PAL ADIN RI

SK
MANAGEME
NT
Creating Risk
Gladiators

DEMYSTIFY
ING
RISK
MANAGEM
ENT
BY ROD FA
R RAR
PREFACE
Welcome to Paladin Risk Management
Service’s Demystifying Risk Management.

Every business, organisation, team or individual is subject

to risks and to reach your full potential you must have an
effective risk management strategy in place to identify and
remove the risks in your environment.

This e-book provides an introduction to risk management,

exploring the basic issues and concepts involved
in effectively managing risks in an accessible and
comprehensive manner applicable to organisations of all
shapes and sizes.

In this e-book you will learn:

• What risk is and why it requires successful management
• How to develop your organisation’s risk parameters
• The elements of an effective risk management
framework
• Steps to successfully implement risk management
framework
• How to build a risk management culture within your
organisation
• Tips on reaching and measuring risk management
outcomes

This free e-book is just one way in which Paladin Risk

Management Services aim to help organisations to identify
risks to your operations and devise strategies to combat
them.

Paladin Risk Management Services offers a variety of

options to help you on your risk management journey.
The suite of risk management services includes training
workshops, accredited courses, consultancy, organisation
risk assessment and development of risk management
frameworks.

Paladin Risk Management Services is dedicated to ensuring

that all organisations have the appropriate tools and
knowledge at their disposal to effectively manage risks.

Let Paladin fight the battles of tomorrow to help you achieve

the victories of today.

Become a Risk Gladiator

DESCRIBING
YOUR RISKS
DESCRIBING YOUR RISKS
Often when identifying a risk there is confusion about what
should be captured in a risk register. The information actually
captured in many organisations’ risk registers makes it very
difficult to manage the risks.

There are a number of traps that organisations fall into:

#1 Trap for Players – the Broad Statement Risk Trap

Some organisations fall into the trap of capturing “risks” that

are broad statements.

Examples include:
• Reputation damage;
• Compliance failure;
• Fraud; and
• Environment damage

These tell you nothing and cannot be managed – even at a

strategic level.

#2 Trap for Players – the Causes as Risk Trap

The most common issue with risk registers is that many

organisations fall into the trap of capturing “risks” that are
actually causes.

The wording that indicates a cause as opposed to a risk

include:

• Lack of …. (trained staff; funding; policy direction;

maintenance; planning; communication).
• Ineffective …. (staff training; internal audit;
policy implementation; contract management;
communication).

4
 • Insufficient …. (time allocated for planning; resources
applied).
• Inefficient …. (use of resources; procedures).
• Inadequate …. (training; procedures).
• Failure to…. (disclose conflicts; follow procedures;
understand requirements).
• Poor….. (project management; inventory management;
procurement practices).
• Excessive …. (reporting requirements; administration;
oversight).
• Inaccurate…. (records; recording of outcomes).

These also tell you little and, once again, cannot be

managed.

#3 Trap for Players – Consequences as Risk Trap

Another trap that organisations fall into when identifying risk

is the trap of capturing “risks” that are actually consequences.
Examples include:
• Project does not meet schedule;
• Department does not meet its stated objectives; and
• Budget overspend

Once again – these are not able to be managed.

If these are the traps that organisations fall into,

then what should our risks look like? The answer
is simple – they need to be events/incidents.
RISK BIT #1
“It takes 20 years to
When something goes wrong like a plane crash,
build a reputation and 5 a train derailment, a food poisoning outbreak,
minutes to ruin it, and
if you understand this major fraud etc. it is always an event. After the
you will do things event there is a post event analysis to determine
differently”
– Warren Buffett what happened, why it happened, what could
have stopped it happening and what can be
done to try and stop it happening in the future.
Risk management is no different – you are trying
to anticipate and stop the incident before it
happens.

5
The table below shows the similarities between risk
management and post event analysis:

POST EVENT ANALYSIS RISK ANALYSIS

What happened? What could happen?

What caused it to What would cause it to happen?

happen?

What were the What would the consequences be?

consequences?

What could we What can we do to try and stop it

have done to stop it happening?
happening?

What could we have What can we do to minimise the

done to reduce the consequences if it does happen?
consequences?

