C7; Risk Management

1. Purpose

This policy provides practical direction to the VFF in the application and implementation of effective risk management. It provides the foundations and organisational arrangements for designing, implementing, monitoring, reviewing and continually improving risk management.

2. Background

This risk management policy is a strategic framework designed to identify, assess, and mitigate potential risks that could adversely affect the VFF operations, reputation, and financial stability. This policy aims to establish a systematic approach for managing risks, ensuring the organisation’s resilience and capacity to achieve its objectives. It outlines the roles and responsibilities fostering a risk-aware culture where proactive risk identification and mitigation are integral. By setting clear guidelines for risk assessment, reporting, and monitoring, the policy helps to anticipate and address potential threats before they materialise. It considered both internal and external consequences with mitigation typically aimed and managing consequences and addressing hazards where possible, especially for strategic risks. Ultimately, this policy supports informed decision-making, enhances organisational performance, and safeguards stakeholder interests.

3. Policy

3.1 Principles

The VFF’s approach to risk management is consistent with the principles defined in the Australian/New Zealand Risk Management Standard (ISO 31000), the requirements of the Corporations Act, 2018 and the requirements of ASIC.

The following principles that guide the VFF’s risk management activities have been adopted from the ISO 31000. They describe the VFF’s key principles for risk management:

  • Risk management creates value by contributing to the achievement of the VFF’s objectives and improvement of performance.
  • Risk management is an integral part of the VFF’s organisational processes, including strategic and business planning and project processes.
  • Risk management is part of decision making by supporting decision makers make informed choices, prioritise actions and distinguish among alternate courses of action.
  • Risk management explicitly addresses uncertainty by taking into account the nature of that uncertainty and how it can be addressed.
  • Risk management is systematic, structured, and timely through processes which are planned and an integral part of business planning activity.
  • Risk management is based on the best available information by relying heavily on the use of information from multiple sources, including historical data, experience, feedback, observation, forecasts, and expert judgement.
  • Risk management is tailored to the VFF’s risk management framework and aligned to the VFF’s external and internal context and risk profile.
  • Risk management takes human and cultural factors into account by recognising the capabilities, perceptions and intentions of external and internal people that can facilitate or hinder achievement of the VFF’s objectives.
  • Risk management is transparent and inclusive through the appropriate and timely involvement of stakeholders and decision makers at all levels. Their involvement ensures that risk management remains relevant and up-to-date and allows stakeholders to be properly represented and to have their views taken into account in determining risk criteria.
  • Risk management is dynamic, iterative, and responsive to change. As internal and external events occur, context and knowledge change, monitoring and review of risks take place, new risks emerge, some change and others disappear.
  • Risk management facilitates continual improvement for the VFF and provides an important contribution to the identification and enhancements to operational and strategic performance.

3.2 Risk management structure

Figure 1 is a pictorial representation of the relationship between the principles for managing risk, the framework and the risk management process as defined by the Standard.

Figure 1: Risk management structure

3.3 Scope

This guidance document provides details on the risk management framework and how to perform risk management throughout the VFF.

It provides guidance on:

  • the VFF’s risk appetite the is set by the Board in Policy C2; Risk Management.
  • embedding risk management into corporate, business and project planning activities.
  • capturing and describing risk information.
  • analysing and evaluating risks.
  • developing, evaluating, and implementing risk treatment plans.
  • monitoring, reviewing, and reporting on risks and risk treatment plans.
  • finding the necessary tools and resources for support with the VFF’s risk management processes; and
  • compliance with the ISO 31000 principles.

3.4 Objectives

The VFF’s key risk management objectives are to:

  • Develop and embed a culture of effective risk management.
  • Identify, assess, prioritise, manage, and monitor all material risks in a consistent and effective manner.
  • Provide members with appropriate tools to support risk management, decision making and management reporting.
  • Ensure all staff understand their responsibilities for managing risk and are held accountable in line with their roles and responsibilities; and
  • Ensure risk management compliance with relevant regulatory requirements and industry codes of conduct.

