everyone is a risk manager risk & opportunity management
TRANSCRIPT
Everyone is a risk manager
Risk & Opportunity Management
Everyone is a risk manager
Risk ManagementComponents
C. Maintenance of Corporate Risk
Register
G. Decision Making
RISK & OPPORTUNITY MANAGEMENT
STRATEGY
F. Partnership Risk Management
D. Reporting on Risk Management (Assurance)
E. Project Risk Management
B. Service Risk Registers
A. Risk Management Training & Guidance
Everyone is a risk manager
Delivering Council Priorities
Team/Project Risk Register
Team/Project Risk Register
Team/Project Risk Register
Team/Project Risk Register
Service Risk Register
Service Risk Register
Corporate Risk Register
Strategic Directors
Group
CabinetCorporate
Audit Committe
TEAM RISK MANAGEMENT
SERVICE RISK MANAGEMENT
CORPORATE RISK
MANAGEMENT
TEAM MANAGEMENT
SERVICE PLANNING
CORPORATE PLANNING
Everyone is a risk manager
Page 1
The Risk & Opportunity Management Framework(Risk Register Perspective)
Individual Staff Objectives
(PDR Process)
Risk Assess Ability to Meet Team Objectives
Team Risk Register
Include Significant Team Risks Within Service Risk Register Identify Impact on Meeting
Service Objectives
Service Risk Register
Include Significant Service Risks Within Corporate Risk
Register along with Risks that Can Only be Managed by the
Council as a Whole.
Corporate Risk Register
Step 1
Team Objectives
Step 2
Service Plan Objectives
Step 3
Corporate Objectives
Operational Strategic
Everyone is a risk manager
Team Risk Registers
Page 2
The Risk & Opportunity Management Framework(Risk Register Perspective)
Individual Staff Objectives
(PDR Process)
Risk Assess Ability to Meet Team Objectives
Team Risk Register
· Day to Day risks regarding teams roles
· Focus on detail
· Strong link to performance management
· Reflects objectives given to staff (PDR)
Include Significant Team Risks Within Service Risk Register Identify Impact on Meeting
Service Objectives
Service Risk Register
Include Significant Service Risks Within Corporate Risk
Register along with Risks that Can Only be Managed by the
Council as a Whole.
Corporate Risk Register
Step 1
Team Objectives
Step 2
Service Plan Objectives
Step 3
Corporate Objectives
Operational Strategic
Everyone is a risk manager
Service Risk Registers
Page 3
The Risk & Opportunity Management Framework(Risk Register Perspective)
Individual Staff Objectives
(PDR Process)
Risk Assess Ability to Meet Team Objectives
Team Risk Register
· Recommended Best Practice
· Day to Day risks regarding teams roles
· Focus on detail
· Strong link to performance management
· Reflects objectives given to staff (PDR)
Include Significant Team Risks Within Service Risk Register Identify Impact on Meeting
Service Objectives
Service Risk Register
· Higher Level Risks related to delivery of Service Plan and Corporate Priorities
· Register is more strategically orientated
· Escalation of Risks
· Risk scores may change to reflect the perspective of the Service (DD)
· Reviewed at Management Team meetings
· Quarterly review by Risk Management Team
Include Significant Service Risks Within Corporate Risk
Register along with Risks that Can Only be Managed by the
Council as a Whole.
Corporate Risk Register
Step 1
Team Objectives
Step 2
Service Plan Objectives
Step 3
Corporate Objectives
Operational Strategic
Everyone is a risk manager
Corporate Risk Register
Page 4
The Risk & Opportunity Management Framework(Risk Register Perspective)
Individual Staff Objectives
(PDR Process)
Risk Assess Ability to Meet Team Objectives
Team Risk Register
· Day to Day risks regarding teams roles
· Focus on detail
· Strong link to performance management
· Reflects objectives given to staff (PDR)
Include Significant Team Risks Within Service Risk Register Identify Impact on Meeting
Service Objectives
Service Risk Register
· Higher Level Risks related to delivery of Service Plan and Corporate Priorities
· Register is more strategically orientated
· Escalation of Risks
· Risk scores may change to reflect the perspective of the Service (DD)
· Reviewed at Management Team meetings
· Quarterly review by Risk Management Team
Include Significant Service Risks Within Corporate Risk
Register along with Risks that Can Only be Managed by the
Council as a Whole.
Corporate Risk Register
· Risks that have a Corporate Impact in terms of delivering Corporate Priorities
· Risks that are not necessarily owned by one service area
· Major Financial or Reputational Impact
· Managed by SDG
· Quarterly review by Risk Management Team with assistance from SD/DD’s
Step 1
Team Objectives
Step 2
Service Plan Objectives
Step 3
Corporate Objectives
Operational Strategic
Everyone is a risk manager
The Risk Register Template This is the first time we have fundamentally reviewed the risk register template based on feedback from users :
Everyone is a risk manager
Key Changes – The Template
· A revised weighted 5×5 risk matrix with simpler likelihood & impact definitions that produces easier to understand scores
· The use of dropdown menus to make input easier as well as contextual help and where appropriate, data validation
· Improved presentation of the register including a ‘Top 10’
Everyone is a risk manager
Key Changes – The Risk Assessment Methodology· It uses current mitigated risk
assessment (i.e. assessing the likelihood and impact of the defined risk based on actions implemented to date (completed or on-target).
· Pre / post mitigation risk assessment is not assessed / recorded.
Everyone is a risk manager
Likelihood & Impact
Scale Likelihood Scale Impact
Negligible1
Not Expected to Happen (<1%)
Negligible1
Negligible impact on Service/Project Delivery
Low2
Could Happen (2 – 20%)
Small2
Small impact on Service/Project Delivery
Medium3
Quite Often Occurs(21% - 49%)
Medium3
Medium impact on Service/Project Delivery which may result in not meeting
objectives
HighMore Than Even Chance
(50% - 95%)High
4
Severe threat to Service/Project Delivery which may result in not meeting
objectives
Very HighCritical- almost certain
(96%-100%)Critical
5Disastrous with Objectives not being Met
Everyone is a risk manager
Impact
Impact Cost Time Quality
Negligible Variations manageable by virement against internal budget headings
Slight slippage against internal targets
Slight reduction in quality/scope with no overall impact on usability/standards
Low Requires some additional funding from Service
Slight slippage against key milestones or published targets
Failure to include certain 'nice to have' elements or 'bells and whistles' promised to stakeholders
Medium Requires significant additional funding from Service/Council
Delay affects key stakeholders and causes loss of confidence in the project
Significant elements of scope or functionality will be unavailable
High Requires significant reallocation of Council funds (or borrowing) to meet objectives
Failure to meet key deadlines in relation to the financial year or strategic plan
Failure to meet the needs of a large proportion of stakeholders
Critical Increases threaten viability of Service
Delay jeopardises viability of Service
Service outcomes effectively unusable
Everyone is a risk manager
Key Changes – Action Planning
· It allows improved action planning that, whilst removing the detailed plans from the register, ensures there are robust monitoring arrangements in place.
Everyone is a risk manager
Key Changes – Reporting
· Improved presentation of the register including a ‘Top 10’ Risk report and the ability to tailor presentation by hiding columns
· The introduction of risk categorisation and risk score tracking allowing us to examine risk trends in more detail
· The introduction of graphical reporting that can be used to report on the contents of the register
Everyone is a risk manager
Key Changes– The Future
Everyone is a risk manager
Questions?