1. +Robert 2. Search 3. Images 4. Maps 5. YouTube 6. News 7. Gmail 8. Documents 9. Calendar 10. More 1. Translate 2. Books 3. Blogger 4. Reader 5. Finance 6. Photos 7. Videos 8. 9. Even more Hidden fields Account Options 1. Robert Waller 2. 0 Opening… 3. Share Opening… 4. Robert Waller Robert Waller Robert Wallerrrobertwaller@gmail.com 1. Profile 2. Google+ 3. Account settings 4. Privacy Sign out 1. My library 2. Help 3. Advanced Book Search 4. 5. Web History Go to Google Books Home Advanced Book Search Books Add to my library Write review Page 119 books.google.ca - Downlaodable PDF (ISBN 9780113312757) also available...http://books.google.ca/books/about/Management_of_risk.html?id=BcM-b4DTttcC&utm_source=gb-gplus-shareManagement of riskManagement of risk Page TM I Management of Risk: Guidance for Practitioners *...* Page i London: TSO *...* Page ii □ TSO Published by TSO (The Stationery Office) and available from: Online www. tsoshop.co.uk Mail, Telephone, Fax & E-mail TSO PO Box 29, Norwich, NR3 1GN Telephone orders/General enquiries: 0870 600 5522 Fax orders: 0870 600 5533 *...* Page iv 6 Perspectives 55 6.1 Introduction 57 6.2 Strategic perspective 58 6.3 Programme perspective 61 6.4 Project perspective 63 6.5 Operational perspective 66 6.6 Achieving measurable value 69 6.7 Integrating risk management across *...* Page v List of figures Figure 1.1 MoR framework Figure 1.2 Organizational perspectives Figure 1.3 MoR's relationship with other OGC guides Figure 3.1 Relationship between documents Figure 4.1 The management of risk process Figure 4.2 *...* Page vi List of tables Roles and responsibilities relevant to risk management Techniques to support risk management Example probability scale - 1 Example probability scale - 2 Example cost impact scale Example time impact scale Example *...* Page vii Foreword We live in an ever-changing world and to cope we all manage risk, often without consciously being aware that we are doing it. This can be true in both our personal lives and in the business environment. Page viii Acknowledgements This edition of Management of Risk updates the 2007 edition with changes proposed through the Best Management Practice change control system . The guide captures the knowledge and experience of the authors, *...* Page ix Projects (Consulting) Ltd; Stephen Marks, Project Performance Consulting Ltd; Tim Reeks, HM Revenue & Customs; Alan Summerfield, Aspire Europe; Mike Ward, Outperform UK Ltd. Change control panel Mike Pears, Andrew Wood and John *...* Page 1 Introduction *...* Page 3 *...* 1 Introduction 1.1 PURPOSE OF THIS GUIDE This guide is intended to help organizations put in place an effective framework for risk management. This will help them take informed decisions about the risks that affect their strategic, *...* Page 4 implement. Each step describes the inputs, outputs, tasks and techniques involved to ensure that the overall process is effective. ■ Embedding and reviewing MoR Having put in place an approach and process that satisfy the principles, *...* Page 5 Many of these benefits are applicable to both the private and public sectors. Whereas the private sector focuses mainly on shareholder returns and the preservation of shareholder value, the public sector's role is to perform *...* Page 6 should maintain sound risk management and internal control systems and review the effectiveness of these at least annually. Regarding internal control, the current UK Guidance for Directors (2005) states that the board's deliberations *...* Page 7 future. It is, therefore, essential to review these decisions and associated risks regularly. ■ Medium -term goals are usually addressed through programmes and projects to bring about business change. Decisions relating to medium-term *...* Page 9 an approach to performing risk management health checks, and Appendix D, which describes risk management maturity models. Chapter 6 explains when and how MoR principles, concepts and processes should be applied throughout an *...* Page 11 I PI 4 IP ■Kil ff Management of risk principles *...* Page 13 *...* 2.1 INTRODUCTION The purpose of the Management of Risk (MoR) guide is to provide a framework for risk management that can be applied to any organization regardless of its size, complexity, location, or the sector within which it *...* Page 14 Risk appetite is the amount of risk the organization, or subset of it, is willing to accept. It is risky for an organization to have a risk appetite greater than the risk capacity. To ensure that risk appetite for organizational *...* Page 15 actions. The chance of being able to deal with resistance that may exist clearly improves if this resistance is understood. Risk management must recognize the capabilities, perceptions and intentions of external and internal people that *...