In 2004, CHI/CPVDC developed a Risk Management System to identify, measure and manage its risks. A Risk Assessment exercise was conducted for each of the business groups in the organization – the Real Estate Development Group (REDG) & the Commercial Center Business Group (CCBG).
In 2006, upon CHI’s certification to the ISO standards on Quality (9001:2000), Environment (14001:2004) and Health & Safety (18001:1999), the organization adopted the Risk Management system to the functional level. Guided by the Preventive Action Procedure (see attached) in the QEHS Manual and the Risk Management process originally adopted, the different units conducted a departmental risk assessment.
With the QEHS Management System, the organization now has two types of risk assessments – 1) risk assessment for operational & business risks and 2) risk assessment for the risks related to Environment, Health & Safety (EHS).
- Internal Audit Department facilitates the risk assessment sessions for the business groups & the functional groups. The Pollution Control Officer (PCO) Team and the Health & Safety Committee conducts the EHS risk assessment sessions.
The following is a summary of the risk management system for the operational & business risks. (A different system is being followed for the EHS risk assessment, records of which are being maintained by the process owners, the PCO Team & the Health & Safety Committee).
Risk Management Process
The Risk Management System is broken into the following processes:
- identification and prioritization of risks
- identification of existing controls and evaluation as to their effectiveness & efficiency
- development of control improvements and risk management strategies, with persons responsible and corresponding timetable
Records and Reports
As a product of the risk assessment sessions, the different units have the following records:
- Control & Risk Assessment Report (CRAR) showing the identification & prioritization of risks, the identification of existing controls & the evaluation as to their effectiveness & efficiency, and the committed control improvements and risk management strategies. (see attached template)
- Risk Map showing the ranking of the risks according to their significance & likelihood. The risk map plots & classifies the risks as primary, secondary or less significant risk. (see attached template)
Review, Monitoring and Responsibility for Risk Management
Process owners and Department/Division Heads are the risk owners, and therefore, are responsible for managing their unit’s risks. The committed control improvements and risk management strategies (with the persons responsible & the timetable) are to be reviewed by the departments on a regular basis. Department/Division Heads are to ensure that the risks are being addressed/managed. Status of committed control improvements and action items are to be made part of the Monthly Performance Review (MPR) to be submitted to the QEHS MS Management Representative (MR). A review & update of the risk assessment is also to be conducted periodically by the unit.
As needed, the Department/Division Head and/or the MR update the Management Committee (ManCom) of significant issues and the resolution of these issues during the regular ManCom meetings or Management Reviews. |
