Risk Management at Oshkosh
The purpose of a good Risk Management program is to identify potential threats before they occur and develop and implement a plan to deal with them before they can impact our business. Oshkosh Corporation’s Organization Risk Management (ORM) team partners with project managers across the Company to accomplish this purpose. Other companies frequently seek to benchmark with our industry leading practices.
The ORM team‘s efforts decrease the probability and impacts of threats and increase the probability and impact of opportunities. The process is continuous throughout the life of a project or business effort. The intent is to plan and execute risk handling activities as needed across the life cycle of a product, or project. The ORM follows a six-step process:
- Plan is created to manage risk
- Risks are identified in a risk register
- Risks are reviewed and assessed for probability and impact
- Response plans are created to reduce threats and enhance opportunities
- Response plans are documented, approved, implemented and tracked
- The process is closed out when all risks have been sufficiently handled
ORM processes and procedures apply to all Company business units, segments, wholly- and majority-owned subsidiaries, partnerships and joint ventures, as well as programs/projects that Oshkosh Corporation pursues. Projects that require formal risk management under the ORM process include:
- Operations plant additions or changes > $500,000
- International business development pursuits
- Significant IT projects
- Requirements related to new product development
- Projects requiring investment or liability with moderate or high risk (i.e., supply chain initiatives, bids and proposals)
- Other projects may require ORM at the direction of the project sponsor.