chains including Action, Coles and Woolworths. The company also
supplies sprouts to smaller stores, restaurants and cafés within the Perth region. The
Sprout Factory also has overseas operations supplying sprouts to local supermarkets
within the region.
3.2 Legal Structure
The existing legal structure of Juicy Sprouts is a proprietary limited company. This legal
structure has limited liability on the directors. They are only liable to the extent of the
company assets and equity should the company fail its financial obligation in the event
that the company is insolvent. But in the event of any criminal intent by the company,
the directors are personally liable.
3.3 History

5
Juicy Sprouts has been operating since 2002 and was originally a home-based
business situated on a property in Bullsbrook that concentrated on a growing quality
produce for smaller retailers and weekend markets. John and Mandy Smith bought the
company in 2002 recognising the enormous growth potential of sprouts. John‟s
horticultural background coupled with Mandy‟s business and marketing expertise which
made an impressive team that has significantly grown in Juicy Sprout‟s business.
3.4 Mission
Juicy Sprouts strives to always produce sprouts of the highest quality and seek to
achieve a paramount level of customer service. As their mission statement states,
“Health enhancing quality of our foods and its freshness is our mission.”
3.5 Business Objectives
 To increase sales profits of sprouts by 4% in the next 2 years by expanding its
current market share
 To increase cash flow in the next 2 years by improving cost efficiency and
production.
 Increase production by 2007 from 100,000 to 150,000 punnets per week in peak
seasons.
4 Definitions
(AS/NZS 4360:2004)

6
Consequence: the outcome of an event expressed qualitatively or quantitatively, being
a loss, injury, disadvantage or gain. There may be a range of possible outcomes
associated with an event.
Control: an existing process, policy, device, practise or other action that acts to
minimise negative risk or enhance positive opportunities.
Control Assessment: systematic review of processes to ensure that controls are still
effective and appropriate.
Likelihood: used as a qualitative description of probability or frequency.
Risk: the chance of something happening that will have an impact on objectives. It is
measured in terms of consequence and likelihood.
Risk Analysis: a systematic use of available information to determine how often
specified events may occur and the magnitude of their likely consequences.
Risk Appetite: The amount of capital that can be willingly lost in order to generate a
potential profit.
Risk Assessment: the overall process of risk analysis and risk evaluation.
Risk Management: the culture, processes and structures that are directed towards the
effective management of potential opportunities and adverse effects.
Risk Tolerance: the ability to withstand losses caused by one or more of the different
types of risk.
Risk Transfer: the extent to which insurance risk is shifted from the reinsured to the
reinsurer
Risk Treatment: Process of selection and implementation of measures to notify risk.
Strategic Risk: the chance of something happening that will have an impact on the key
strategic outcomes of the organisation.
Treatment Action Plan: a planned appropriate action to be taken to deal with the risk.
5 Objectives of Risk Management Plan
The risk management objectives for Juicy Sprouts include the following;
1. Implement effective risk management as a key element of good governance and
performance management.

7
2. Consider risk is an integral part of corporate and business planning and service
delivery.
3. Encourage considered and responsible risk taking as a legitimate response to
opportunity and uncertainty.
4. Achieve better outcomes for the Juicy Sprouts through a more realistic
assessment of the challenges faced, through improved decision-making, risk
mitigation and control.
5. Engender, reinforce and replicate good practice in risk management.
Meeting the Objectives
Effective risk management will require an iterative process of identification, analysis,
prioritisation, action, monitoring and reporting of risk materials. The processes required
to deliver the objectives will need to ensure:
1. Clear identification of corporate and operational objectives and targets
2. Specification of roles and responsibilities in respect of risk management
3. Consideration of risk as an integral part of corporate and business processes
4. Requirements to analyse, prioritise, respond to, monitor and report on risk
materials and significant risks.
5. Specification on guidance and support arrangements to assist managers in their
consideration of risks.
6. Facilitation of shared organizational intelligence and learning
Risks will be managed through requirements at five levels:
 expression of the corporate risk tolerance at corporate level and over the medium
term
 at operational level through budget allocation and monitoring processes
 project level, through reporting to and monitoring by corporate level
 Through annual review of arrangements to assess against good practice through
examination of corporate and insurable risks.
6 Risk Management Policy
6.1 Policy objectives
The Risk Management Policy has been created to:

8
 Protect Juicy Sprouts from those risks of significant likelihood and consequence
in the pursuit of the organisation‟s strategic goals and objectives
 Provide a consistent risk management framework in which the risks concerning
business processes and functions of the Juicy Sprouts will be identified,
considered and addressed in key approval, review and control processes;
 Encourage pro-active rather than re-active management;
 Provide assistance to and improve the quality of decision making throughout the
Juicy Sprouts;
 Meet legal or statutory requirements; and
 Assist in safeguarding the Juicy Sprouts assets - people, finance, property and
reputation.
6.2 Policy Statement
6.2.1 Recognition of the Need for Risk Management
Juicy Sprouts recognises the need for risk management as a consideration in strategic
and operational planning, day to day management and decision making at all levels in
the organisation.
6.2.2 A Commitment to Implement Risk Management Effectively
Juicy Sprouts is committed to managing and minimising risk by identifying, analysing,
evaluating and treating exposures that may impact on the company achieving its
objectives or the continued efficiency and effectiveness of its business operations. Juicy
Sprouts will incorporate risk management into its institutional planning and decision
making processes. Risk management must also be included as a consideration at
operational planning as a delegated line management responsibility. Juicy Sprout staff
must implement risk management according to relevant legislative requirements and
appropriate risk management standards.
6.2.3 A Commitment to Training and Knowledge Development in the Area
of Risk Management
Juicy Sprouts is committed to ensure that all staff, particularly those with management
and decision making responsibilities to obtain a sound understanding of the principles of
risk management and the skills required to implement risk management effectively.
Training will also include Corporate Governance standards, values and Quality
Assurance standards.

