Risk Register January 2011Ciaran Whyte

Risk AdministratorPlanning & Strategic Projects Unit

Agenda• Objectives of Seminar• Why manage risks?• Who should have a risk register? • Risk Management Theory• Risk Register format• Risk Register Intranet Tool• Risk Registers and Coordinators• Examples of managing risks• Risk Assessment Process • Active Risk Management

Objectives of Seminar

• Know why you should create a risk register• Be able to create a risk register• Know how to keep the register up to date• Have an awareness of University risk management practices• Know how to be more successful in risk management

At the end of the seminar you should -

Why manage risks?“the threat or possibility that an action or event will adversely or

beneficially affect an organization's ability to achieve its objectives”

Issues Risks

Fire-fightingDamage limitationCostly emergency actions

Containment actionsContingency

KNOWN PROBLEMS

POTENTIAL PROBLEMS

pro-activemanagement

• lower costs• less stressful

risk definition

Who should have a risk register?

Project management teams College / School management teams Administrative Department management teams University senior management teams (SAM / SMT) All groups of people who meet to achieve common objectives

• Current problems - Minutes / action items• Future problems - Risk register

Risk Management Theory

Risk Identification

Risk Evaluation

Risk Mitigation

Risk Monitoring

• past experiences• inputs• focus areas• ignore risks outside control

• determine likelihood or probability of occurrence• determine magnitude of loss or impact

• avoid• contain• active acceptance• passive acceptance• transfer • chase actions / reassess probability & impact / add

new risks• regular reviews of register• quick & simple communication to key

stakeholders

Identifying Risks When you have a plan for the future project tasks

- step back and consider the possibility of each task failing to meet timescales / budget / quality

objectives- review all assumptions

Write down a clear definition of the risk – ‘there is a risk that ….... which will impact......’

Consider past experiences- lessons from past projects or other intellectual material- review list with other project managers and key project team

members

Consider all the evidence- requirements and design documents, dependencies, resourcing,

status reports

Brainstorm with key project individuals - facilitated sessions – Delphi technique / SWOT analysis- expert interviews

Foster open communication within project team - give the team the opportunity to raise risks- don’t shoot messengers!

Ignore risks over which you have no control- keep within your scope and what is manageable

Evaluating Risks

Determine likelihood or probability of occurrence

- consider how many times this has been an issue before

- use past experience to guide probability

- select HIGH / MEDIUM / LOW

Determine magnitude of loss and impact

- assess impact in terms of scale of consequences should issue arise

- assess in relation to scope of area being managed

- select HIGH / MEDIUM / LOW

Mitigating Risks avoid

- eliminate the cause - remove task/activity causing risk from plan

contain- add actions to plan to reduce probability (high medium low)- add actions to plan to reduce impact (high medium low)

active acceptance- set aside contingency- allocate extra resource or finance- take out insurance

passive acceptance- do nothing- accept consequences

transfer- pass risk to another party- commercial agreement

• is the action appropriate to risk severity?• is cost of action effective enough?• is the action timely enough?• is the action realistic within project context?• is the action agreed by all parties?• is the action owned by a responsible person?

Monitoring Risks

be disciplined in ensuring that all actions are completed ensure risk status covered in regular project reports consider new risks as the situation changes Gather feedback from owners of existing risks

- changes to probability/impact/trend Review RED risks and assign new actions Review ‘increasing’ trend risks and assign new actions Do NOT review all risks – manage by exception escalate in good time to allow mitigation actions to be improved

– don’t wait until it becomes an issue!

name of projectANO1 Date this revisionANO9 Date next revision

ID RAG Owner Description & ImpactProb-ability Impact Trend Controls/Actions Action By Action Due

001 Green PI

there is a risk that insufficient resources will be available due to sickness, unplanned absences, etc. to deliver committed Project activity which will impact the delivery of Project outputs M H No change

1. maintain holiday plans2. ensure working instructions documented for all regular services3. create deputy cover plan and conduct training4. conduct regular reviews of Project commitments and secure increased funding when required

1. all team members2. all team members3. all team members4. PI

1. ongoing2. Oct 20093. Aug 20094. ongoing

002 Amber PM

there is a risk that the space and office facilities necessary to support Project team members is inadequate which will impact the delivery of Project outputs and staff morale M H Increasing

1. assign responsibility for Estates interface to a single team member 2. gather feedback in individual reviews

1. PM2. PM and individual team members

1. July 20092. ongoing

003 Red PM

there is a risk that xxxxxxxxxxxxxx are not supportive of achieving xxxxxxxxxxx which will impact the ability to xxxxxxxxxxxxxxxxx H M Increasing involve xxxxxxx in delivery of xxxxxxxxxxxxxxx PM 1. Jul 2009

004 Green PI

there is a risk that timescales are not achievable due to delays with pre-requisite activities which will impact the timely delivery of plans and other outputs M M No change

1. create Project plan of all outputs2. establish and communicate all leadtimes for Project deliverables

1. PI2. all team members

1. Aug 20092. Oct 2009

005 Green ANO3there is a risk that timely, relevant, up-to-date data isn't available to create Project deliverables L M No change

1. liaise with xxxxxxxxxxx to ensure that data is made readily available2. timetable of available data published for xxxxxxxxxxxxxxx 3. create timescales for all deliverables to allow time to gather relevant information

1. ano32. PI3. all team members

1. ongoing2. Quarterly3. Every 6 months

006 Green PI

there is a risk that priorities from higher management will change during the Project, which will impact the Project workload and achievement of outputs H M Decreasing