To that end, Risk Analysis can be viewed as Post Event

Analysis prior to the event occurring.

A good rule of thumb to use is that if the risk in your risk

register could not have a post event analysis conducted
should it occur– then it is not a risk!!!

If you are able to make all of your risks events you will:
• Reduce the number of risks in your risk register
considerably; and (more importantly)
• Make it a lot easier to manage those risks.

Try it with your risk register and see what results you get.

6
A RISK
IS
A RISK
 A RISK IS A RISK
Commonly people talk of different types of risk; strategic
risk, operational risk, security risk, safety risk, project risk, etc.
Segregating these risks and managing them separately can
actually diminish your risk management efforts.

What you need to understand about risk and risk

management is that a risk is a risk, is a risk - the only thing
that differs is the context within which you manage that risk.

All risks are events as described in the previous section and

each of these events have a range of consequences that
need to be identified and analysed in order to gain a full
understanding of the risk.

For example;

RISK BIT #2 You have your WHS section off identifying hazard
risks in isolation of the risk management team (a
In about 80% of cases you common occurrence). When identifying these
can’t do anything about
the consequences of safety risks, they tend to look at the consequence
the event, what you are in one dimension only – the harm that will be
trying to do is stop the
event happening in caused.
the first place.

The risk will be rated taking into account the

level of harm. Decisions relating to whether or
not to treat the risk will be made based on this
assessment.

What hasn’t been done, however, is to assess the

consequence against all of the organisational impact areas
that you find in your Consequence Matrix. As a result,
the assessment of that risk may not be ‘correct’ i.e. the
consequence against compliance may be higher than that
for safety and would mean that the risk is one that should be
treated.

8
 But wait there’s more…

If you only look at risk in one dimension, you may make a

decision in relation to risk treatment creating a downstream
risk that is worse than the original event. As an illustration,
in mitigating a safety related risk, the WHS team may
implement a treatment strategy that creates an even greater
security risk.

The moral of the story: managing risk in silos

will diminish risk management within your
RISK BIT #3
organisation.
Implementing a risk
management framework
is exactly the same as
implementing any other
type of change.

9
 SETTING THE
ORGANISATION’S
RISK MANAGEMENT
CONTEXT
 SETTING THE
ORGANISATION’S RISK
MANAGEMENT CONTEXT
There is considerable confusion in the risk world in relation
to terms such as risk appetite, risk tolerance, risk acceptance,
risk threshold and risk attitude (just to name a few). These
are defined differently by organisations and there is no
guidance in ISO 31000 that clarifies this, so the confusion
becomes a distraction.

No matter what it is called – all organisations need to specify

the parameters within which they are going to manage their
risks. In order to do this there a number of fundamental
questions that you need answered.

1. What is the level of risk that I’m willing to

accept against all my particular categories?
RISK BIT #4
It is important to look at all categories individually
Use other’s misfortune to as certain categories may be different. You may
strengthen your approach
to risk management, have a very low acceptability for safety risks and
and in doing so, reduce reputation, but slightly more than performance or
the likelihood of those
events happening in financial management. Identify what level of risk
your organisation. you are willing to accept for each category and
this becomes your target level of risk. Therefore
when you identify a risk and analyse it, if it’s
sitting above that target, straight away you know
you have to take steps to reduce it down to that
target.

11
One way of capturing this information is in a matrix as shown
below:

WHAT IS OUR TARGET LEVEL OF RISK AGAINST EACH

RISK CATEGORY?

VERY
RISK CATEGORY LOW MEDIUM HIGH
HIGH

Safety X

Security X

Quality of
X
Services

Financial X

Legislative
X
Compliance

Environment X

Reputation X

2. What am I going to measure my consequences

against? What are my critical success factors?

Ask yourself what categories, impact areas or critical success

factors am I going to measure my consequence against? In
determining what success looks like for your organisation,
you can devise the critical success factors for your
consequence matrix.

12
 Some common critical success factors include (but are not
limited to):
• Financial
• Reputation
• Legal
• Compliance
• Schedule (Projects)
• Safety
• Environment
• Quality/Performance
• Political

3. What does severe look like against every one of those

critical success factors?