9
6.2.4 A Commitment to Monitor Performance and Review Progress in Risk
Management
Juicy Sprouts will regularly monitor and review the progress being made in developing
an appropriate culture of risk management and the effective implementation of risk
management strategies throughout the organization as a basis for continuous
improvement.
7 Interdependency with Corporate Governance and
Strategic Planning
Juicy Sprouts is responsible for ensuring that its business is conducted in accordance
with the law and proper standards of HB 407-2006, Corporate Governance for small
businesses. Management should also ensure that the following essential corporate
governance principals are adhered to and integrate business processes for governance
in the organisation business.
The manager will be responsible and accountable the following,
 Overseeing the implementation and monitoring of the operation of essential
corporate governance values from Standards Australia AS 8003-2003. This
includes,
o Management and employee accountability in all aspects of the business
o Increasing transparency through open communication and participation to
increase fairness, commitment and honesty in its business operations
o Compliance with business and environmental legislations and corporate
governance standards
o Compliance with code of conduct for an ethical organisation.
7.1 Code of Conduct
A code of conduct is designed to ensure that
 High standards of corporate and individual behaviour are observed by
management and employees in the context of their employment
 Employees are aware of their responsibilities under their contract of employment
and always act in an ethical and professional manner.
 Requirement that Management and all employees avoid conflict of interests
between their personal interests and those of the company and its clients

10
 Not take advantage of opportunities arising from their position for personal gain
or in competition with the company
 Reporting any actual or potential breach of the law, the Code of Conduct or other
company policies.
 Promotes and encourages ethical behaviour and provides protection for those
who report violations
 All Managers and employees are required to conduct their duties at the highest
level of honesty and integrity and not make improper use of any confidential
information
 Management to set a high standard of faireness, dilligence and competency in
their positions.
7.2 Evaluation and Monitoring
 Monthly reports reviewing business operations in accordance to Corporate
Governance Standards and Code of Practice
 Reporting annually to the Audit and Governance Committee on compliance and
any changes that may be necessary to maintain and ensure effective practices
 Identification, evaluation and managing key risks and is regularly reviewed on a
yearly basis.
 Ensuring that internal controls and procedures are in place at operational level
for immediate reporting of any major control weaknesses identified.
 Continuous development of an organisational culture in acceptance, commitment
and compliance to corporate governance
 Identify the need for improvements to further enhance corporate governance
arrangements. Implementation and operation will be reviewed once every 6
months.

11
8 Organisation and Responsibilities
4.1 The manager will have the authority and the responsibility for :
 ensuring the awareness of, and implement, the requirements of
risk management policy;
 the identification and control of risks within the business;
 the initiation of risk management analyses for the business;
 the preparation of a Risk Treatment Plan where the adequacy of
existing controls is determined to be unacceptable;
 reviewing and approving completed risk management
documentation;
 the implementation of actions detailed in Risk Treatment Plans;
and
 Ensuring the risk registers are updated annually.
 Responsible for promoting and cultivating a culture of risk
management initiatives, Corporate Governance values and
Quality Assurance Standards throughout Juicy Sprouts by
appropriate communication, education and training.
 Developing and implementation of a performance management
program that recognises and rewards risk management
initiatives.
 Assume general oversight of Risk Management in the business.
4.2 The supervisor will be responsible for:
 coordination of the Juicy Sprouts‟ risk management
program;
 facilitation of risk management sessions to address the
business requirements;
 Presenting relevant information and documentation to the
Manager and the maintenance of the risk register.

12
9 Risk Management Programme
Risk management will be integrated with all Juicy Sprouts planning and management
processes. The following must be considered,
 the business activities and its capabilities;
 the identified risks;
 risk treatment strategies;
 mechanisms to review the risks and their treatments;
 strategies for communicating requirements, training and acquiring necessary
skills and ;
 Effectiveness of the risk management process which will be monitored and
reviewed annually.
Risk Management Process steps Timeline
1. Establishing the context i.e. the risk
environment
1 week
2. Identifying the risks 2 weeks
3. Analysing the risks 3 weeks
4. Evaluating the risks 4 weeks
5. Treating the risks 1 year
6. Monitoring and reviewing the risks Continuous
7. 7. Communicate and consult Continuous

13
9.1 Annual Risk Management procedures
PROCESS RESPONSIBILITIES
Facilitate the updating of the Risk Registers Manager
Analyse and evaluate programs to identify
new or confirm existing risks on the Risk
Register
Manager
Identify new or confirm control processes
on the Risk Register
Manager
Assign a rating (High, Medium or Low)
against each risk and control identified on
the Risk Register
Manager
Sign-off the Risk Register Manager
Review the accuracy of the Risk Registers Manager
Approval of Risk Registers Manager
Rank areas identified in the Risk Registers
according to priority for action/Internal Audit
coverage
Manager

14
9.2 Risk Management Programme - Risk Treatment Timeline
Risks in accordance to Risk Register
Q1 (Jan-Mar) Q2 (April-June) Q3 (July-Sept) Q4(Oct-Dec)
Actions to be carried out
Risk 1
Poor Cash Flow (Financial) Implement Review/Monitor success Monitor Success
Review and
success and
improve.
Risk 16
Lack of Retention (Human Resources)
Implement - Get feedback from staff Review
success
Risk 12
Increased Competitors (Marketing) Implement
Review/Monitor success Review/ Monitor success Review/Moni
tor success
Risk 22
Lack of protective clothing (Occupational
Health and Safety)
Implement
Review success Monitor success Monitor
success
Risk 23
Lack of emergency procedures (OHS) Implement
success
Risk 20
Poor maintenance of equipment
(Technology)
Implement
- Review/Monitor success Review/Moni
tor success
Risk 34
Low security levels (Security) Implement
success
Risk 3
Poor records management (Administration) Implement
Review/Monitor/Train
success
Review/Train/Monitor
success
Review/Train
/Monitor
success
Risk 6
Reliance on a single product (Management) Implement
Review/Monitor success Review/ Monitor success Review/Moni
tor success

