2. Policy rules
2.1 Risk Management
All employees will:- review activities and key objectives to identify and assess risks;
- develop treatment plans to manage the impact of risks (where necessary);
- record and monitor risks; and
- inform line managers of significant risks.
Guidance
Please refer to the Risk Management Guidelines for school and non-school site processes (staff only).Further information on risk management is available on Ikon.
2.2 Business Continuity Management
Where the continuity of operations is not covered by other Department plans such as the incident management plan for schools, line managers and principals will, as appropriate:- conduct and document a business impact analysis;
- review the business impact analysis at least every 12 months;
- for any critical business activities, document business continuity plans that include:
- strategies, requirements and procedures for continuity of the critical activities; and
- business resource requirements to support the continuity of the critical activities;
- review and update any business continuity plans at least every 12 months; and
- conduct exercises on a regular basis to test or validate any business continuity plans.
Guidance
Please refer to the Business Continuity Management Guidelines for school and non-school site processes (staff only).Further information on business continuity management is available on Ikon.
3. Responsibility for Implementation and Compliance
Principals and line managers are responsible for implementing this policy.Executive Directors and Directors are responsible for compliance monitoring.
4. Scope
This policy applies to all employees.5. Definitions
A process to ensure the timely resumption and delivery of critical business activities, in the event of a major disruption, by maintaining the business resources required to support delivery of those services.
Documented processes that guide the Department to respond, recover, resume and restore to a pre-defined level of operation following a major disruption.
The process of assessing the potential consequences of an outage to the Department’s business activities over varying periods of time, and establishing the maximum acceptable outage time, in which any critical activities must be resumed following a major disruption.
An employee responsible for a discrete area.
The chance of something happening that will have an impact on objectives. The impact may be positive or negative.
The process used to understand the impact of risks and estimate the level of risk.
The measures currently in place that reduce the impact of risks. A risk may have more than one control.
The process of finding and describing the nature, sources and causes of risks.
Risk management encompasses the culture, processes and structures that are used to effectively manage risks.
A periodic assessment of risks to determine the continuing effectiveness of risk controls and treatments.
A process to select one or more treatments to avoid, reduce, transfer or share a risk.
6. Related documents
Public Sector Management Act 1994 (WA)
School Education Act 1999 (WA)
School Education Regulations 2000 (WA)
State Records Act 2000 (WA)
Financial Management Act 2006 (WA)
Treasurer’s Instruction 825: Risk Management
Australian Standard ISO 31000:2018, Risk Management - Guidelines
Australian Standard 22301:2020, Security and Resilience – Business Continuity Management Systems – Requirements
School Education Act 1999 (WA)
School Education Regulations 2000 (WA)
State Records Act 2000 (WA)
Financial Management Act 2006 (WA)
Treasurer’s Instruction 825: Risk Management
Australian Standard ISO 31000:2018, Risk Management - Guidelines
Australian Standard 22301:2020, Security and Resilience – Business Continuity Management Systems – Requirements
Incident Management Manual (staff only)
7. Contact information
Policy manager:Director Risk and Assurance
Policy contact officer:
Program Manager, Risk
T: (08) 9264 0094
8. History of changes
| Effective date | Last update date | Policy version no. | |
|---|---|---|---|
| 18 May 2010 | 1 August 2012 | 1.2 | |
| Amended an erroneous numeral 4 that appeared at the head of the third column of the Risk Rating table at Appendix C.4 as per D12/0470346. | |||
| 18 May 2010 | 25 June 2015 | 1.3 | |
| Updated contact details D15/0198137 | |||
| 18 May 2010 | 29 September 2015 | 1.4 | |
| Updated references to Public Sector Commissioner’s Circular and Treasurer’s Instruction TI 825. D15/0394179 | |||
| 18 May 2010 | 31 August 2018 | 1.5 | |
| Minor updates to contact information to reflect organisational changes D18/0388673. | |||
| 18 May 2010 | 18 March 2021 | 1.6 | |
| Minor changes to update content D21/0145764 | |||
| 21 February 2023 | 2.0 | ||
| Major review. D22/0621687 Approved and signed by the DG on 21 November 2022 | |||
9. More information
Supporting content
No supporting content found.
This policy:
Risk and Business Continuity Management Policy v2.0
Policy and all supporting documents:
Risk and Business Continuity Management Policy Bundle
Policy review date
21 February 2023