Analyse each category and ask “what does a severe

consequence look like to us as an organisation against
each of those categories?” This will express your
threshold for pain in terms of incidents that may occur.

4. What does almost certain look like against

from a likelihood perspective?
RISK BIT #5
Is it more than once a year, is it a hundred in a
The ultimate goal of risk thousand, or is it once in three months? This is an
management is to allow
management to make important question to ask because if you get this
risk informed decisions. wrong, or if you have an inappropriate likelihood
matrix, you are also going to see some real issues
with your risk assessments.

13
5. What does my matrix look like? What is its size
(3x3, 5x5 .etc.)? What is the level each of the squares
represent?

The way you structure your matrix is going to determine how

conservative your organisation is and if you choose the wrong
type of matrix and you have incorrect squares, e.g. if you’re
a highly conservative organisation but you’ve got a lot of
squares at the medium or the low level rather than the high
or extreme level, your matrix isn’t actually reflective of the
nature of the business that you are involved in.

Too many people and too many organisations are scrambling

around asking ‘what’s my risk appetite?’ or ‘what’s my risk
tolerance?’ There’s a void of knowledge that exists around
appetite and tolerance that people are filling with their own
opinions. There is one fundamental outcome that you want:
to actually set your risk context – and if you ask the above five
questions you will be able to do this effectively.

14
 DEVELOPING
A RISK
MANAGEMENT
FRAMEWORK
DEVELOPING A RISK
MANAGEMENT
FRAMEWORK
One of the key issues facing many organisations revolves
around what a risk management framework looks like.
ISO 31000 highlights the elements of a risk management
framework as shown below:

The elements of the framework as detailed in the

Standard are:
Mandate and
Commitment

Design of
Framework

Continuous
Implementation
Improvement

Monitor and
Review

• Understanding the organisation and its context

• Establishing risk management policy
• Accountability
• Integration into organisational processes
• Resources
• Establishing internal communication and reporting
mechanisms

16
However there are a number of elements that have not
been covered within the Standard. A more thorough
framework jigsaw is shown in the diagram below;

Senior
Management Training Integration With
Mandate and Strategic and
Commitment Competence Business Planning
and Leadership

Responsibility. Monitoring, Review

Accountability, Documentation and Measurement
Authority

Communication Linkage With other

Resourcing and Relationship Organisational
Management Programs

Reporting Establishment of
Risk
Governance Organisational
Context

Senior Management Mandate, Commitment and

Leadership

To ensure the ongoing effectiveness of a Risk Management

Framework, it is critical that there is active and ongoing
support, mandate and commitment of the program by senior
managers during development and implementation and that
the support does not diminish in any way as the Framework
matures. Senior leaders must demonstrate leadership or
the Framework will fail.

17
Integration with Strategic and Business Planning

A key requirement in all strategic and business planning

is the integration of the risk management discipline with
the planning process. For any organisation to be attuned
to its environment, it needs to ensure that once strategies
are developed the risks of achieving those strategies are
identified, reviewed and, where possible, appropriate
measures developed to minimise the likelihood of the events
occurring and/or consequences if these events were to
occur.

Establishment of the Organisational Risk Context

Establishing the organisational context involves developing

risk criteria, impact areas and, most importantly, the risk
appetite for the organisation.

The risk appetite is defined as the amount of risk an

organisation is willing to take given its capacity to bear risk
and our philosophy on risk taking.

Integration with other Organisational Programs

To be truly integrated within the management systems in an

organisation, the Risk Management Framework needs to be
aligned with a range of other programs.

These include: compliance, internal audit, performance

management, assurance, business continuity planning and
disaster recovery planning.

When alignment is achieved, the performance of the

organisation will improve exponentially.

18
 Responsibility, Accountability and Authority

The assignment of roles and responsibilities is a vital part of

the effectiveness of any Risk Management Framework.

Personnel also need to have the authority to discharge these

responsibilities.

