Informed and astute risk management is fundamental to the commercially prudent conduct of our business. John Holland’s risk management framework ensures that we have the skills, systems, controls and processes in both operational area and support functions to clearly identify and manage the risks to which the business is exposed through its activities.
The framework is comprised of four key stages in the risk management process – from identification to mitigation and control.
- Identifying Risks
We identify risks to corporate and project objectives and assess these on a regular basis. These types of risks include financial, operational delivery, contractual, health & safety, environment, human resources, legislative, stakeholder and systems.
- Analysis of Risks and Management Strategies
Once a risk is identified, it is analysed in order to gain a clear understanding of the type of management strategy will be required to mitigate it. Decisions about using the right resources and controls to best manage the risk are also based on this analysis.
- Control and Assurance
The selected controls and management strategies aim to achieve an acceptable residual risk level. Controls are monitored to assess their effectiveness and to ensure they achieve the desired outcomes. Assurance processes such as audits and reviews are critical to confirm the controls have been successfully implemented.
- Monitoring and Reporting
An integral step in the risk management process is that of monitoring and reporting. This is subject to rigorous review at both corporate and project levels. It enables us to proactively identify changes in the risk profile and adjust the organisational response as required. It also enables us to understand the effectiveness (impacts, benefits and costs) of implementing risk management strategies. Risk monitoring and review is a continuous process and we ensure that our risk priorities and risk management plans are responsive to the changing environment in which we operate.