* Page 17 Culture is understood here to mean 'the way things are done'. A supportive culture is one that embeds risk management into day-to-day activities, where senior managers demonstrate through policies and actions that risk management is *...* Page 19 Management of risk approach *...* Page 21 *...* 3.1 INTRODUCTION The way in which the principles described in the previous chapter are implemented will vary from organization to organization. Collectively the principles provide a foundation from which the risk management approach *...* Page 22 It can contain a detailed description of the risk management process or present a high-level view, with a fuller description being provided in a separate process guide document. For larger organizations a policy may have several *...* Page 23 3.6 ISSUE REGISTER The purpose of the issue register is to capture and maintain information in a consistent, structured manner on all of the identified issues that are happening now and require action. Although issue resolution is not *...* Page 25 causes of other future risk events. A systematic way of linking risk management and issue resolution processes must be found, but without mixing the two in a way that defies effective management of actual problems from management of *...* Page 29 *...* 4.1 INTRODUCTION This chapter describes the MoR process. It is divided into four primary steps known as: ■ Identify ■ Assess ■ Plan ■ Implement. Collectively these steps form a logical sequence necessary for robust *...* Page 30 MoR process Mapping to The Orange Book process - the risk management model Risk environment/context The extended enterprise Figure 4.2 Comparison of the steps within the MoR process and The Orange Book *...* Page 31 Inputs Goals Process step Tasks Outputs Techniques Figure 4.3 How each process step is defined 4.2 COMMON PROCESS BARRIERS There are a number of barriers or constraints common to the implementation of all the steps in the risk *...* Page 33 ■ What constraints are relevant to the activity ■ How complete the information is ■ Who the stakeholders are and what their objectives are ■ Where the activity fits in relation to the organizational structure ■ The organization's *...* Page 34 Risk management policy The approach adopted for the context step should reflect the risk management policy and the required approach to management of risk, including recognition of the organization's risk appetite. Page 35 Table 4.2 Context outputs Output Explanation Activity analysis As a result of reviewing the planned activity it may be necessary to prepare a series of notes. For example, any assumptions made while interpreting the information examined *...* Page 36 *...* 4.4.5 Context tasks The process tasks will involve the examination of the activity information available. The information examined will vary according to the type of activity and whether it relates to the strategic, programme, *...* Page 37 Table 4.4 Identify the risks inputs Table 4.5 Identify the risks outputs Output Explanation Risk register Early warning indicators for KPIs The content of the register needs to be tailored to the activity undertaken. Page 38 4.5.4.4 Group techniques, including brainstorming, nominal group technique and Delphi technique There are a number of techniques that can be used in workshops with groups and that are designed to leverage the fact that groups of *...* Page 39 Table 4.6 Identify the risks tasks Review clarity Take time to ensure that the threat and opportunity descriptions are as clear and full as possible so that when they are revisited at a later date the meaning behind the descriptions is *...* Page 40 *...* Inputs Risk register Early warning indicators Techniques Probability assessment Impact assessment Proximity assessment Expected value assessment Outputs Risk register Scales to aid the assessment of probability are included in the *...* Page 41 Revisit the risk identification step if any of the threat or opportunity descriptions are insufficiently clear to be able to assess them, or they require rewording to reflect recent events. Assess the probability and impact of the *...* Page 42 This is a simple mechanism to increase visibility of risks. It is a graphical representation of the information found in the risk register. Summary risk profiles are often referred to as risk assessment matrices, probability impact *...* Page 43 understand alternative strategies quickly prior to decision-making. It is also useful in the plan step of the process. 4.7.5 Evaluate tasks The activities in the evaluate step are the tasks necessary to capture the right information to *...