Risk in Education and Training – A Starting Point
Why Is It Important to Know About Risk?
The business student asks the professor “Why is it important to know about risk?” The response is, “The ability to understand risks enables the organisation to make confident business decisions. It protects the organisation from the risk of unexpected events that can cause it a financial and reputational loss.”
How Do We Define Risk?
The student then asks, “How can we define risk”. The response is that according to the latest international Risk Management Standard ISO 31000:2018 risk is defined as the “effect of uncertainty on objectives”. Dr David Hillson’s version is that it is “uncertainty that matters”. His definition is easy to remember and use. For example, while rain is uncertain - it does not matter if we run classes inside.
Positive and Negative Risks
The Project Management Institute’s definition is “an uncertain event or condition that, if it occurs, has a positive or negative effect on a project’s objectives”. This definition mentions positive or negative effects. An example is where a change in government regulations make it easier for new students to come to Australia, and instead of 500 students this year we get 1000 – a positive risk. A negative risk would be these regulations result in only 250 new students. If possible, we need to be ready for positive as well as negative risk.
The student thanks the professor and continues, “How do we manage risk?” The professor is pleased to have such an enthusiastic student and responds with the definition stating it is the “coordinated activities to direct and control an organisation with regard to risk”, and then speaks about the risk management steps.
The Seven Generic Risk Management Steps
According to ISO 31000, there are seven steps: (1) communicate and consult; (2) establish the context; (3) risk identification; (4) risk analysis; (5) risk evaluation; (6) risk treatment; and (7) monitoring and review.
I have summarised them into four steps: (1) identify the risk; (2) assess it; (3) treat it; and (4) monitor and review it. A medical analogy is that you are ill and consult a doctor. The doctor seeks to identify the issue, assess it, treat it and asks you to return later to check for improvement.
You cannot do anything about risk unless you first identify it. If you are signing a contract, then identify and eliminate as much risk as possible before signature, because it is very hard to do so later.
List and review your risks and ensure they are entered in your written Risk Register, and not remain in a manager’s head. Also, ensure that the risks in the register are reviewed periodically - say monthly.
What We Will Look at in Future Weeks
Group Colleges Australia has a robust risk management system, with seven sections each overseen by a senior person. In future blogs, I will write on each of the following seven sections:
- Regulatory Compliance;
- External Market;
- Academic and Student Matters;
- Human Resources;
- Finance and Sustainability;
- Physical Resources.
To make confident business decisions we need to be aware of risk. Risk can be defined as “uncertainty that matters”. A helpful process is to first identify the risk (as you cannot do anything about it unless you first identify it), then assess it, then treat it and then come back to see how effective treatment was. Furthermore, it is important to have all this in writing and be reviewed regularly.
Associate Professor Cyril Jankoff is the Associate Dean of scholarship at UBSS and a Member of the GCA Compliance Directorate.