3.5 Risk management roles and responsibilities

The VFF’s Risk Management Framework is owned by the VFF Board and administered by the Chief Executive Officer.

To administer risk management effectively, the VFF Board must:

  • Ensure the Board collectively has an agreed risk appetite.
  • Ensure the Board collectively understands organisational risks.
  • Ensure the Board monitors external and internal risks to ensure continuous improvement.

Figure 2 below lists the key responsibilities for implementing and maintaining the VFF’s risk management framework.

Figure 2: Role and responsibilities: 

ROLE: RESPONSIBILITIES:
All VFF Staff
  • Ensure that risks are considered in all decision making and planning.
  • Communicate in an open, honest, and timely way on risks facing the VFF, including incidents or control breakdowns.
  • Monitor risks within their sphere of influence and actively participate in risk management activities.
  • Report any significant risks through appropriate management channels when identified.
  • Comply with the VFF Risk Management Policy and this guideline. 
Chief Executive Officer
  •  Support and promote a strong risk management culture throughout the company.
  • Attest in the annual report to the VFF’s risk management processes.
  • Ensure that the overarching governance arrangements (Risk, Audit and Finance Committee) are in place and operating effectively.
  • Communicate and engage with stakeholders about risk management, as appropriate. 
VFF Management Team
  • Understand the VFF’s significant risks and promote a strong risk management culture.
  • Maintain an organisational risk focus within the VFF.
  • Lead the implementation and integration of the VFF’s risk management policy, processes, and systems.·       Ensure that an effective risk control environment is implemented and maintained.
  • Ensure that accountabilities for managing risks are clearly defined.
  • Ensure effective identification and assessment of risks in accordance with the risk management policy and framework.
  • Ensure that controls for identified risks are in place and operating effectively.
  • Advise the CEO and Management of all control self-assessments and other assurance activities undertaken.
  • Oversee the development, implementation, and management of treatment strategies for risks.
  • Delegate accountability for the management of risks to appropriate risk owners within the company.
  • Monitor and review risk profiles and treatment plans annually. 
VFF Board
  • Ensure risks are considered and integrated into corporate and business planning processes.
  • Define the risk appetite for the VFF.
  • Participate in the review and update of the VFF’s strategic and high-risk profiles.
  • Ensure a holistic approach to the treatment of strategic risks.
  • Identify and communicate VFF risks.
  • Actively monitor extreme and high-level risks. 
VFF Members
  • Understand the VFF risk appetite.

 

ROLE: RESPONSIBILITIES:
The VFF Risk, Audit & Finance Committee
  • Provide independent oversight and assurance that the VFF’s risk and control environment is operating effectively.
  • Review the effectiveness and outcomes of the risk management process.
  • Review the adequacy and focus of the internal audit plan, including considering whether there is appropriate coverage to address and mitigate high risk areas and activities.
  • Provide assurance over strategic and high risks and the effectiveness of associated controls and mitigation strategies. 
  • Provide assurance to the VFF Board by verifying the required ASIC attestations.  
Managers and Risk Owners
  • Manage and monitor risks for which they are accountable
  • Review risk on a regular basis to identify where current control deficiencies may exist.
  • Develop and implement treatment strategies against assigned risks and take corrective action.
  • Monitor and report, in line with the risk escalation criteria, the effectiveness of treatment strategies.

3.6 Risk Consequence

Once the consequence and likelihood ratings have been determined for each risk, it can then be assessed against the VFF risk matrix to establish the overall level of risk. This matrix is applied at strategic and operational levels.

A common challenge faced when establishing the level of benefit or harm is that different scenarios for the risk event can be conceived, each of which has the potential for different levels of benefit or harm, aligned with different likelihood ratings.

In risk management, consequence is defined as the outcome of an event affecting objectives. The VFF has both internal and external risk consequence definitions that are detailed below:  

Figure 3 (below) outlines the consequence definitions for internal and external VFF risks.