* Page 44 4.8.1 Plan inputs The inputs to the plan step are the documents and other information from the previous process steps that will enable effective decision- making in planning responses to risks, whether they are threats to be removed or *...* Page 45 also to identify and describe any secondary risks that exist following the response, ie threats or opportunities caused by the response action. 4. 8. 3. 2 Cost- benefit analysis Some risk responses are planned without doing a formal *...* Page 46 *...* Inputs Risk owner Risk actionee Risk register Risk response plan Techniques Update summary risk profiles Risk exposure trends Update probabilistic risk models Outputs Risk progress reports 4.9.2 Implement outputs The outputs of the *...* Page 47 Table 4.17 Implement outputs Output Explanation Risk progress reports The key outputs will be risk progress reports including some or all of the suggested content in Appendix A. The time, energy, effort and finances expended in the *...* Page 49 Embedding and reviewing management of risk *...* Page 51 *...* 5.1 INTRODUCTION The purpose of this chapter is to introduce the need for the integration of risk management into the culture of the organization, to explain how this can be achieved and to highlight the need for regular review, *...* Page 54 *...* The inclusion of risk responsibilities and activities in job descriptions, objectives and staff appraisals ■ Delivering information on risk management as part of new staff inductions (this will help ensure new staff understand the *...* Page 55 Perspectives *...* Page 57 6 Perspectives 6.1 INTRODUCTION In the previous chapters, the principles, approach and generic process for undertaking risk management have been described . The way in which the principles, approach and process are applied will vary *...* Page 58 Change management objectives Day-to-day management objectives Strategic risks Programme risks t Operational risks t II Project risks Figure 6.1 Interrelationships between different organizational perspectives In addition to the *...* Page 59 ■ Resource Relating to ensuring that staff and suppliers are providing the skills and commodities required by the organization. It is critical that risk management within the strategic perspective is continually aligned with objectives *...* Page 60 6.2.4 Provides clear guidance Risk management for the strategic perspective should be shaped by the risk management policy and process guide and is documented in the strategic risk management strategy. The risk management strategy for *...* Page 61 When making a new corporate investment decision or beginning a new corporate planning cycle, the full risk management process should be applied. A key output from earlier steps will be the strategic risk management strategy, *...* Page 62 Programme opportunities and threats are enerally identified: ■ Through the escalation of risks from projects within the programme ■ During programme start -up ■ By other programmes with dependencies or interdependencies with this *...* Page 63 6.3.5 Informs decision-making Regular programme risk reports should be provided to the SRO and programme manager. Additional summary risk reports (eg risk progress reports) may be produced at key decision points such as at the end of *...* Page 64 ■ To specification ■ On time ■ Within budget. 6.4.2 Fits the context The project perspective maintains a view of successfully delivering a predefined output or product and, as a consequence, enabling the delivery of business benefits *...* Page 65 perspective if the level of risk cannot be brought under control and the project is part of a programme or to the strategic perspective if the project is not being managed as part of a wider programme. Risk management is a key tool in *...* Page 67 operational risk profile within an organization, including the use (or lack) of a standardized approach, management endorsement, employee awareness and education, the attitude to risk within the organization, risk appetite and the *...* Page 68 ■ Identify any additional benefits associated with adopting management of risk for the operations/services covered ■ Confirm the scope of the strategy (eg applied to a single service or a range of operational services) ■ Identify the *...* Page 69 ■ Establishing and maintaining the operational risk management strategy and the operational risk register ■ Helping to balance operational opportunities and threats relative to the cost implications ■ Providing assurance of the *...* Page 70 Table 6.1 Roles and responsibilities relevant to risk management Writes, owns and assures adherence to the risk management policy Defines the overall risk appetite Reviews the risk management strategy Approves funding for risk *...* Page 71 Role Responsibilities The senior manager appointed to represent the senior team (Could be referred to as the sponsor, SRO, executive or other labels as relevant to the organization) Ensures that appropriate governance and internal *...