In today’s public and private sectors, success hinges on proactively managing risk. Risk isn’t just about avoiding harm, it’s about navigating uncertainty to protect value, ensure compliance and unlock opportunity.
That’s why AS/NZS ISO 31000:2018 is a cornerstone for risk management across Australia and New Zealand. Australia’s adoption of the global risk standard, provides flexible guidance for identifying, assessing and managing risk across sectors. It defines risk as “the effect of uncertainty on objectives,” covering both threats and opportunities.
While external forces can trigger risk, many threats originate within, through weak governance, flawed processes or ineffective controls. In this article, we reference the recent case studies that demonstrate the consequences of not managing internal risks of error of process and errors in process and offer a solution that enhances transparency and traceability.
The Cost of Process Deviation: Optus (2025)
Optus’s second major 000 outage in three years resulted in over 600 failed emergency calls and four fatalities. It was triggered by a single procedural lapse during a routine software update. Staff skipped the critical first step: ensuring alternate call routing. The absence of embedded safeguards meant the process could be bypassed without detection.
Optus requires a system that can flag deviations in real time. By embedding mandatory controls and decision logic into workflows, this would ensure that critical steps cannot be skipped unnoticed. By linking operational actions to risk exposure, making compliance visible and enforceable before harm occurs.
The Cost of Process Failure: Telstra (2024)
Telstra’s 000 outage stemmed not from staff error, but from a contingency process that failed under real-world stress. Operators followed protocol, but the protocol itself was flawed, relying upon outdated channels and manual workarounds that hadn’t been tested under load.
This is an example of how critical it is to digitise process design, making it visible and part of the everyday and subject to continuous validation. Doing so enables organisations to simulate, stress-test and refine workflows based on operational realities. Risk controls are embedded, not assumed. This ensures that even contingency plans are resilient, traceable and fit for purpose.
The Cost of Chronic Neglect: Qantas (2022–2024)
Qantas’ “ghost flights” scandal where customers booked tickets for cancelled flights was the result of neglected booking systems and slow, ineffective remediation. The issue wasn’t policy absence, but the inability to act on it.
This risk could be mitigated by linking policy obligations to specific tasks and roles. It ensures that system maintenance, customer remediation and crisis response are governed by clear workflows and accountability. With real-time visibility and audit trails organisations can respond faster, reduce exposure and restore trust.
The Cost of Poor Process Design: Samsung (2016)
Samsung’s Galaxy Note 7 fires were caused by a quality control process that failed to account for real-world stress conditions. The process was executed correctly but its design was too rigid, based on regulatory assumptions that didn’t reflect operational realities.
Samsung requires a system that can design processes that integrate both compliance and operational insight. It embeds risk and quality as design principles, not afterthoughts. By digitising risk framework structures, this ensures that processes are not only compliant but resilient to the conditions in which they operate.
The Consequences: Realised Risk Across Dimensions
These and many other cases show how managing internal risks requires more than policy documents; it demands operational processes that are actively used, strategically aligned and digitally embedded. Frameworks like ISO 31000 provide the foundation, but to truly integrate risk governance into the rhythm of business organisations require an overarching mechanism like a System of Work.
Systems of Work like DOLIUM transform risk frameworks into living systems, making governance continuous, traceable and actionable. It is the answer to Optus, Telstra, Qantas and Samsung’s systemic gap between policies, risk frameworks and operations.
DOLIUM offers a strategic framework that integrates policy, risk management and quality control directly into day-to-day operations. It defines roles, workflows and decision rights in a way that ensures obligations are fulfilled consistently and with full transparency. Rather than treating risk mitigation as a reactive checklist, DOLIUM enables organisations to operationalise it as a forward-looking capability. By linking legislation, policy requirements and risk exposure to specific tasks and activities, teams are equipped to identify, understand and address risks in real time. This alignment empowers organisations to act with confidence, knowing that regulatory obligations are being met and that operational risks are being actively managed where they occur.
With DOLIUM organisations gain a continuous audit trail, real-time responsiveness to regulatory change and reduced exposure across jurisdictions. It fosters a culture of risk mitigation by making it part of how work is done. Risk management becomes a built-in safeguard rather than an afterthought, providing the clarity and control needed to protect the organisation and its licence to operate.
By digitising ISO 31000’s principles and embedding them into the rhythm of work, DOLIUM empowers organisations to prevent loss, respond to change and build lasting resilience. Risk management becomes a built-in safeguard, not a reactive scramble.