The most important aspect of the Framework,

however, is the assignment and acceptance of
accountability for ownership and acceptance of
RISK BIT #6 risk.
You need to invest; time,
energy and money in Risk Documentation
making sure that your
workforce has the relevant
risk management Documenting the Risk Management Framework
knowledge and skill to be
able to implement your within an organisation is a vital enabler in
framework, otherwise ensuring its effectiveness.
risk informed
decisions cannot
be competently When implementing the Risk Management
made.
Framework, it is essential that the Framework is
effectively recorded and what we are going to
do, why we are doing it and how we are doing it
are articulated.

Risk Governance

For a Risk Management Framework to be effective there

needs to be a well defined risk governance structure.

The governance structure includes the risk management

organisation (e.g. various risk committees) aimed at ensuring
that the risk management program is effective.

19
Training and Competence

One of the most important requirements for the effective

implementation of a Risk Management Framework will be the
provision of training.

A ‘one size fits all’ approach to risk management training is

inappropriate.

Training needs to be tailored to ensure that those with roles

and responsibilities obtain the skill necessary for them to
undertake those roles.

Reporting

The reporting of risk and risk management issues is an

important aspect of ensuring that the Risk Management
Framework contributes to the effectiveness of the
organisation’s performance through risk informed decision
making.

Reports should only contain information that is going to be

used for decision making and should not be “reporting for
reporting sake”.

Resourcing

It is important that the organisational commitment to the

Risk Management Framework is supported by the resources
necessary to ensure its effectiveness.

Resources include personnel to implement and maintain

the Framework as well as the provision of training and the
treatment of identified risks.

20
Risk Communication and Relationship Management

Communication of risk matters and consultation,

engagement and relationship management with the
stakeholder community is essential to supporting sound
risk management decisions. A fundamental requirement for
practising integrated risk management is the development of
plans, processes and products through ongoing consultation
and communication with the organisation’s stakeholders,
both internal and external.

Monitor, Review and Measurement

One of the key principles of implementation and continuous

improvement of a mature Risk Management Framework is
the ability to continually monitor and review the framework
for effectiveness and to measure performance.

It is for this reason that the processes and procedures to

be implemented contain an element of assessment and
evaluation.

21
 IM
PL
RIS EM
KM EN
TI
AN NG
AG
EM
EN
T
IMPLEMENTING
RISK MANAGEMENT
Developing a Risk Management Framework is certainly a
challenge – but that is only one part of the equation. Once
developed, it needs to be implemented.

The thing to understand about the implementation of a

risk management framework is that it is exactly the same
as implementing any other type of change. If you plan your
implementation like you would any other change project,
then you can have success.

There will be barriers and resistance to change, which is why

you need to utilise tactics you normally would in a change
program. The key actions to undertake include:

Committed Leadership

It is absolutely paramount that you have senior management

support, buy in, mandate and commitment. This sets the
stage for the rest of the organisation and the success of the
implementation.

Communication

Identify your stakeholder community, understand their

expectations and look at prioritising those stakeholders. The
communication program throughout the change needs to be
paramount in the development of the framework. You need
to ensure that you have everybody onside.

23
 Training

Provide all your personnel with the necessary skills

and authority to be able to undertake the roles and
responsibilities necessary to implement their part of the risk
management framework.

Gradual Implementation

A risk management culture is not built overnight. Start with

one small part of the organisation, get them up and running
and build the excitement around that particular part so that
it rubs off on others. Starting small also allows you to trial
the implementation before rolling it out to the rest of the
organisation.

Quick Wins
RISK BIT #7
Start with the quick wins – find the risks or
It’s important to create a risk hazards concerning your staff and act on
friendly culture within your
organisation. A culture where them to eliminate or reduce them. This will
there is blame and hiding generate momentum for the program. If you
does not allow you to move
forward as an organisation, prove to the people in the organisation that it’s
and organisations like that going to make their life better, you will start to
are less likely to meet
their objectives. see a change in attitudes.

24
TR THE
AN RIS
SF K
ER
MY
TH
 THE RISK TRANSFER MYTH
The notion that by outsourcing or contracting, you have
transferred your risk to another party is a myth.

I have heard, senior executives, both in Government and

Private Enterprise say “there is no need to worry about that
risk – I have transferred that to the Contractor.”

This is simply untrue.