Figure 3: Consequence definitions for internal VFF risks: 

 
FINANCE
HUMAN
LEGAL
REPUTATION
ENVIRONMENT 
LESS SIGNIFICANT
Loss or redirection of VFF budget of less than $50,000. No impact to planned outputs and services. 
Minor first aid. Adequate numbers of staff with skills, knowledge, and expertise needed to safely efficiently and effectively manage the incident.
Infringement notices of staff while conducting VFF business.
Resolved in day-to-day management. Very limited public and political interest. Complaint from one stakeholder.
Temporary environmental pollution.
MINOR
Loss or redirection of VFF annual budget of less 1% ($100k). Impact to planned outputs and service delivery involving delay only.
Minor medical attention required for VFF staff. Lack of staff with skills, knowledge, and expertise to undertake low risk roles but on the job, training can address short falls. 
Minor legal issues, non-compliances and breaches of legislation or constitution by the VFF.
Localised public and political interest. Negative reference in local media. Displeasure of staff (voiced internally).
Environmental recovery up to five years.
MODERATE
Loss or redirection of the VFF annual budget between one and 5% ($1m). Planned outputs and service delivery delayed with minor consequences.
Serious injury to VFF staff, with no hospitalisation required. Inadequate numbers of staff with the skills, knowledge, and expertise needed to undertake medium risk roles (but active mentoring can address short fall). 
Serious breach of regulations with investigations or report to responsible authority with prosecution powers.
Short-term public and political interest. Short-term regional media attention up to or > one week. Local community concern.
Temporary environmental (10-year recover, small scale).
MAJOR
Loss or redirection of the VFF annual budget of five to 25% ($2.25m). Planned outputs and service delivery significantly delayed with moderate consequences (can be rescheduled).
Serious injury to VFF staff, with hospitalisation required. Permanent disability to one or more staff. Inadequate numbers of staff with the skills, knowledge, and expertise needed to undertake leadership and high-risk roles results in delay in service delivery.
Major breach of statutory obligations by the VFF. An investigation into the VFF by ASIC with findings that the VFF has not acted responsibly.
Adverse State/National media coverage > 2=two weeks. Medium-term public interest (correspondence and phone calls) and political interest (in Parliament).
Temporary environmental harm (50-year recovery, large scale).
CATASTROPHIC
Loss or redirection of VFF annual budget of >25%. Planned outputs and service delivery significantly delayed with major consequence (cannot be rescheduled).
Single fatality of VFF staff. Inadequate numbers of staff with the skills, knowledge, and expertise needed results in short term cessation of service delivery
Breach of statutory obligations or misuse of power resulting in legal action with fines and prosecutions.
Parliamentary inquiry with adverse findings. Sustained Loss of reputation at international / National/ State level. Concentrated public interest (correspondence and phone calls) and political interest (in Parliament). Adverse State/National /International media coverage four weeks. Breakdown of public confidence in the VFF leading to Board resignations or alternative governance for some period.
Long term environmental harm (+50-year recovery, large scale).

 

Figure 4: Consequence definitions for external VFF risks:

 
HUMAN
PRODUCTION AND SUPPLY CHAIN
FINANCIAL
CONSUMERS AND MARKET ACCESS
ENVIRONMENT 
LESS SIGNIFICANT
Any injury or illness attributed to a farm business.
Impact on industry wide production is negligible, with operations continuing as usual and any disruptions being minimal and quickly managed (<5%/annum). Productivity remains largely unaffected, with any changes being minor and not influencing overall output. Supply chain disruptions involve only minor logistical delays that are easily managed within normal operations, ensuring no significant delays in the supply of raw materials or the delivery of finished products.
Industry economic loss of <1%. Localised impact affecting single commodities.
Adverse consumer reaction for health, political or other reasons affecting one business for a short period of time. Resolved by day-to-day management.Market access restrictions from an importing country affecting one business for a short period of time. Issue resolved at business level within a few days.
Temporary environmental contamination associated with licensee activities, with rapid recovery after abatement.
MINOR
Multiple injuries and illnesses attributed to a farm business.
Slight reduction in industry wide production capacity due to minor operational issues that are swiftly resolved (5-10% per annum). Productivity experiences a small decrease, which is manageable with existing resources and might require minor adjustments to workflows. Supply chain disruptions are isolated, causing minor delays in delivery schedules. These disruptions may affect specific components or materials but do not halt overall operations.
Economic costs and losses less than $250m to multiple farm businesses or single industry or $1 billion across multiple industries. Generally managed within standard financial provisions. Industry economic loss of <2%. Minor local economic loss. Disruptions at business level leading to isolated cases of loss of employment.
Adverse consumer reaction for health, political or other reasons with limited political and media interest resulting in decreased sales of up 5%, resolved within a month.Market access restrictions from importing countries resulting in up to a 5% reduction in export sales for a short period of time. Limited government   required to resolve.
Minor environmental impact with environmental recovery up to five years.
MODERATE
One fatality and /or permanent disability resulting from any injury or illness attributed to a farm business.
Noticeable reduction in production output, necessitating the reallocation of resources and minor changes to industry wide production schedules (10-25%/annum). Productivity sees a moderate decrease, affecting several aspects of operations and leading to a temporary decrease in efficiency. The supply chain experiences moderate disruptions, affecting multiple points and causing delays in receiving key materials or components, leading to short-term production slowdowns.
Economic costs and losses less than $1 billion to an industry or $5 billion across multiple industries. Disruption requiring adjustments to business or industry strategy or supply chain. Industry economic loss of <5%. Moderate regional economic loss. Isolated cases of business failure and some loss of employment.
Adverse consumer reaction for health, political or other reasons with political and media interest resulting in decreased sales of up 10% for up to two months.Major market access closures from importing countries resulting in up to a 10% reduction in export sales for up to two months. Some government involvement required to resolve the issue.
Small scale moderate environmental impact with full recovery over a 10-year period.
MAJOR
Multiple fatalities and / or permanent disability resulting from any injury or illness attributed to a farm business.
Significant reduction in industry wide production capacity, requiring substantial operational adjustments, including the potential shutdown of some production lines (25-50%/annum). Productivity faces a substantial decrease across multiple areas, necessitating significant reorganisation and possible retraining of staff. The supply chain undergoes severe disruptions, resulting in prolonged delays and critical shortages of essential materials or components, impacting overall production timelines and delivery commitments.
Economic costs and losses up to $10 billion to farm businesses and industries. Significant disruption requiring major changes in business strategy. Industry economic loss of <%10. Significant State or Regional Economic Loss. Multiple business failures and significant localised loss of employment.
Notable adverse consumer reaction for health, political or other reasons with major political and media interest resulting in a business closure and decreased sales of up 25% for up to six months. Major market access closures from importing countries for six months or more resulting in up to a 25% reduction in export sales for up to six months and one business closure. Substantial State and Commonwealth involvement required to resolve the issue.
Large scale major environmental impact with full recovery over a 50-year period.
CATASTROPHIC
Multiple fatalities and permanent disabilities resulting from any injury or illness attributed to multiples farm businesses.
Industry wide production is nearly or completely halted, with long-term cessation of operations in the affected areas (>50%/annum). Productivity experiences a drastic drop, affecting the entire organisation and potentially leading to extensive layoffs or reassignment of staff. The supply chain suffers widespread and prolonged disruptions, with significant portions incapacitated, leading to severe shortages and an inability to meet market demand. Recovery requires major restructuring of supply chain strategies and extensive efforts to restore normal operations.
Economic costs and losses exceed $10b to multiple farm businesses and industries. Significant disruptions requiring long term changes to multiple business strategies. Industry economic losses of >10% of value. Major industry restructuring resulting in widespread economic loss to GVP. Widespread business failures and loss of employment.
Significant adverse consumer reaction for health, political or other reasons with major political and media interest, resulting in multiple business closures and decreased sales of greater than 25% for six months or more.Major market access closures from importing countries for six months or more resulting in a greater than 25% reduction in export sales and multiple business closures. Extensive high-level State and Commonwealth government involvement required to resolve the issue.
Widespread environmental impact with recovery not possible or requiring greater than a 50-year period.