1. create a change process by which new priorities are assessed for impact, have agreement and implementation plans 1. PM 1. Aug 2009

007 Amber PI

there is a risk that relationships with external partners could be jeopardised strategically due to issues relating to xxxxxxxxxxxxxxx M M Increasing

1. formalise a clear communications channel between xxxxxxxxxx on existing relationships with external partners2. Assign a liaison(s) for each external partner and use them to help address project issues

1. PM2. all team members

1. Aug 20092. Aug 2009

03/07/200903/08/2009

ProjectPI

Project Manager

Risk Register formatRed - existing controls not working/adequate (to escalate)Amber - existing controls in danger of failingGreen - controls are working

Identification

Evaluation

Mitigation

Risk Register Intranet Tool - Solution

Intranet Risk Register

Authorised names/depts

Coordinators – update access

HR/payroll

Warningmessages

Risk log print-out for meetings

Owners – read only access

Administrator – total access and Audit reporting

Risk Register Intranet Tool - Roles

Risk Database

Risk Owner

Risk Coordinator

Administrator

Register Owner

Project Manager

View all risks in register

Manage risks for assigned School or Admin Dept

View all risks ‘owned’

Manage risks for named project

• View all University risks • create new project register• School/Dept register restructuring• access control• audit and monitoring• reporting to SAM/SMT/Audit

Committee

University / School / Administrative Department

Project

Risk Registers & Coordinators

School / College Code Risk CoordinatorArts & Humanities AAH Debbie MarshallBusiness & Economics BAE Alan Evans DACE DAC Judith JamesEngineering ENG Steve DaviesSOTEAS SOT Adrian LuckmanHealth & Human Sciences HHS John DaviesLaw LAW Andrew BealeMedicine MED Paul Roberts /

Sian Roberts

Physical Sciences PHY Niels Jacob

Administrative Department

Code Risk Coordinator

Academic Registry ACR Adrian Novis ISS ISS Tony OllierDRI DRI Chris TalbotCatering CAT Les Carmichael

Conference Services CON Peter Belcher

Egypt Centre EGY Carolyn Graves-Brown

Estates EST Ian MacPherson Finance FIN Phil GoughHR HRE John CoxMarketing MKT Chris MarshallPSPU PSP Ciaran WhyteResidential Services RES Gareth AtkinsonSafety Office SAF Graham JonesSport & Physical Recreation SPR Kevin HarrisonStudent Services STS Sarah Huws-DaviesTaliesin Arts Centre TAL Sybil CrouchVC’s Office VCO Martin LewisUniversity UNI Ciaran Whyte

Examples of managing risksID RAG SMG SMT Owner Description & Impact

Prob-ability Impact Trend Controls/Actions

Proximity Action By

Action Due

U008 AmberWorking with

Others VCfailure to project an even better reputation of Swansea University M H Increasing

1. disseminate marketing strategy and put initial project plans in place2. coordinate the contractual obligations of all EU activity into a coherent economic delivery plan3. maximise the repertoire of case studies with business and industry and then market these working with DRI and the new business marketing forum structure

1. SMT / Raymond Ciborowski / Catherine Mullin2. Noel Thompson / Ian Cluckie / Head of Schools or Colleges3. Noel Thompson / Ian Cluckie / Head of Schools or Colleges

1. Dec 20102. Aug 20113. Aug 2011

U009 AmberEfficiency &

EffectivenessRaymond

Ciborowski

failure to manage the University efficiently or effectively within changing external market conditions which will impact delivery of services and University finances M H No change

1. establish key performance indicators2. establish improved mgt reporting processes3. external advice on impact of HE market changes

1. Pat Price / Phil Gough2. Raymond Ciborowski3. Raymond Ciborowski Aug-11

U010 Amber

Building Common Purpose VC

in times of pressure on public funding failure to recruit, retain and motivate high quality staff to maintain the rate of academic development of the University M M Increasing

1. ensure robust HR policies and practices2. implementation of HR policies3. management of staff4. ensuring adequate physical environments for staff

1. David Williams2. David Williams3. Head of Schools or Colleges / Directors of Administration4. Craig Nowell / Head of Schools or Colleges / Directors of Administration Aug-11

U011 Amber

Building Common Purpose

Raymond Ciborowski

failure to maximise the performance of staff which will impact the quality of services delivered and University finances M M No change

1. provide training and staff development to Schools on performance management2. implement performance management processes3. to be addressed in Business Planning process

1. Raymond Ciborowski / David Williams / Andrew Morgan2. Head of Schools3. Noel Thompson / Ian Cluckie / Pat Price Aug-11

Risk Assessment Process Pre-risk assessment checklist

22 multiple choice questions A – low risk B – medium risk C – high risk Identifies impacts to administrative functions

Risk Assessment Review Risk assessment checklist Risk register DRI summary of finances Summary presentation (major projects)

SMT approval Risk.Assessment@swansea.ac.uk

Active Risk Management track risk actions as part of your status reporting foster a ‘heads-up’ culture as part of tracking to keep looking ahead start all tasks as early as possible to increase mitigation options maintain open and non-threatening communications decriminalise risk within project team – keep a positive attitude! Involve the key project skills in risk management – not just PMs communicate risk information – stakeholders & project team maintain your Project Files– and risk audit trail

Risk management provides a –• more efficient and cheaper way of working• less stressful working environment

Conclusions

THANK YOU for your time today

c.m.whyte@swansea.ac.uk