“If you own the consequences (or at least

part of them) then you own the risk.”

RISK BIT #8 For example;

There will be barriers and In the series Air Crash Investigation, there is an
resistance to change
in implementing a risk episode titled “Dead Weight”.
management framework, so
you need to utilise tactics you
normally would in a change In this episode, maintenance staff working for
program such as committed
leadership, planning, a company that is sub-contracted to conduct
training and gradual maintenance on behalf of Air Midwest’s
implementation.
primary maintenance contractor skip 9 of 25
steps detailed in the maintenance manual
when adjusting the tension on the elevator
control cable. As a result of this, the elevator
control cable is unable to traverse through its
full range of motion.

When Air Midwest flight 5481 took off overweight, the centre
of gravity shifted rearwards when the landing gear was
raised, which pitched the nose higher. Due to the issues with
the elevator control cable, however, the pilots were unable
to bring the nose down, the aircraft stalled and crashed into
a hangar on the ground killing all passengers and crew on
board.

26
The issue arose in this case due to the fact that there was no
contract oversight/assurance by either Air Midwest or the
Primary Contractor.

A Contract is a control – but a control is only as good as

the measurement of its effectiveness. Organisations that
outsource simply cannot afford to assume that because there
is a contract in place that:

• They have outsourced the risk to the Contractor; and

• That the Contractor’s performance will be as contracted
and as reported.

This last point may seem a cynical one, however, you need to
accept that the primary driver for a contractor is to maximise
profit and if shortcuts can be taken in pursuit of this agenda
then those opportunities are likely to be pursued.

What is even more important for organisations to understand

and accept is that if the function that is contracted is a
compliance requirement and if there is a compliance breach
it is the organisation – not the contractor – that will be held to
account.

So, what are the keys to reducing the outsourcing risks?

Firstly, the organisation needs to ensure that prior to

developing the solicitation documentation for an outsourced
function, the risks during the contracted period are
identified, assessed and treatments (such as oversight and
performance measurement) are fully built into the contract.
It is absolutely critical that compliance risks with the highest
level consequences are included in this list.

27
 Secondly, the organisation needs to ensure contract
performance is proactively monitored and measured (i.e. do
not simply accept contractor’s performance reports as fact).

In essence, organisations need to remember that although

you can outsource responsibility for the management of
functions – you cannot outsource accountability for the
consequences of not managing risk. In simple terms – if
the contractor fails – the organisation fails. If an organisation
owns the consequence it owns the risk.

If your organisation is one where contact management and

contract assurance are not front of mind – or yours is one
where the assumption is that the risk has been transferred to
the contractor, you are in a dangerous position.

RISK BIT #9
Don’t limit yourself to only
learning from your own
mistakes; learn from the
mistakes others have made.
After a mistake is made in
another organisation, ask
yourself “how susceptible
am I to exactly the same
thing happening?” and
prevent it happening.

28
 MEASURING
RISK
MANAGEMENT
OUTCOMES
MEASURING RISK
MANAGEMENT
OUTCOMES
In his book Decision Making: Risk Management,
Systems Thinking and Situation Awareness, Dr
Alan McLucas introduces the concept of the Risk
Management Paradox:

“The task of managing risks effectively is

confounded by a classical paradox. That is, if
risks are being effectively managed as a matter of
routine, there will be very few surprises. Nobody
becomes aware of just how effective careful risk-
management actions have proven to be. Nobody
slaps the manager on the back and congratulates
them for a job exceedingly well done. In stark
contrast, however, if risks are managed poorly, the
whole world lines up to say so.”

This paradox provides two critical insights. The first,

and most obvious, is that being a Risk Manager in an
organisation is a thankless task – one that rarely draws
praise, yet they are the first to be put under scrutiny
when outcomes are not as planned. The second
insight is that organisations are not adept at measuring
the outcomes of risk management and the value it is
adding to the organisation.

The task of measuring the benefits risk management

brings to an organisation is a challenging one. To
overcome this challenge, the measurement of risk
management performance needs to consider a wide
range of factors.