* Page 72 Table 6.1 continued Role Responsibilities Risk specialist (If the role does not exist as part of the organization the responsibilities rest with the manager to resource the role appropriately) (Could also be called a risk practitioner, *...* Page 73 Appendix A: Management of risk document outlines *...* Page 75 *...* This appendix describes the purpose of the documents required to implement MoR and details their contents. The composition of each document should be aligned with the objectives and tailored to the context of the organization and *...* Page 76 thresholds for an organizational activity will then be embedded in the risk management strategy for that activity. Procedure for escalation and delegation This section will describe the escalation procedure and delegated procedure to be *...* Page 77 A.2 RISK MANAGEMENT PROCESS GUIDE A. 2.1 Purpose and composition The risk management process guide describes how an organization intends to carry out risk management and the role and responsibility of people who perform risk management *...* Page 80 Risk status The most commonly adopted terms to describe the status of a risk are : ■ Active The risk is still live and relevant to the organizational activity ■ Closed Either the risk can no longer happen or have an impact on the *...* Page 85 *...* B.1 INTRODUCTION This appendix provides more details on the techniques listed in each step of the MoR process. It is not an exhaustive list and other techniques may be used or alternative names given to common techniques. Page 86 Table B.1 Techniques to support risk management Process step Techniques associated primarily with this process step Process steps where technique could also be useful Identify - context Stakeholder analysis PESTLE analysis SWOT analysis *...* Page 87 Stakeholder 1 2 3 4 5 Responsible Accountable Consulted Informed Figure B.2 An example of an RAG diagram *...* Page 88 *...* B.2.2 PESTLE analysis PESTLE analysis will help to capture understanding about aspects of the context by using the prompts political, economic, sociological, technological, legal and environmental. It is a technique that facilitates *...* Page 91 Table B.6 Example requirements impact scale Impacts on an organizational activity must be considered in terms of the organizational objectives. Impact areas must be defined in the identify - context step of the process and suitable *...* Page 92 *...* A risk prompt list, as described by the first edition of the Project Risk Analysis and Management Guide: PRAM (APM, 1997), is a list that 'categorizes risks into types or areas'. The HM Treasury guide known as The Orange Book (2004 ) *...* Page 95 B.4 TECHNIQUES FOR THE ASSESS - ESTIMATE STEP The estimate step is concerned with assessing the probability of threat and opportunity events materializing and their respective impact should they materialize. Page 97 Table B.8 Expanding RAG status for reporting within a particular activity. The parameters of the risk tolerance line should be agreed at the outset of an activity and regularly reviewed. The use of an extended Red Amber Green (RAG) *...* Page 98 each of the threats and opportunities and the modelling of variability. It will also be influenced by the choice of probability distribution selected to represent each variable (threat or opportunity) and their interrelationship - see *...* Page 99 Figure B.8 Range of outcomes, and the probability of achieving an objective ( based on a Monte Carlo simulation) P90 overrunning (ie the impact on project B when project A overruns). Note that it is possible to calculate separately the *...* Page 100 Time overrun Project A overruns Cost overrun 4 Resources not released to B Resources released on time to B Extra funding for Project A No extra funding for Project A Project B is descoped Project B is delayed Project B buys in additiona *...* Page 103 such as impact on reputation. The technique forces a focus on all the costs and benefits, however, and supports judgement and decision-making. As referred to in Table B.9, some risk responses are planned without carrying out a formal *...* Page 104 Figure B.11 Example of a scatter diagram *...* Page 105 Appendix C: Management of risk health check *...* Page 109 ■ Have stakeholders been provided with timely, specific and clear information about risks, particularly when a new major activity is being proposed or objectives changed? ■ Have stakeholder objectives for an activity been captured , *...* Page 112 Is an adequate budget for embedding and executing risk management available? Are effective practices, productive behaviours and investments in risk management identified and rewarded? Is there a corporate process for identifying good *...