15
10 Risk Management Processes
10.1 Description of Risk Management Processes
All risks at Juicy Sprouts shall be documented and monitored through the use of a
controlled risk register (See Appendix A). The management process will involve the
following steps: -
i) Establishing the context i.e. the risk environment. This is in consideration
with the business objectives and concerns.
ii) Identifying the risks. This step seeks to identify the risks to be managed. A
comprehensive identification using a well-structured systematic process is
critical. This aims to generate a comprehensive list of risks, which might
affect each risk area.
iii) Analysing the risks. The objective of analysis is to separate the minor
acceptable risks from the major risks and to establish data to assist in the
assessment and treatment of risks. Risk analysis involves consideration of
the sources of risk, their consequences and the likelihood that those
consequences may occur. Risk is analysed by combining estimates of
Likelihood and Consequence in the context of existing control measures.
iv) Evaluating the risks. This involves comparing the level of risk found during
analysis with established risk criteria. The priorities of how the risks will be
treated are identified.
v) Treating the risks. Risks assessed as 10 and above require Treatment
Action Plans, as this is the first risk assessment for the business. Risk
treatment will involve identifying the range of options for treating risk,
assessing those options, preparing risk treatment plans and implementing
them. Risk treatment options include the following:
a) Reducing the likelihood
b) Reducing the consequences
vi) Monitoring and reviewing the risks and the risk environment regularly and
continuously communicating and consulting with the stakeholders.

16
10.2 Risk Treatment Processes (AS/NZS 4360:2004)
Risk treatment will involve identifying a range of options for treating the risks, evaluating
the options and preparing the treatment plan and implementing them. The
implementation will be associated with priorities and also the costs involved and the
budget allocated.
Residual Risks-
 Any implementations that are deemed not cost effective by management will be
retained by the business.
Risk treatment objectives
 To minimise the consequences/likelihood of the risk
 To take advantage of emerging opportunities.
No
Analyse risk
Evaluate risks
Risks to be
treated +risk
treatment
objectives
Identify Options
Develop/design
treatment options
Evaluate Options Do
they satisfy treatment
objectives?
Are they cost
beneficial?
Risk Treatment
Plan
Residual Risks

17
11 Performance Management Plan
Risk No. Risk Risk
Score
Performance Management
Indicators
Compensable Factors Methods to assist
in P.M evaluation
1 Poor cash flow 25 Effectiveness of costing systems
and forecasts to assist in financial
management and decision making
Increase cost efficiency
Increasing cash flow by 2% within
the next year.
Continuous improvement
Leadership, Judgement and
Decision Making, Job
Knowledge,
Communication/Interpersonal
Skills
Performance
Appraisals,
Employee Feedback
Financial Reports
16 Lack of retention strategies (Human
Resources)
25 Monitor employee absenteeism
rates Monitor employee turnover at
the end or end of employment
contract
Continuous improvement,
Knowledge,
Skills
Performance
Appraisals,
Employee Feedback
12 Increasing competitors (Marketing) 20 Number of Customers Acquired,
Status of Existing Customer
relationships, Profitability,
Achievement of Sales Targets
Knowledge,
Skills
Customer, Supplier,
Distributor
Feedbacks, Monthly
Sales Reports,
Competitor Analysis,
Performance
Appraisals
22 Absence of protective clothing (OHS) 20 Monitor employee absenteeism
rates, employees‟ compliance with
health and safety standards,
Number of accidents, injuries or
medical leaves
Judgement and Decision
Making, Job Knowledge,
Skills
Monthly meetings,
End year accident
report, performance
appraisals,
Employee Feedback
23 Absence of emergency procedures (OHS) 20 Monitor employee absenteeism
rates, employees‟ compliance with
health and safety standards,
Number of accidents, injuries or
medical leaves
Knowledge,
Skills
Monthly meetings,
emergency drills,
end year accident
reports,
performance
appraisals and
employee feedback
20 Poor maintenance of equipment
(Technology)
20 Number of incidents where
machines break down, Production
levels, Lost of Sales and production
delays. Use of scenario planning
Knowledge,
Quarterly record of
equipment break
down, performance
appraisals,

18
and contingency planning to
mitigate risks
Skills
employee feedback,
production and
sales reports
34 Low security levels (Security) 20 Monitor number of break-ins, lost of
internal resources due to theft
Knowledge,
Skills
Quarterly record of
break ins and theft
rates. Performance
appraisals,
employee feedback,
store checklist
3 Poor records management (Administration) 15 Accuracy of data entry and ability of
information system to assist in
decision making effectively. How
timely data entry is keyed into
systems. Availability of information
and data for all stakeholders.
Knowledge,
Skills
Employee, supplier,
distributor and
customer feedback,
Performance
appraisals.
6 Reliance on a single product (Management) 20 Sales profits, Number of new
customers acquired, Improvement
in existing customer, supplier
distribution relationships.
Achievement of sales targets.
Knowledge,
Skills
Monthly sales
reports, End year
sales reports,
Employee, Supply
Chain and customer
feedbacks.
Performance
appraisals.
11.1 Payment Packages
Juicy Sprouts remuneration packages aims to match with industry rates and levels.
Cash Compensation Benefits Relational Returns
Individual Base pay Work life Balance Recognition and Status
Short-term incentives Allowances (transport) Training and Development
Long-term incentives Other benefits Employment security
Challenging Work

19
The compensable factors are used to enable managers and supervisors to evaluate employees‟ performance within a
proper framework that is strategically aligned with Juicy Sprouts business objectives and the external regulatory
environment. This aims to ensure that all levels of employees are striving towards similar organisational goals and
behaviours. Simultaneously, the compensable factors and evaluation criteria will have to be transparent, fair and properly
communicated to all employees. Compensable factors are also directed to signal desired behaviours particularly to
increase involvement and participation in risk management, corporate governance and quality initiatives. These
behaviours should be noted and initiatives that are actually implemented. It should also be noted that training and
development should be provided to assist employees towards desired performances.