 

3.7 Risk Likelihood

Likelihood is the chance of something happening. The descriptions for the ‘Likelihood Ratings’ in Table 6 are not prescriptive but provide guidance on the factors to consider in the assessment process. The final agreed likelihood ratings are based on a qualitative judgement by the VFF Board and Chief Executive Officer and should therefore reflect an understanding of the relevant history and circumstances of the item.

Determining the likelihood of an event occurring involves consideration of a range of factors, including:

  • Timeframe: either the timeframe of the risk assessment or within the risk realisation period, i.e. the period within which the risk event may materialise.
  •  Causes: there are typically a number of causes which may lead to a risk event materialising. These may be independent of each other, such that each may have its own likelihood of occurrence. If there are a number of plausible causes, then the likelihood of the risk event occurring may be increased.
  • Controls: what controls are in place to treat and monitor the likelihood of risk events occurring? Do these controls reduce the likelihood of a risk event occurring?
  • What sequence of events, decisions or actions will influence whether the risk event materialises or not? How plausible is it that the scenario may play out?

A five (5) point likelihood scale is reflected at Figure 5.

Figure 5: Rating scale:

RATING (FIVE POINT SCALE)
DEGREE
DESCRIPTION:

1: Almost certain

(0.3 – 1) 

Once every one to three years, many recorded incidents

2: Likely

(0.1 – 0.3)

Once every three to 10 years, some recorded incidents

3: Possible

(0.3 – 0.5) 

Once every 10 to 50 years, few records, some evidence

4: Unlikely

(0.01 – 0.5) 

Once every 50 to 100 years, considered to have occurred

5: Rare

(<0.01) 

Greater than every 100 years, not in living memory


3.8 Risk appetite

Risk appetite is defined as the amount and type of risk that the VFF is willing to accept in the pursuit of its objectives. A defined risk appetite statement is a critical element of an effective risk management framework as it is central to the alignment of the corporate strategy, operational activities, and risk.

The VFF has an established risk appetite defined by the VFF Board and articulated in the VFF Risk Management Policy that aims to:  

  • Provide strong alignment of the overall the VFF corporate strategy, operational activities, and risk.
  • Optimally allocate resources to manage risk exposures through the identification of risks that are under and/or over controlled relative to the VFF risk appetite.
  • Provide guidance to employees on the acceptability of their actions and decisions with respect to risk.
  • Establish criteria for the escalation and monitoring of risks.
  • Communicate guidance by the VFF Board and CEO on the desired attitude and culture with respect to risk management.
  • The VFF Risk Appetite may be reassessed and updated as the VFF risk management culture and capability matures or as outcomes, objectives, or circumstances change.

The VFF has a medium appetite for risk that is characterised by figures 6 and 7 (below)

At the VFF, the levels of risk are extreme, high, medium, or low according to the likelihood and consequence ratings. Each level of risk is managed, treated, and reported differently.

Figure 6: VFF risk definitions:

HIGH
LIKELIHOOD

CONSEQUENCE

 

Lesssignificant

Minor

Moderate

Major

Catastrophic

Almost certain

MEDIUM

MEDIUM

MEDIUM

HIGH

EXTREME

Likely

LOW

MEDIUM

MEDIUM

HIGH

HIGH

Possible

LOW

LOW

MEDIUM

MEDIUM

MEDIUM

Unlikely

LOW

LOW

MEDIUM

MEDIUM

MEDIUM

Rare

LOW

LOW

LOW

LOW

MEDIUM

 

Figure 7: VFF risk – treatment and reporting requirements:

Level of Risk

Treatment and reporting requirements

 EXTREME 
  • Falls outside the VFF’s acceptable level of risk appetite.
  • Accountability and responsibility to be managed by the VFF Board and/or the Chief Executive Officer.
  • A risk treatment plan must be established and implemented immediately or identification and assessment of the risk.
  • To be managed to a level that is As Low As Reasonably Practicable (ALARP) based on resource, cost, and practicality.
  • Active monitoring of risk and risk treatments.
  • Risk must be integrated with corporate and/or business planning.
  • Minimum quarterly reports to the VFF Board.

