Pile of screws at business following the 11 principles of risk management
Managing risk

Best practice principles for undertaking risk management

A business risk management plan involves identifying, assessing and developing strategies to manage risks and monitor business performance. It’s an essential part of any business plan and will help you prepare for, and deal with, risk factors that threaten your business’ future performance and viability.

These risks can be quite diverse and can be anything that interrupts time-sensitive or critical business processes and operations. Your business should have a risk management framework in your business plan with preventative, investigative and remedial controls to mitigate these risks.


Understand and incorporate the principles behind the Australian Standard for risk into your business or project risk management plan. The Australian Standard ISO 31000:2018 defines risk as “the effect of uncertainty on objectives”.

Here are 11 principles to consider for your business risk management plan: 

1. Create and protect value 

Good risk management contributes to the achievement of your business objectives through continuous review of processes and systems.

2. Be integral to your process 

Risk management needs to be integrated with your governance framework and become a part of your planning processes, at both the operational and strategic level.

3. Be part of decision making 

The process of risk management helps you make informed choices, identify priorities and select the most appropriate action.

4. Explicitly address uncertainty 

By identifying potential problems with in-depth risk assessment, you can implement measures to maximise your ability to gain while minimising chances of loss.

5. Be systematic, structured and timely 

The process of risk management should be consistent across your business to ensure the efficiency and reliability of results.

6. Be based on the best available information 

To effectively manage risk, consider all the available and relevant information and be aware that there may be some limitations. You then need to determine how all this information informs the risk management process.

7. Be tailored 

Your risk management framework needs to include your risk profile, as well as take into consideration the internal and external operating environment.

8. Take into account human and cultural factors 

Risk management needs to recognise the combined contribution that people and culture have on achieving your objectives.

9. Be transparent and inclusive 

Engaging stakeholders, both internal and external, throughout the risk management process recognises that communication and consultation are key to identifying, analysing and monitoring risk. This form of collaboration also promotes inclusivity. 

10. Be dynamic, iterative and responsive to change 

The process of managing risk needs to be flexible. The challenging environment we operate in means you need to consider the context for managing risk as well as continue to identify new risks that emerge and make allowances for those risks that no longer exist.

11. Facilitate the continual improvement of organisations

Organisations with a mature risk management culture are those that invest resources over time and are able to demonstrate the continual achievement of their objectives.

Your HR sidekick

From contracts of employment to letters of termination and everything in between, My Business Workplace has got you covered.


Free Business Grant Finder

To start browsing over 1500 government grants worth almost $40 billion, join My Business as a free member.