20
12 Risk Management Implementation Plan
i) Analysing the risks. The objective of analysis is to separate the minor
acceptable risks from the major risks and to establish data to assist in the
assessment and treatment of risks. Risk analysis involves consideration of the
sources of risk, their consequences and the likelihood that those consequences
may occur. Risk is analysed by combining estimates of Likelihood and
Consequence in the context of existing control measures.
ii) Evaluating the risks. This involves comparing the level of risk found during
analysis with established risk criteria. The priorities of how the risks will be treated
are identified.
iii) Treating the risks. Risks assessed as 10 and above require Treatment Action
Plans, as this is the first risk assessment for the business. Risk treatment will
involve identifying the range of options for treating risk, assessing those options,
preparing risk treatment plans and implementing them. Risk treatment options
include the following:
a) Reducing the likelihood
b) Reducing the consequences
iv) Monitoring and reviewing the risks and the risk environment regularly and
continuously communicating and consulting with all stakeholders.
Treatment Action Plans. Risks assessed as 10 and above or with a Catastrophic
Consequence require Treatment Action Plans. Risk treatment involves identifying the
range of options for treating risk, assessing those options, preparing risk treatment
plans and implementing them. Risk treatment options include the following:
 Avoid the risk by not proceeding with the activity/project.
 Reduce the likelihood of the occurrence.
 Reduce the consequences.
 Transfer the risk (eg insurance).
 Retain the risk in an acceptable reduced format by the
application of controls such as effective policies, procedures or
physical changes.

21
a. Re-assess the Risk. Following re-assessment of treated risks, a
decision must be made on acceptance of the re-assessed risk.
Please see appendix A for a detailed the Risk Management Process

22
13 Risk Management Framework
Juicy Sprouts has never had a risk assessment conducted before and is unaware of
various risks and their severity that may pose a threat to achieving the organisation‟s
objectives. Problem solving and decision making is often made as and when problems
arise. A SWOT analysis structure has been used to identify risks in the internal and
external environment. This assessment will therefore focus on the potential risks that
may face the business operations and management, prioritise them and treat them.
The key concerns of Juicy Sprouts have been to achieve a higher profit than the
previous year and additionally stay afloat for the next five years. Due to the growing
health conscious market, the health benefits of sprouts has increased consumer
demand and competitors entering the market. This has necessitated the business to
review its operations so as to continue achieving its business objectives and to ensure
operational efficiency.
As this will be Juicy Sprout‟s first assessment, any risks above the risk score of fifteen
will be treated and priority will be given to risks that have a financial impact on the
business. This has been necessitated due to the absence or lack of effective controls
for most of the risks being assessed. The assessment will also focus on introducing a
risk procedure into the business so that risk assessment will be an ongoing process to
ensure continuous improvements at Juicy Sprouts.
The outcome of the assessment will be treated under a limited budget using a treatment
plan. The treatment plan will give priority to the risks that will negatively affect the
business objectives and concerns, particularly the financial aspects. The responsibilities
of the outcome should be a consistent process driven by the manager and involving all
employees at Juicy Sprouts. This aims to cultivate a culture that integrates Risk
Management into its strategic direction and business operations.
Please see appendix A for a detailed the Risk Management Process

23
14 Risk Identification Process
14.1Sources of Information for Risk Identification
Information was collected from the following sources for risk identification. They include,
 Historical Information
 Focus Group Discussions
 Structured Interviews
 Strategic and Business Plans including SWOT analysis and environmental
scanning
 Results from Reports, Audits and Inspections and Site Visits
14.2 Scope Covered by Identification
The key questions adapted from (AS/NZS 4360:2004) were asked in relation to risk
areas of the business,
a) What is the source of the risk?
b) What might happen that could lead to the following-:
i) Increase or decrease the effective achievement of objectives?
ii) Make the achievement of the objectives less efficient?
iii) Cause stakeholders to take action that may influence the achievement of
objectives?
c) The effect on objectives?
d) When and where these risks might likely occur?
e) Who might be involved or impacted?
f) What controls presently exist to treat these risks?
g) What would cause the control not to have the desired effect on the risk?

24
14.3 Approaches to Identification of Risks
 Team-based brainstorming was used in facilitated workshops to consider
different perspectives. During these workshops, scenario analysis was used to
encourage participation
 Structured techniques including flow charting and systems analysis were used in
potential catastrophic consequences.
These methodologies were used so as to increase the accuracy and reliability of
information and additionally to source additional information for specific risk areas.
Participants were contacted again where information were insufficient or ambiguous.
14.4 Participants Involved in the Risk Identification Process
Participants involved in the process included internal and external stakeholders. They
include,
Internal
 John Smith, Owner and Manager
 Mandy Smith, Owner and Assistant Manager
 Chris Johnson, Supervisor
 5 operational workers
External
 Buyers and Sellers (e.g. Woolworths, Action and Coles)
 End Users
 Suppliers
 Community
 Government bodies (e.g.: health board, consumer commission)

25
15 Risk Register with Assessed Risks
The following is a simple risk register in which the risk score is rated based on a Risk Assessment Matrix and Risk
Acceptance/ Tolerance Scale. (See appendix B for complete risk register represented across risk area framework)
No. as in
Risk
Register
Risk Risk Area Consequence Likelihood Risk
Level
Risk Score Risk Priority Acceptability
2 Inability to service
future loans
Financial Catastrophic Almost Certain Very
High
25 High No
16 Lack of retention
strategies
Human
Resources
Catastrophic Almost Certain Very
High
25 High No
19 Lack of succession
planning
Human
Resources
Catastrophic Almost Certain Very
High
25 High No
20 Poor Ventilation OHS Catastrophic Almost Certain Very
High
25 High No
1 Poor Cash Flow Financial Catastrophic Likely Very
High
20 High No
5 Lack of adequate
planning
Management Major Almost Certain Very
High
20 High No
11 Poor customer
relationship
Marketing Major Almost Certain Very
High
20 High No
12 Increasing competitors Marketing Major Almost Certain Very
High
20 High No
14 Poor Supplier
Relationships
Supply Chain
Management
Major Almost Certain Very
High
20 High No
22 Absence of protective
clothing
OHS Major Almost Certain Very
High
20 High No
23 Absence of emergency
procedures
OHS Major Almost Certain Very
High
20 High No
26 Poor Cleanliness OHS Major Almost Certain Very
High
20 High No
20 Poor Maintenance of
equipment
Technology Major Almost Certain Very
High
20 High No