30
 Measurement can be divided into three
distinct categories:
RISK BIT #10
a. Compliance. This measures whether
Measuring risk management
outcomes is essential in the organisation is complying with its
proving to an organisation that own risk management policy directives.
risk management is making
a difference and adding b. Maturity. This measures the maturity
value to the organisation. of the risk management program within
Key performance indicators
include compliance, the organisation against industry best
maturity, and value.
practice.
c. Value Add. This measures the extent
to which risk management is contributing
to the achievement of the organisation’s
objectives and outcomes.

Compliance

Like all programs within an organisation the risk

management program should be subject to
compliance auditing. This auditing is aimed at
ensuring that the fundamental requirements detailed
in the organisation’s Risk Management Policy are
being adhered to.

For some organisations, the measurement of

compliance to the risk management policy is the
only measurement that occurs. Simply restricting
the performance of the risk management program
to compliance against the policy, however, is
fundamentally flawed.

Note however, it is actually conceivable that an

organisation has 100% compliance against all of
the risk management policy requirements and yet
their risk management is not contributing to the
achievement of effective outcomes.

31
Maturity Assessment

One of the first steps involved in establishing a risk

management framework for any organisation is
to evaluate existing management processes and
systems. The most effective means of understanding
the current status of the risk management processes
within an organisation is through the conduct of a risk
maturity assessment.

The following is the output from the assessment

conducted by Paladin Risk Management Services.

Organisations should strive to improve their risk

maturity over time.

32
Value Add

Whilst measuring compliance and the maturity of the

risk management program are absolutely critical, what
is not being captured by the majority of organisations
is the contribution risk management is making to the
achievement of the organisation’s objectives.

The irony is that metrics that are currently being

measured by organisations to indicate performance
can provide an insight into the contribution risk
management is making.

If an organisation continues to improve its risk maturity

over time then it follows that the performance against
these metrics will also improve. Whilst it is by no
means a linear relationship, improved risk maturity will
result in improved performance.

The following series of diagrams give an indicator of

what this may look like:
PERFORMANCE PERFORMANCE
MEASURE

No Safety 20
Incidents
(annual)

Staff Turnover 27%

Customer 73%
Satisfaction

Profit after Tax 4.5%

No of reportable 8
Compliance
Incidents

Fines for $850k

compliance
breaches

Average time to 10 weeks

fill vacancies

33
PERFORMANCE PERFORMANCE
MEASURE

No Safety 12
Incidents
(annual)

Staff Turnover 19%

Customer 84%
Satisfaction

Profit after Tax 6.5%

No of reportable 4
Compliance
Incidents

Fines for $250k

compliance
breaches

Average time to 6 weeks

fill vacancies

PERFORMANCE PERFORMANCE
MEASURE

No Safety 6
Incidents
(annual)

Staff Turnover 14%

Customer 92%
Satisfaction

Profit after Tax 9.7%

No of reportable 1
Compliance
Incidents

Fines for $50k

compliance
breaches

Average time to 4 weeks

fill vacancies

34
 What these diagrams demonstrate in practical terms is that
everytime the organisation benchmarks its risk maturity, it
also needs to benchmark its perfromance measures.

It needs to be recognised, however, that this is not an exact

science, and as such a direct relationship cannot be proven,
but it does provide an excellent indication of a correlation
between improved risk management and improved
performance.

When it comes to measuring the outcomes of risk

management this is the best you can hope for.

RISK BIT #11

Risk identification is asking
“what could go wrong?” and
subsequently risk analysis
asks “what would the
consequences be?” When
identifying a risk, focus on
what it is that could go
wrong and make sure it is
an event, not a cause.

35
 LEARN FROM
MISTAKES
OF OTHER
ORGANISATIONS
LEARN FROM MISTAKES OF
OTHER ORGANISATIONS
After an incident occurs in an organisation ask yourself
‘Was this avoidable?’ 9 times out of 10 the answer will be
yes.

When an incident occurs in your organisation ask what

happened, why did it occur, could you have done
anything to prevent it from happening and lastly, is
there anything you can do to stop it happening in the
future? This is your post event analysis.

But why restrict it to just your organisation? You

not only have the opportunity to learn from your
own mistakes, but you can learn from the mistakes
others have made. After a mistake is made in another
organisation ask yourself “how susceptible are we
to exactly the same thing happening?” and you can
potentially prevent of the same thing happening in
your organisation.