* Page 113 Appendix D: Management of risk maturity model *...* Page 115 *...* D.1 INTRODUCTION The purpose of this appendix is to introduce the subject of maturity models, their use, composition and benefits. Maturity models are a valuable tool in enabling organizations to benchmark their current risk *...* Page 116 *...* Competencies Attained or desired capabilities Maturity model Constructed as a matrix Levels Sequence for developing capabilities Criteria Primary risk management practices Figure D. 1 Inputs to a maturity model D.5 SCOPE The *...* Page 119 Level 4 Managed Level 5 Optimizing developed, refined and disseminated. Central risk function is established Senior management reports in a consistent format. Audit reports. Prioritized actions MoR is routinely used to support *...* Page 121 management need to treat implementation as a project in itself, which requires establishing clear objectives and success criteria and undertaking proper planning, resourcing and effective monitoring and management. Page 122 D.14 MORE INFORMATION ON THE OGC P3M3 This section provides a summary of the Portfolio, Programme and Project Management Maturity Model (P3M3®), developed by the Office of Government Commerce (OGC). This maturity model identifies five *...* Page 123 Table D.4 P3M3 risk management process perspective Maturity Portfolio description Programme description Project description Level 1 There is growing recognition that risks need to be managed and that, at least for key business *...* Page 127 *...* The purpose of this appendix is to provide introductions to some risk specialisms and direct the reader to more detailed information on these specialisms. The specialisms covered are: ■ Business continuity management ■ Incident *...* Page 128 and safety at work is so important, there are rules, which require everyone not to put themselves or others in danger. The law is also there to protect the public from workplace dangers. Further information on health and safety *...* Page 129 E.7 REPUTATIONAL RISK MANAGEMENT Reputation is one of the most important assets of most organizations and, accordingly, reputational risk is one of the main concerns for risk managers. A reputational risk occurs when an organization is *...* Page 134 and control systems, have been put in place to protect assets, earnings capacity and the reputation of the organization. disaster recovery planning A series of processes that focus on *...* Page 141 Index Note: Page numbers in italics refer to figures. The abbreviation MoR is used for Management of Risk. accounting officers 60 achieves measurable value see measurable value activity analysis 35, 37 documents 34 aligns with *...* Page 143 plan step 44 internal control 5-6 interviews 38, 94 ISO31000: 2009 ( international standard for risk management) 3, 13 issue register 23, 24-5, 80-1 key performance indicators (KPIs) 15-16 in documentation 76, 78 identify - identify the *...* Page 144 process guide 22, 77 process measures 69 process of MoR 3-4, 29-31, 29, 30, 31 assess - estimate step 38-41, 86, 95 assess - evaluate step 41-3, 86, 95-9 common barriers 31, 53-4 communication throughout 31-2 in documentation 76, *...* Page 145 tasks 30 assess - evaluate step 43 identify - context step 35-6 identify - identify the risks step 38, 39 implement step 47 plan step 45 team role 70, 72 techniques 30 assess - estimate step 39-40, 86, 95 assess - evaluate step 42-3, *...* Page 148 Management of risk is critical to an organization's success. Informed risk- taking helps to improve performance through the use of innovative approaches for managing business and service delivery. This publication sets out a framework *...* Get print book No eBook available TSO Shop Amazon.ca Chapters.indigo.ca Find in a library All sellers » Front Cover 0 Reviews Write review http://books.google.ca/books/about/Management_of_risk.html?id=BcM-b4DTttcC Management of risk: guidance for practitioners By Stationery Office (U. k.) About this book New! Shop for Books on Google Play Browse the world's largest eBookstore and start reading today on the web, tablet, phone, or ereader. Go to Google Play Now » My library My Books on Google Play Favorites Reading now To read Have read Books for you My History Purchased Reviewed Recently viewed Browsing history Books on Google Play The Stationery Office Pages displayed by permission of The Stationery Office . Copyright . Clear searchResult *82* of *100* in this book for *editions:ihG5nntzytMC*- Order by: relevance | *pages**relevance* | pages- ‹ Previous Next › - View all Loading... Loading... Pages 117 to 118 are not shown in this preview. Loading... Loading... Loading... Loading... Favorites Reading now To read Have read Link Feedback