26
28 Lack of Costing
Software
Administration Major Almost Certain Very
High
20 High No
29 Disposal of Materials Environmental Major Almost Certain Very
High
20 High No
32 Climate change on
crop growth
Natural Events Major Rare Very
High
20 High No
33 Pests attack on crops Natural Events Major Rare Very
High
20 High No
34 Low security levels Security Major Almost Certain Very
High
20 High No
3 Poor Records
Management
Administration Moderate Almost Certain High 15 High No
4 Poor Accounting
Management
Administration Moderate Almost Certain High 15 High No
6 Reliance on a single
product
Management Moderate Almost Certain High 15 High No
15 Inadequate recruitment Human
Resources
Moderate Almost Certain High 15 High No
17 Absence of orientation
program
Human
Resources
18 Absence of training
and development
programs
Human
Resources
21 High Noise Levels OHS Moderate Almost Certain High 15 High No
24 Lack of good lighting OHS Moderate Almost Certain High 15 High No
25 Lack of floor space OHS Moderate Almost Certain High 15 High No
30 Pollution of soil Environmental Moderate Almost Certain High 15 High No
31 Floods Natural Events Catastrophic Unlikely High 10 Low Yes
10 Recession Economic Major Unlikely Low 10 Low Yes
7 Inconsistency of quality
assurance checks
Management Minor Rare Low 6 Low Yes
8 Change in government
regulations
Political Catastrophic Rare Medium 5 Low Yes
9 Lack of policy review Political Moderate Rare High 5 Low Yes

27
16 Risk Assessment and Risk Matrix Profile
Risk tolerance level is 15 and preference will be given to risks that have a financial impact on Juicy Sprout‟s business and
strategic objectives. Risk appetite is medium as all risks that are higher than 10 will be treated if adequate funds are
sufficient.
16.1 Risk Assessment Matrix
CONSEQUENCE
LIKELIHOOD Insignificant Minor Moderate Major Catastrophic
Almost Certain 5 10 15 20 25
Likely 4 8 12 16 20
Moderate 3 6 9 12 15
Unlikely 2 4 6 8 10
Rare 1 2 3 4 5
16.2 Risk Acceptance/ Risk Tolerance
Level of Risk LOR Category Initial Risk Evaluation Re-assessed Risk Evaluation
15 - 25 Very High Treatment Action Plan Required Risk is unacceptable – refer to Manager
10 - 14 High Treatment Action Plan Required Risk is undesirable. Decision on acceptance of risk should
be made by the Manager
6 - 9 Moderate Risk may be accepted by the Manager but when Catastrophic
a treatment plan will be required
Decision on acceptance of risk should be referred to the
Manager.

28
1 - 5 Low Risk is acceptable – manage by routine procedures but when
Catastrophic a treatment plan will be required.
Risk is acceptable – The manager should be informed about
it.

29
16.3 Qualitative Measures of Consequences
Risk Level Rank Financial Administration Political Management
5 Catastrophic > AU $10,000 No records kept All staff are affected All staff are affected
4 Major AU $5000-10,000 >20% of data incorrectly recorded More 20% of staff affected More 20% of staff affected
3 Medium AU$1000-4000 20% of data missing or incorrect More 20% of staff affected More 20% of staff affected
2 Minor AU$5000-1000 10% of data missing or incorrect 10% of staff is affected Only 10% of staff is affected
1 Insignificant <AU$500 5% error in record entries 10% of staff is affected Only 10% of staff is affected
Risk Level Rank Economic Marketing Human Resources Technological
5 Catastrophic 0% sales made 0% sales All staff are affected No maintenance done
4 Major 1% - 5% sales
made
1% - 5% sales made
More 20% of staff affected ½ yr service maintenance done
3 Medium 6% - 10% sales
made
6% - 10% sales made
More 20% of staff affected ½ yr service maintenance done
2 Minor 10% - 15% sales
made
10% - 15% sales made
10% of staff is affected ¼ yr service maintenance done
1 Insignificant > 15% sales made > 15% sales made < 10% of staff is affected ¼ service maintenance done
Risk Level Rank OHS Environmental Natural Events Security
5 Catastrophic Severe disability
affecting 2 staff
Serious long term
environmental
effects
Closure of business
All goods and equipment
stolen
4 Major Severe disability
affecting 1 staff
Serious long term
environmental
effects
Damages causes > 50%
losses > 50% goods/equipment
stolen
3 Medium Hospitalisation
required for staff
On going
permanent damage
Damages causes > 30%
losses
> 30% goods/equipment
stolen
2 Minor Medical treatment
required for staff
Minor repairable
damages
Damages not severe < 30% goods/equipment
stolen

30
1 Insignificant No medical
treatment required
Minor repairable
damages
Damages not severe < 10% goods/equipment
stolen
17 Control Evaluation
The following are 9 risks from various risk areas in the business with a score above 15 to be treated immediately. This
section consists of the control evaluation of these 9 risks.
Risk No. Risk Risk
Score
Description of Controls in place Control
Effectiveness
Staff in Charge
1 Poor cash flow 25 No financial controls in place Unsatisfactory Mandy
Resources)
25 No controls in place Unsatisfactory None
12 Increasing competitors (Marketing) 20 No marketing plan/strategy in
place
Unsatisfactory Mandy
22 Absence of protective clothing (OHS) 20 No protective clothing provided Unsatisfactory John
23 Absence of emergency procedures (OHS) 20 No emergency procedures in Unsatisfactory John

31
place
20 Poor maintenance of equipment (Technology) 20 ½ year service maintenance is
done
Unsatisfactory John
34 Low security levels (Security) 20 An alarm system is installed only
in office area. Warehouse and
stores are secured by padlocks.
Unsatisfactory Chris
3 Poor records management (Administration) 15 Information is inputted by one staff
into a computer. No backup in
place or checks for accuracy of
information.
Unsatisfactory Mandy
6 Reliance on a single product (Management) 20 No contingency planning or
marketing strategies in place.
Unsatisfactory John

32
18 Risk Ownership and Accountability
The Manager is responsible for all risks at Juicy Sprouts as he has the authority and ability to implement the risk
management plan. The manager may delegate supervision responsibilities to operational staff, but he will ultimately be
responsible and accountable for overseeing the effective implementation of the risk management plan. However, in order
to create an organisational culture that integrates risk management initiatives and corporate responsibility, all employees
have to be involved in the continuous improvement process.

