(Minutes of HELCOM 33/2012, Annex 8.3)
The Helsinki Commission (HELCOM), being a public, international body financed mostly from the Contracting Parties' budgets, must have efficient and effective functions ensuring cost-effective use of public resources.
A risk can be defined as anything that can occur and have a negative impact on the possibility of HELCOM to achieve its objectives. The purpose of risk management is to identify risks and manage them so that the risk level stays acceptable.
Risk management is derived from the objectives and key activities of HELCOM and is linked to the overall planning process of the organization. There is a dependency between objectives, activities, tasks and risks. There are risks, potential problems, associated with all objectives, so the idea is not to avoid risks but to keep them under control and sustain suitable response, according to the risk type and magnitude. Identifying and assessing risks also involves defining the acceptable level of each risk.
As risk management concerns every staff member of HELCOM, all employees are able and free to identify risks and make proposals on how to improve the work processes in order to reduce risks.
The existence of the Helsinki Commission as an international, inter-governmental organization is not considered at risk: the Helsinki Convention and other related agreements constitute a solid foundation.
New projects and activities go through an established procedure before start-up (Project Guidelines).
Risk assessment is integrated into this framework. Before a HELCOM activity or project is started, the decision-making body (HELCOM/Heads of Delegation consisting of the Contracting Parties) or the Subsidiary Body concerned, assisted by the HELCOM Secretariat is responsible for taking risks into consideration when approving or launching the activity/project.
For each project the designated project manager has responsibility for risk management. The manager reports and can refer matters to the relevant Subsidiary Bodies/Heads of Delegation. The Secretariat stays in close contacts with managers.
The following steps are to be applied to assess (steps 1 and 2) and manage (step 3 and 4) the risk:
For these first two steps a risk matrix can be used (the risks identified in step 1 are inserted in the correct cell on the basis of their probability and impact). The risk level can be low, moderate, high or extreme, and is the combination of the impact level and likelihood criteria. By classifying the risks it is possible to identify which ones are critical and rank them for the next step in the process.