 HIGH
  • Falls outside the VFFs acceptable level of risk appetite.
  • Accountability and responsibility to be managed by the Chief Executive Officer.
  • A risk treatment plan must be established and implemented as soon as practicable following identification and assessment of the risk.
  • Should be managed to a level that is As Low As Reasonably Practicable (ALARP) based on resource, cost, and practicality.
  • Risk must be integrated with corporate and/or business planning.
  • Risk owner to monitor the risk and report quarterly to the VFF Risk, Audit and Finance Committee.

 MEDIUM
  • Falls within the VFF’s acceptable level of risk appetite.
  • Accountability and responsibility to be managed at the VFF Management level.
  • May be managed or accepted without further treatment, provided that quarterly the risk is appropriately monitored, with re-evaluation undertaken based on factors that may increase consequence or likelihood.
  • Risk should be integrated with corporate and/or business planning.
  • Risk owner to monitor the risk at least quarterly and report to the VFF CEO.

 LOW
  • Falls within the VFF’s acceptable risk appetite.
  • Accountability to be managed by the appropriate risk owner.
  • May be reviewed to assess whether the risk is being over controlled, and whether some reduction in active controls may be considered.
  • Risk owner to monitor the risk at an appropriate frequency.

3.9 Risk register

The VFF maintains a risk register. Within the register, risks are allocated to the category of the potential consequence. These categories help to identify, understand, profile and monitor risks. Actions from within the risk register and any treatment plans are reflected in the VFF policies and procedures, the five-year strategy plan and annual business plan.

3.10 Risk attestation

The Chief Executive Officer is required to attest in the VFF Annual Report to risk management practices in accordance with the Corporations Act.

The Chairperson and Chief Executive Officer are required to attest that:

  • The VFF has risk management processes in place consistent with the ISO 31000 principles.
  • These processes are effective in controlling risk to a satisfactory level.
  • A responsible Risk, Audit and Finance Committee verifies that view.
  • Risk management practices that support the Chief Executive Officer’s attestation are outlined in this Guideline, undertaken at the strategic and operational levels and through the implementation of an organisation-wide business continuity management program.
  • The VFF Risk, Audit and Finance Committee provides assurance to the VFF Board by verifying that risk management requirements are being met and that the risk profile has been critically reviewed within the last 12 months.

3.11 Business continuity management

The VFF is required to have a Business Continuity Management (BCM) capability to ensure that critical services can continue to be delivered to the community regardless of the circumstances, and to meet annual risk attestation requirements.

The VFF is developing a Business Continuity Plan (BCP), which is premised on ISO 22301: 2012 and implemented by the Chief Executive Officer. BCP is an element of operational and strategic risk management. It relates to managing the risk of the VFF’s day to day operations being disrupted. The BCP strengthens the risk controls and strategies in place that minimise the adverse consequences of disruptive events. The BCP further contributes to good management practice.

The following diagram at Figure 8 depicts the elements of BCP.

Figure 8: Business continuity plan:


Please refer to the business continuity plan for further information.

3.12 Fraud and corruption risk management

The VFF views fraud and corruption seriously and will take all reasonable steps to ensure that fraud and corruption is prevented, detected, and managed. Commitment is made to ensuring that areas of high exposure to fraud and corruption related risks undertake random audits in accordance with the VFF Fraud policy.

The VFF will annually review high risk areas of the business, conduct a sampling of random risk audits, develop, and implement fraud control strategies and review the effectiveness of those strategies.

Where there is substantial change in structure, function or significant transfer in function or an event of significant control weakness is identified, a further fraud and corruption risk assessment shall be undertaken to evaluate the implications of the changed function or event.

3.13 Risk culture

The definition of ‘culture’ commonly means “how things get done around here” or “the way a group of people prefer to behave”. Culture is driven by the values that are set and demonstrated in action by the VFF Board and Chief Executive Officer, by the practices that flow through the company as a result, and finally by the behaviours of individuals.