33
19 Risk Impact to Business Objectives
Risk
No.
Risk Risk Score Control
Effectiveness
Impact on Business objectives
1 Poor cash flow 25 Unsatisfactory Poor cash flow will affect the business‟s ability to stay afloat and repay its bank
loans for investment. The lack of cash flow forecasting will lead to liability
exceeding income received, leading to poor return on investment.
Resources)
25 Unsatisfactory Unplanned absence of staff required for labour leading to financial loss and loss of
profit. Additionally, this would affect objectives to increase production of punnets by
2007.
12 Increasing competitors (Marketing) 20 Unsatisfactory Reduction of profit margin of business, affecting objectives to increase sales profits
and expanding market share.
22 Absence of protective clothing (OHS) 20 Unsatisfactory Staff injury, increased absenteeism and reduced motivation may lead to poor
performance and financial losses. Additionally this will affect business reputation
and corporate responsibility issues.
23 Absence of emergency procedures (OHS) 20 Unsatisfactory Loss of lives, injuries leading to litigation, bad reputation thus affecting sales and
profits.
20 Poor maintenance of equipment (Technology) 20 Unsatisfactory Frequent machine break downs affecting quality, production hiccups delaying
product availability to end users leading to increasing supplier dissatisfaction and
poor return on investment.
34 Low security levels (Security) 20 Unsatisfactory Financial loss, loss of important documentation and material leading to production
hiccups, delays and profit losses.
3 Poor records management (Administration) 15 Unsatisfactory Loss of important data from various areas including marketing, accounting, supplier
and production information. Barrier in assisting with tracking process, competitor
disadvantage leading to bad reputation among suppliers and financial losses
6 Reliance on a single product (Management) 20 Unsatisfactory Competitive disadvantage, inability to retain customer loyalty preventing increasing
market share, product obsolete and reduce profit margins.
20 Risk Appetite and Tolerance Positioning
The risk tolerance level is 15 and preference will be given to risks that have a financial impact on the business and its
strategic objectives. When risk is close to the intolerable level as viewed in the ALARP principle, it is expected that the
risk will be reduced unless management deems that the cost of reducing the risk is grossly disproportionate to the benefits
gain. When risks are close to the negligible level, then action may be taken to reduce risk where benefits exceed the costs
of reduction.

34
To ensure that the strategic objectives of Juicy Sprouts are met, the risk appetite of the business is medium. Depending
on the availability of funds, all risks that have a score of 10 and above will be treated. High score risks that have financial
implications on the business will be treated as priority.

35
20.1Risk Appetite/Tolerance
General Level of acceptable risk
34,5,11,12,
14,22,23,
26,20,28,2
9
2, 6, 16,
19, 20
3,4,6,15,
17,18,21,
24,25,30
1
10 31
32, 33 897
Almost Certain
Likely
Possible
Unlikely
Rare
L
I
K
E
L
I
H
O
O
D
CONSEQUENCE
Insignificant Minor Moderate Major Catastrophic
General
Level
Of
Unacceptable
Risk

36
21 Risk Treatment Plans
The following is a risk treatment schedule plan adopted from AS/NZS 4360:2004 to record the actions from strategic
decision making.
Risk no. from
Risk Register
and Risk
Possible Treatment
Options
Preferred Options Result of
Cost
Benefit
Analysis
A) Accept
B) Reject
Person
responsible for
implementation
of options
Timetable for
implementation
Risk and Monitoring
Methods
1: Poor cash flow Hiring a financial or
accounting executive.
Attend training programs
on financial forecasting
and management
planning.
Purchase of professional
financial software to
assist in bookkeeping
and costing activities.
Formulate excel sheets to
assist in financial data
entry rather than manual
bookkeeping.
Attending training
programs to
increase financial
management
knowledge.
After training, train
administration staff
of basic financial
knowledge.
Increase
supervision of
accounting entries.
Using Excel
software for data
entry and backup
of all data.
A Mandy Smith 6 months Monitoring the updating of
accounting data on a
weekly basis.
Monitoring cash inflows and
outflows bi weekly to deem
effectiveness of financial
forecasting plans. Improve;
update to ensure
continuous improvement in
financial planning and
system process.
Risk no. from
Risk Register
and Risk
Possible Treatment
Options
Cost
Benefit
Analysis
A) Accept
B) Reject
Person
responsible for
implementation
of options
Timetable for
implementation
Risk and Monitoring
Methods

37
16: Lack of
retention
strategies (Human
Resources)
Provide better benefits
and remuneration for
employees in accordance
to strategic direction
Outsourcing retention HR
activities to agency
Attending training
workshops on HR
Implement employee
working contracts
Use focus groups
and interviews to
identify motivation
incentives effective
for employees.
Alter remuneration
package to
motivate
employees
according to
strategic
objectives. Provide
incentives for risk
mgmt incentives,
corporate
responsibility
initiatives. Provide
training for
continuous
improvement.
Implement
employee working
contracts.
A Mandy Smith 1 year Use employee surveys to
gain feedback on
implementation. Make
changes for improvement.
Monitor employee staff
turnover for the year.
Conduct exit interviews to
identify reasons for leaving
and make possible
improvements.
12: Increasing
competitors
(Marketing)
Strengthen supplier chain
relationships
Strengthen customer
brand loyalty with
customer management
programs and marketing
Extend product line
Increase quality
assurance
Strengthen
supplier chain
management
relationships to
increase barrier of
entry.
Increase marketing
and reinforce end
users perceptions
of brand through a
customer
management
program and
quality assurance.
A John Smith 6 months Monitor marketing
programs or events
quarterly and customer
management databases
and follow ups.
Ensure that sales targets
are met semi annually.
Depending on marketing
budget, ensure marketing
activities are continuous to
increase market share.
Seek suppliers‟ feedback to
ensure positive relationship
management. Ensure