If you see a likeminded industry, company or

organisation making a mistake in the news or
something happens to one of your competitors ask
yourself the question, “could that happen to us as
well?”

If the answer is ‘yes’, you need to do a risk assessment

and analyse how susceptible your organisation is
and how strong and effective your controls are to
stopping that. Use others’ misfortune to strengthen
your approach to risk management, and reduce
the likelihood of those events happening in your
organisation.

37
WANT TO LEARN MORE?
The Paladin Risk Management Services website
provides a wealth of information across all risk
management topics, with blogs and videos updated
regularly.

For specific training on risk management, Paladin Risk

Management Services offers a wide range of training
packages and courses to suit a variety of needs:

Diploma of Risk Management and Business

Continuity

Course Information
Register!

Advanced Diploma of Governance and Risk

Compliance

Course Information
Register!

If you have any burning questions on risk

management, Rod Farrar is always ready for a friendly
chat. Contact him at rod@paladinrisk.com.au
or 0400 666 142.

38
ABOUT PALADIN
PALADIN RISK MANAGEMENT
Paladin Risk Management Services is the brainchild of
Rod Farrar, who founded the company in 2007 as a result
of his passion and skill for managing risk. Rod’s extensive
experience in assisting organisations to mitigate and
eliminate professional risks they may encounter is at the
core of Paladin Risk Management Services.

The core service offering is risk management training

workshops.

The Risk Management Diploma is a broad based program

aimed at risk management and business continuity
professionals or those aspiring to fill roles in these industries.
After the four day course, attendants have six months to
complete the assessment activities, at which point they will
be awarded the Diploma.

The Paladin Risk Management Academy Advanced Diploma

of Governance Risk and Compliance is fully accredited
by the Australian Skills Quality Authority (ASQA). The four
day course is the only offering in Australia which covers
governance, risk, compliance and business resilience.

For those that cannot attend the courses in person, or

want to learn at their own pace, Paladin Risk Management
Services offers a Diploma of Risk Management and Business
Continuity via distance education. This comprehensive
course enables you to become accredited through the
provision of education materials including an education kit
and an accompanying chapterised DVD.
Since its foundation, Paladin Risk Management Services
has provided a wide range of risk management services to
a growing list of diverse clients, such as the Department of
Defence, the Australian Federal Police, Reed Construction,
Mont Adventure Equipment, contentgroup, National Health
Call Centre Network, Victorian SES and Retirement Benefits
Fund just to name a few.

Paladin Risk Management Services was selected as an ACT

Finalist in the 2014 Telstra Business Awards.

With the understanding that no two organisations are alike,

Paladin Risk Management Services has a range of flexible
training, courses and consultancy options that can be
specifically tailored to meet your organisation’s needs.
ABOUT ROD
ROD FARRAR
Rod Farrar is an accomplished risk consultant with extensive
experience in the delivery of professional consultancy
services to Government, corporate and not-for-profit
sectors.

Rod’s knowledge of the risk management domain was

initially informed through two decades as an Army Officer in
varying Project, Security and Operational roles. Subsequent
to that, Rod has spent nine years as a professional risk
manager.

His risk management expertise is highly sought after, as is

the insight he provides in his risk management training and
workshop facilitation. Rod has been recognised by the Risk
Management Institute of Australia, which has granted him
Certified Practicing Risk Manager accreditation.

With an extensive list of qualifications, Rod has

lectured at the University of Canberra, has been
on the assessment panel for Certified Practicing
Risk Managers as well as speaking at a range of
conferences and forums. Rod’s Diploma and
Advanced Diploma have been attended by
participants from all over Australia, as well
as New Zealand, New Guinea, Solomon
Islands, Indonesia, Bhutan and Ghana.
The feedback from the course has been
overwhelmingly positive.

Rod’s passion for risk management is

evident throughout all of his work. His
ultimate goal is to help people become
‘Risk Gladiators’, by transferring the skills
and knowledge of risk management so that
every organisation is armed to mitigate and
eliminate any risks they encounter.