Risk Standard AS/NZS 4360-2004
The Risk Standard is a generic guide for managing risk. It caters for a wide range of needs and, therefore, assesses risks up to the point of organizational catastrophe.
TOP's approach to risk management simplifies the standard’s approach so that it is more relevant to projects. Our approach is designed to highlight high-risks to the project that may not rate as 'high-risk' on the standard’s organizational level-oriented scale.
Alignment and Adaptations
The standard’s concept of ‘Context’ we have incorporated as project-specific, measurable “Environment” risks.
With the Likelihood ratings, in the standard there are up to seven levels (A->G; From: Almost certain to Barely conceivable). We have simplified these ratings as follows
| Standard | TOP rating | |
| A-B | High | Likely |
| C-D | Medium | Possible |
| E-F-G | Low | Unlikely |
Similarly, with the Consequences ratings, in the standard there are 5 levels up to catastrophe (V). We have simplified this rating system as follows
| Standard | TOP rating | |
| I-II | 1 | Low to insignificant consequences |
| III | 2 | Manageable consequences |
| IV | 3 | Severe consequences |
| V | - | Catastrophic consequences (not seen as relevant to projects). |
Otherwise, the same principles apply — selecting and prioritizing those risks that need addressing (the standard calls this 'treatment'), management of the risks and ongoing review.
We have extended the ‘management’ of risks to incorporate risk management as part of the project’s standard outcomes/activity/change planning process, so that risks are not managed, monitored or reported differently to other project activities. This simplifies the overall project management process.
Additions
We have added to the overall risk approach for projects the concept of “Leading indicators of failure” — areas where progressive or cumulative events can, over time, lead to (potential) disaster on one scale or another.
We have also identified separately “Critical Success Factors” which we have defined as “things that need to exist or go right that are beyond the management of the project team”. These CSFs are identified for the project governance team to manage.
Practitioners
Practitioners conversant with the Risk Standard will find our Project Risk Management approach very similar and complementary but much simpler and more project targeted in its assessment ratings.