38
continuous improvement.
22: Absence of
protective clothing
(OHS)
Purchase of relevant
protective clothing to
prevent hazards.
Purchase gloves,
protective boots,
ear plugs and
uniforms
necessary.
A Chris Johnson Immediate Seek feedback from
employees on the job.
Conduct inspections to
ensure protective clothing
are used by staff. Monitor
accident rates continuously
through the year.
23: Absence of
emergency
procedures (OHS)
Hiring of a part time fire
and safety manager to
implement safety plans
and training for staff
Preparing emergency
procedure documentation
and inform all staff
Hiring of a part
time licensed fire
and safety
manager and
conduct training for
all staff.
A John Smith Immediate Conduct fire and
emergency drills annually
to ensure all staff are clear
on procedures.
Set OHS as a topic in the
agenda for monthly
meetings to seek areas for
continuous improvements.
Risk no. from
Risk Register
and Risk
Possible Treatment
Options
Cost
Benefit
Analysis
A) Accept
B) Reject
Person
responsible for
implementation
of options
Timetable for
implementation
Risk and Monitoring
Methods
20: Poor
maintenance of
equipment
(Technology)
Avoid Risk
Conduct ¼ maintenance
schedule of equipment
Conduct ½ year
maintenance schedule of
equipment
Conduct yearly
maintenance of
equipment.
Conduct yearly
maintenance of
equipment
A Chris Johnson 1 year Monitor frequency of
machine breakdown
throughout the year.
Consider options of
purchasing new machines
with at the end of the year.
34: Low security
levels (Security)
Avoid Risk
Set up alarm systems to
all areas including
warehouse and stores.
Setting up alarm
systems for
warehouse and
store areas.
A John Smith 1 year Quarterly update and report
on theft or break ins. Use
store checklist to check for
lost items and use

39
preventive measures
accordingly.
3: Poor records
management
(Administration)
Use computer software to
update accounting
information. E.g. Excel
Increase supervision on
administration staff to
check for errors.
Hire additional staff to
maintain records keeping.
Send admin staff record
management or software
training.
Use software for
efficient record
management.
Increase
supervision for
record
management and
checks.
A Mandy Smith 1 year Monitor to see if all records
and transactions are
properly recorded. Improve
software system
management for better
assistance in decision
making if necessary.
6: Reliance on a
single product
(Management)
Avoid Risk
Consider expanding
sprouts product line and
including e.g. Sango
Sprouts, Broccoli Sprouts
Focus on quality
assurance as a
competitive strength on
current product line
Increase marketing
activities for brand
reinforcement and
expand market share on
current product line.
Increase marketing
activities for brand
reinforcement and
expand market
share on current
product line.
Focus on quality
assurance as a
competitive
strength on current
product line.
A John Smith 1 year Quarterly feedback on
sales targets to measure
effectiveness of marketing
activities.

40
Risk Treatment Plan (AS/NZS 4360:2004)
Risk 16
Lack of Retention Strategies (Human Resources)
Summary Recommended response:
Improve employee remuneration package and provide training. Set employee
contracts in place to reduce risks.
Action plan:
Implement bonuses for employees to reward performance and initiatives
directed at continuous improvement. Provide training needs for employees.
Setting up employee contracts e.g. 6 months to 1 year with renewal after.
Refer to performance management plan in section 13.
Resource requirement :
Budget Allocation
Responsibility :
Mandy Smith, Co-owner and Assistant Manager
Timing:
1 year
Reporting and monitoring required:
Industry survey on compensation packages, increase employee feedback and
post training review including monitoring on the job performance. Conduct exit
interviews to understand reasons for leaving.
Compiled by 29/10/2006
Risk 12
Increasing Competitors (Marketing)
Increase supply chain relationship management and marketing activities.
Action plan:
Increase supplier and distributor visits to gain feedback for continuous
improvement and relationship building. Implement a customer management
plan to reinforce brand and to increase customer loyalty. Seek potential
customers to expand market share. Eg, supplying sprouts to hospitals and
hotels.
Budget for transport, entertainment and sales and marketing activities

41
Responsibility :
John Smith, Owner and Manager
Timing:
Risk should be monitored for 6 months
Fortnightly review of the sales in distribution outlets and figures of new
customers attained.
Risk 22
Absence of Protective Clothing (OHS)
Purchase of protective wear such as gloves, and boots
Action plan:
Purchase of safety clothing for employees. Ensure employees comply with
safety code by putting on safety wear when on the job.
Budget Allocation of AUS $500 for purchase of protective clothing for staff.
Responsibility :
Timing:
Monitor staff weekly to ensure protective clothing are used when on the job.
Quarterly review of the absenteeism levels, injury and accident rates.
Risk 23
Absence of Emergency Procedures
Hiring of a part time licensed fire and safety manager and conduct training for

42
all staff.
Action plan:
Ensure that there are adequate fire extinguishers, fire blankets and smoke
detectors. All employees should be trained according to health and safety
code and conduct drills to ensure knowledge in times of emergencies. Ensure
first aid kits are available at various areas and Managers and Supervisors are
trained in first aid.
Budget of AUS$800 for part time fire and safety manager to draw up
procedures and conduct training. Allow AUS$300 for additional safety items
that are currently absent on premises.
Responsibility :
Timing:
Risk should be monitored throughout the year.
Conduct drills to ensure all employees know the procedures in times of
emergencies. Ensure all health and safety items are serviced and first aid kit
is replenished. Monitor incident rate reports semi-annually and seek
continuous improvement during monthly meetings.
Risk 20
Poor Maintenance of Equipment (Technology)
Conduct yearly maintenance of equipment
Action plan:
Source for good reliable technicians to service equipment.
Allocate budget of AUS$500 for yearly servicing.
Responsibility :
Chris Johnson, Supervisor
Timing:
1 year

43
Record the number of breakdown of equipments throughout the year. If
breakdown occurs more than four times a year, consider purchase of new
machine/s.
Risk 34
Low Security Levels (Security)
Setting up alarm systems for warehouse and store areas.
Action plan:
Source alarm and security companies for quotes on alarm systems to be set
up at store and warehouse location.
Allocate budget of AUS$1000 for security alarm systems.
Responsibility :
Timing:
1 year
Quarterly update and report on theft or break ins. Use store checklist to check
for lost items and use preventive measures accordingly.
Risk 3
Poor Records Management (Administration)

