Managing risk

Best practice principles for undertaking risk management

A business risk management plan involves identifying, assessing and developing strategies to manage risks and monitor business performance. It’s an essential part of any business plan and will help you prepare for, and deal with, risk factors that threaten your business’ future performance and viability.

These risks can be quite diverse and can be anything that interrupts time-sensitive or critical business processes and operations. Your business should have a business risk management framework in your business plan considering appropriate preventative, investigative and remedial controls to mitigate these risks.


Understand and incorporate the principles behind the Australian Standard for risk into your business or project risk management plan. The Australian Standard AS/NZS ISO 31000:2009 defines risk as “the effect of uncertainty on objectives”. According to the 11 principles of risk management related to this standard, your business risk management plan should:

1. Create and protect value: Good risk management contributes to the achievement of your objectives through continuous review of processes and systems.

2. Be an integral part of each organisational process: Risk management needs to be integrated with your governance framework and become a part of your planning processes, at both the operational and strategic level.

3. Be part of decision making: The process of risk management helps you make informed choices, identify priorities and select the most appropriate action.

4. Explicitly address uncertainty: By identifying potential problems with in-depth risk assessment, you can implement controls and treatments that maximise the chance of gain while minimising the chance of loss.

5. Be systematic, structured and timely: The process of risk management should be consistent across your business to ensure the efficiency, consistency, and reliability of results.

6. Be based on the best available information: To effectively manage risk, it's important to understand and consider all the available information relevant to activity and be aware that there may be limitations on that information. You then need to understand how all this information informs the risk management process.

7. Be tailored: Your risk management framework needs to include your risk profile, as well as take into consideration the internal and external operating environment.

8. Take into account human and cultural factors: Risk management needs to recognise the contribution people and culture have on achieving your objectives.

9. Be transparent and inclusive: Engaging stakeholders, both internal and external, throughout the risk management process recognises that communication and consultation are key to identifying, analysing and monitoring risk.

10. Be dynamic, iterative and responsive to change: The process of managing risk needs to be flexible. The challenging environment we operate in means you need to consider the context for managing risk as well as continue to identify new risks that emerge and make allowances for those risks that no longer exist.

11. Facilitate the continual improvement of organisations: Organisations with a mature risk management culture are those that invest resources over time and are able to demonstrate the continual achievement of their objectives.

How can we help?

Business Australia has a range of resources for your business. Get support managing your employees, reducing your business costs, accessing business funding, and marketing your business. 

Already a member? Get started


Found this useful?

Subscribe to our newsletter and receive the best business tips and articles straight to your inbox.

Thank you for signing up to our newsletter. You're one step closer to receiving more insightful information to help better your business.

We take your privacy seriously and by subscribing to our newsletter you agree to the terms of our Privacy Policy available below.