The VFF aims to be an organisation that has a culture in which employees at all levels think about managing risks as part of “how things get done around here” in their day-to-day business. A strong risk culture leads to successful risk management where risk is more than a compliance requirement to meet obligations. As such, all staff are responsible for managing risk in their areas of responsibility in their day-to-day business, with the Chief Executive Officer and VFF Senior Management Team leading as the risk champions.

3.14 Aligning risk with the VFF planning cycle

The definition of ‘culture’ commonly means “how things get done around here” or “the way a group of people prefer to behave”. Culture is driven by the values that are set and demonstrated in action by the VFF Board and Chief Executive Officer, by the practices that flow through the company as a result, and finally by the behaviours of individuals.

The VFF aims to be an organisation that has a culture in which employees at all levels think about managing risks as part of “how things get done around here” in their day-to-day business. A strong risk culture leads to successful risk management where risk is more than a compliance requirement to meet obligations. As such, all staff are responsible for managing risk in their areas of responsibility in their day-to-day business, with the Chief Executive Officer and VFF Senior Management Team leading as the risk champions.

3.15 Risk monitoring

Risk management at the strategic and operational level is an ongoing process throughout the year. Key features of the annual planning process are described at Figure 9 below:

Figure 9: Risk management alignment with the VFF planning cycle:

 

3.16 Risk monitoring

Key risk measures are used to monitor potential shifts in risk conditions or new emerging risk/s that may impact upon the VFF’s outcomes, objectives, and strategies.

These risk measures provide early warnings to proactively identify the possibility of a future adverse impact. Early warning allows the VFF Board and Chief Executive Officer to be in a better position to manage events that may arise in the future, on a timely and strategic basis.

As risk measures are specific to individual businesses or processes, the challenge is to implement key risk measures in such a way to ensure consistency, relevance, transparency, and completeness.

The following tables at Figure 10 and 11, provides some guidance on establishing effective key risk measures and the benefits of doing so.

Figure 10: Key risk measures:

Effective
  • Measurable and reliably available at specific points in time.
  • Track at least one aspect of the loss profile or event history, such as frequency, average severity, cumulative loss, or near miss rates.
  • Provide useful management information.
  • Cost effective to collect.

Comparable
  • Quantified as an amount or percentage.
  • Have values that are comparable over time.
  • Comparable internally across the business.
  • Reported meaningfully, without subjectivity.
  • Be auditable.
  • Readily understood and communicated.

 

Figure 11: Criteria for key risk measures:

The benefits of effectively establishing key risk measures include:

  • Early warning so proactive action can take place.
  • An indication that the risk appetite and tolerance has been reached.
  • A backward-looking view on risk events, so lessons can be learned.

Within the VFF there is an increased focus on identifying and establishing key risk indicators at strategic level. As the VFF’s risk maturity improves, it is anticipated that the identification and use of key risk measures will become further embedded into the VFF’s risk management process.

3.17 Reporting

To progressively define the Board’s risk appetite, the VFF Board will annually review and endorse the VFF risk statement, risk likelihood, consequence and treatment and reporting requirements for all risks.

All risks are to be maintained in the VFF risk register and regularly reviewed in the Risk monitoring report. Aside from the provision of general risk functions, the VFF Board will refer to the Risk, Audit and Finance Committee those risks that fall within the high or extreme categories. The Risk, Audit and Finance Committee will oversee a secondary analysis of high and extreme risks using individual residual risk treatment plans. Results of the secondary analysis are to be reported back to the VFF Board before the Board’s final approval of risk treatment plans.

For information and instructions pertaining to the ‘Individual Residual Risk Treatment Plan’ process and completion, please refer to the Risk, Audit and Finance Procedures.

The risk reporting cycle is highlighted at Figure 12 below.

Figure 12: Risk reporting cycle

 3.18 Risk communication

Communicating risk consequences, assessment of likelihood, and the Board’s risk appetite is included in the VFF’s risk management plan and drives the management of internal and external risks and subsequent communication with members and stakeholders.

4. Accountability

VFF Chair

VFF CEO

5. Related policies / procedures

Policy G1: Strategy and policy framework

Policy G2: Board Charter

Policy G4: Risk Audit and Finance Committee Terms of Reference