44
Use software for efficient record management. Increase supervision for record
management and checks.
Action plan:
Set up Excel or Microsoft Access to assist in costing, data records and
customer management programs. Identify if training is required for staff. Key
in data entry information for all records. Enable information sharing for
Managers and Supervisors through the computer network.
Allocate budget of $300 for administrative staff who may require knowledge of
setting up software programs.
Responsibility :
Timing:
Ongoing, identify training needs or software upgrades when necessary.
Monitor efficiency of the software programs and how to enable better
assistance in decision making or filtering of relevant information. Increase
supervision to ensure all data entry is entered on a daily basis if possible.
Ensure backup of all information in network systems.
Risk 6
Reliance on a Single Product (Management)
Increase marketing activities for brand reinforcement and expand market
share on current product line. Focus on quality assurance as a competitive
strength on current product line.
Action plan:
Use advertising methods such as in store marketing to increase awareness on
the health benefits of sprouts. This aims to reinforce the product brand and to
create a unique selling position among other vegetables. Comply to a strict
quality assurance program from seed retrieval to delivery of sprouts to store
adheres and market on stringent procedures covering hygiene, temperature
control, product handling testing and storage.
Allocate budget of $10,000 for marketing activities.

45
Responsibility :
John and Mandy Smith
Timing:
Ongoing marketing and quality assurance activities should be monitored
weekly throughout the year.
Monitor progress through monthly sales reports, feedback from supplier and
distributors and feedback from end users.
Risk 1
Poor Cash Flow (Financial)
Attending training programs to increase financial management knowledge
especially cash flow forecasting. This is particularly important for financial
management and for approval of ongoing bank loans for investment. Upon
training, train administration and supervisors on basic costing functions and
goals to enable better tracking and financial management. Use Excel software
to assist in monitoring of cash inflows and outflows.
Action plan:
Source for training workshops to increase financial management knowledge.
This should direct ideas in creating software programs to assist in record
management. Identify ways to encourage early payments by debtors to
maintain cash flow.
Allocate budget of AUS$500 for training needs.
Responsibility :
Timing:
Ongoing and monitoring should be daily when first implemented and weekly
after 2 months after implementation.
Monitor monthly cash flows to see improvements in decision making with
financial forecasts. Investment budgets and bank loans for investment should
be considered due to other risk budget allocation.

46
22 Communications Plan
22.1 Objectives of the communication
 Building awareness and understanding about particular issues including risk
areas,
 Implementation process, updates, feedback, identifying bottlenecks and
problems that may affect operational issues.
 Identify training needs
 Assistance in performance management, rewarding risk management initiatives
 Checks and improvements in compliance to corporate governance issues
 Emphasis on the importance and compliance to Quality Assurance programs
 Learning from stakeholders, supplier chain management, distributors,
government bodies, end users, potential customers, target audience
 Obtaining a better understanding of the context, the risk criteria, the risk or the
effect of risk treatments
 Supporting a culture of continuous improvement and adaptation of risk
management initiatives at Juicy Sprouts.
 Demonstrate accountability and responsibility and commitment to continuous
improvement.
22.2 Participants to be included,
Internal: All Juicy Sprouts Employees
External: Suppliers, Distributors, Government Bodies, End Users, Potential Customers
22.3 Perspectives under Consideration
 Problems and improvement areas of risk treatment implementation
 Ensuring that all projects adhere to time schedules
 Improving better integration of risk management initiatives, corporate governance
and quality assurance programs into strategic and operational level
 Continuous monitoring of risks that may prevent achievement of objectives at all
risk areas

47
22.4 Communication Methods
 A monthly meeting will be held with all staff
 Previous minutes of meeting will be reviewed at the beginning of each meeting.
 Ensure that risks are continuously identified and all employees‟ views are
appropriately considered, both positive and negative suggestions.
 Encourage participation and involvement to allow ownership of risks
 A quarterly meeting will be held with the stakeholders to update them on
treatment progress in line with the changing macro environment.
 Management should play an active role rather than simply mandating production
of reports.
 Empower employees to manage risk effectively
 Acknowledge, reward and publicise good risk management initiatives
22.5 Evaluation
 Ensure that at least one employee is responsible for recording of all minutes of
meeting (MOM) and preparation of the agenda before each meeting.
 Ensure that MOM are typed and made available for staff within 2 days e.g. email
or hard copy made available
 Monitor and ensure that all tasks are followed up within timeframe allocated in
MOM
 Ensure all employees are aware of expectations before each meeting.
 Ensure follow up after quarterly meeting with all stakeholders
 Ensure all agendas and MOM are properly filed and made available for all
employees through a central filing system.
23 Monitor and Review Processes

48
Management should ensure that the risk management implementation plan aligns well
with Juicy Sprouts‟ critical performance measures and organisational objectives. This
should be closely linked with the performance management plan to ensure employees
are directed towards desired performance behaviours. The following questions should
be consistently observed,
 Are the organisational objectives valid and measurable?
 Are performance indicators measurable in line with the organisation‟s objectives?
 Is the risk management approach consistent with the organisation‟s objectives
and context?
 Are risk management reports assisting in management‟s decision making
process?
Management should also ensure that processes support risk management
implementation by and staff at all levels seek continuous improve performance.
Processes should support by,
 Providing a structured approach for reporting of risk management initiatives
 Providing a structured approach to decision making
 Encourage thinking „out of the box‟ approach for all employees
 Having processes that promote learning from error rather than punishing
 Identify ways to simplify processes and support more effective, efficient and
appropriate use of resources
 Avoid responding to problems by introducing restrictive, rigid controls.
 Ensure all improvements are measurable and can be communicated to
employees involve
 Provide education and training for continuous improvement
23.1 Annual Review and Assurance Statement
An annual review of the effectiveness of Juicy Sprouts‟ corporate governance
arrangements, including its risk management and internal control processes should be
reported to the Audit and Governance Committee. This will form the basis of an
assurance statement in accordance with best practices.
24 References
Australian /New Zealand Standard HB 436:2004, Risk Management Guidelines.
Companion to AS/NZS 4360:2004
25 Appendixes

JS Risk Management Plan, 2

Recommended

Recommended

More Related Content

What's hot

What's hot (11)

Viewers also liked

Viewers also liked (14)

Similar to JS Risk Management Plan, 2

Similar to JS Risk Management Plan, 2 (20)

JS Risk Management Plan, 2