Risk Management



This guide is designed to meet the following objectives:

  • To ensure the safe and professional conduct of all Brisbane North Junior Cricket Association (BNJCA) cricket events
  • To minimise harm to participants, property, spectators and the general community
  • To improve and preserve the reputation of BNJCA to people in the general community



Risk Appetite and Risk Tolerance



Risk Appetite


Risk appetite is the amount of risk that BNJCA is willing to accept to achieve its objectives. It also describes our attitude towards risk taking.


The BNJCA risk appetite involves effectively managing uncertainty rather than not avoiding or eliminating risk completely. Risk appetite also considers opportunities that involve the acceptance of risk. BNJCA is prepared to retain or accept risk that has been thoroughly considered and is managed appropriately. This is done in an open and transparent manner to protect the player and volunteers of BNJCA and also to seize opportunities for the benefit of BNJCA.


We recognise that it is not possible or necessarily desirable to eliminate some of the risks inherent in our other activities. This is particularly important in regard to the nature of the game that administer. To realize our vision of delivering successful development we need to achieve innovation within our practices and in doing so we recognize that the acceptance of some risk is necessary to enable innovation and achieve benefits.



Risk tolerance


Risk tolerance is the levels of short-term risk taking that are acceptable in order to achieve a specific objective or manage a category of risk.


BNJCA’s risk tolerance levels are determined based on a matrix system that defines the levels of tolerance in qualitative terms that can be monitored and used to effectively evaluate if the risk outcome is acceptable or unacceptable. It provides for a range of deviation from appetite with the requirement for the risk to be managed to appetite within a given timeframe.



Our goals for the ongoing management of risk


To achieve our objectives BNJCA will:

  • foster a positive risk culture that promotes an open and proactive approach to managing risk that considers both threat and opportunity;
  • communicate and consult about risk in a timely and effective manner to both internal and external stakeholders;
  • maintain an appropriate level of capability to both implement the agency’s risk management framework and manage its risks;
  • review risks, risk management framework and the application of risk management practices on a regular basis, and implement improvements arising out of such reviews;
  • maintain documented evidence relating to the implementation and performance of this plan; and
  • ensure that collected data is utilised where appropriate to support risk management decisions.



Assessing the Consequence


For each risk assessment the consequence to be recorded is the realistic worst case scenario. The scenario must be considered to happen at the time when it could have the greatest impact on the association or an individual. Extreme scenarios which are dependent on a number of other continuous or simultaneous events happening should be ignored. The consequence definitions and various classes of consequence are defined in the following table.


<consequence table>



Assessing the Likelihood


Likelihood is a measure of the probability of a risk or benefit being realised.


Factors considered when assessing Likelihood include:

  • The source of the risk or benefit
  • The effect of any existing risk treatment
  • Historical data concerning risks that have been realised in the past


The likelihood definitions used for risk assessments are outlined in the following table.


<Likelihood Table>



Rating the Risk


The following table is the rating calculation matrix. This uses the definitions of Consequence and Likelihood given above to derive the rating for both risks and benefits.


<Risk and Benefit Matrix>


The following guidance can be used to determine the magnitude of the risk and the typical action required.


Extreme: Immediate action and enhanced countermeasures required

High: Management attention needed, enhanced countermeasures recommended

Medium: Manage by routine procedures and good practice

Low: No requirement for specific considerations.



Treating the Risk


When considering the appropriate countermeasures for treatment of the identified vulnerabilities, there are several strategies that can be adopted. In some cases the overall strategy will be a combination of strategies:


<Treatment table>


The selection of the countermeasures must also consider:

  • The cost of implementation
  • Running costs, including volunteer time
  • The impact on operations and association processes
  • Alternative countermeasures that may be possible
  • Additional benefits the countermeasure may offer.



Effectiveness of Controls


The effectiveness of each control should be assessed and recorded in the risk register. The measures of effectiveness and their descriptions are provided below.


<Effectiveness table>



Recording Risk


The sections above provide all the information that is required to record and manage risks. A risk register is maintained that includes the following information:



The date that the risk is first assessed or recorded in this register.

Risk Description

The full description of the risk including what is at risk, the loss or benefit and the reason this outcome may occur.

e.g. Reputation may be damaged because bullying is ignored.


The likelihood of the risk being realised.


The consequence should the risk be realised.

Inherent Risk Rating

The rating of the risk prior to any controls being applied.

Risk Treatment

The form of risk treatment that has been selected. Treat, Tolerate, Transfer, Terminate


The date the control is applied

Compensating Control

A description of the control being applied to mitigate the risk.  There may be more than one control required to mitigate the risk.

Control effectiveness 

A measure of the effectiveness of the control in mitigating the risk.


The likelihood of the risk being realised with the control in place.


The consequence should the risk be realised while the control is in place.

Residual Risk Rating

The rating of the risk with controls in place.