Monitoring and Evaluation
Systems
for NARS organizations
in Papua New Guinea
Day 4. Session 12.
Risk Management
4.12.1
Learning objectives
By the end of this session, participants will be able to:
•
Define risk management
•
Analyse risk management
•
Identify examples of risks to the program
•
Plan and develop strategies to deal with those risks
4.12.2
Risk
•
any factor (or threat) that may affect adversely the successful
completion of an intervention
•
achievement of its results and objectives
•
adverse effect on resources, time, cost and quality
4.12.3
Risk Management
Purpose:
to apply a systematic process to reduce the effects of
uncertainties that may compromise the achievement of
the intervention’s results and objectives
4.12.4
Risk Management
•
process that assists managers at all levels to make correct and
informed decisions
•
for organized assessment and control of risks
•
involves identification, analysis, evaluation and monitoring of
risks, and
•
development of strategies to deal with those risks
4.12.5
Risk Management
The risk management process comprises five steps:
1.Identification and definition of risks
identify, define and record risks with stakeholders
2.Conduct risk assessment
determine causes, quantify them and estimate their likelihood and
consequences
3.Conduct risk evaluation
consider and prioritize according to potential impact; determine
level of acceptability
4.12.6
Risk Management
4.
Develop risk management plan
identify the actions required to reduce, contain and control risk;
assign responsibilities for actions; define risk indicators, risk
monitoring arrangements and reporting mechanisms
5.
Implement risk management plan – manage, monitor,
update risks
implement mitigating actions; verify occurrence of risk using
indicators; review/update risks regularly
4.12.7
Risk Management in NARS organizations
Risk management and monitoring at all four organizational levels.
1.organization
to analyse and manage risks that may impede the achievement of
the vision and mission, or purpose and goal of the NARS
organization
2.Program
to analyse and manage risks that may impede a particular
program from achieving its purpose
4.12.8
Risk Management in NARS organizations
3.
Project
to analyse and manage risks that may impede a particular project
from achieving its outputs or purpose
4.
Project activity
to analyse risks that may impede a particular project activity to
implement its tasks (i.e. work plan), use its budget efficiently
and achieve its outputs
4.12.9
Risk Management in NARS organizations
Risk Analysis
Collaborative approach involving the key stakeholders of
intervention
•Project activity and project
project leader and project teams, partners
•Program
project and program leaders, program partners
•organization
•program leaders and senior managers, partners
4.12.10
Risk Management in NARS organizations
Risk Analysis
•during the planning or design phase of the interventions
•analyse risks separately for each organizational level
•risk analysis for project and project activity levels may be
conducted jointly
•completed before the implementation of the intervention begins
•becomes regular recurring activity during implementation
•risk matrix is the tool used
4.12.11
Risk Matrix
Risk Matrix Template
Adapted from: Tasmanian Government (2005) - Tasmanian Government Project Management Guidelines Version 6.0 - March 2005; Section 6: Risk
Management (incl. Project Risk Register – Template and Guide Version1.3, April 2008); Inter Agency Policy and Projects Unit, Government
Information and Services Division, Department of Premier and Cabinet, Tasmania
4.12.12
Risk Matrix
Risk Evaluation Table – a key to risk ratings and risk grade
Table 1: Rating for Likelihood and Level of Consequences for each risk
L
Rated as Low
E
M
Rated as Medium
NA
H
Rated as High
Rated as Extreme (used for Level of
Consequences only)
Table 2: Risk Evaluation Table – combined effect of Likelihood and Level of Consequences to
determine the Risk Grade
Level of Consequences
Likelihood
low
medium
high
EXTREME
low
1
1
2
4
medium
1
2
3
4
high
2
3
4
4
Adapted from: Tasmanian Government (2005) - Tasmanian Government Project Management Guidelines Version 6.0 - March 2005; Section 6: Risk
Management (incl. Project Risk Register – Template and Guide Version1.3, April 2008); Inter Agency Policy and Projects Unit, Government Information
and Services Division, Department of Premier and Cabinet, Tasmania
4.12.13
Risk Matrix
Table 3: Recommended actions for grades of risk
Risk
Grade
Risk mitigation actions
4
Mitigation actions, to reduce the likelihood and level of consequences, to be identified
and implemented as soon as the project commences as a priority.
3
Mitigation actions, to reduce the likelihood and level of consequences, to be identified
and appropriate actions implemented during project execution.
2
Mitigation actions, to reduce the likelihood and level of consequences, to be identified
and costed for possible action if funds permit.
1
To be noted - no action is needed unless grading increases over time.
Table 4: Change to Grade since Last Assessment
NEW
–
New risk
<
Grading decreased
No change to Grade
>
Grading increased
Adapted from: Tasmanian Government (2005) - Tasmanian Government Project Management Guidelines Version 6.0 - March 2005; Section 6: Risk
Management (incl. Project Risk Register – Template and Guide Version1.3, April 2008); Inter Agency Policy and Projects Unit, Government Information
and Services Division, Department of Premier and Cabinet, Tasmania
4.12.14
Risk Matrix
•
tool for managing and reducing the identified risks
•
document risks and risk mitigation strategies being pursued
•
documented framework from which risk status can be reported
•
ensure the communication of risk management issues to key
stakeholders
•
mechanism for seeking and acting on feedback to encourage
the involvement of the key stakeholders
•
identify the mitigation actions and associated costing
4.12.15
Risk Management in NARS organizations
Risk Analysis
•results of risk analysis will be included as part of the intervention’s
M&E documentation
•risk matrix should be updated on an annual basis (or more often if
required)
•include risk matrix update in an M&E schedule of events for the
intervention
4.12.16
Risk Management in NARS organizations
Planning risk mitigation actions
•identify risk mitigation actions for severe or high risks
•describe responsibilities for mitigation actions
•establish timelines when mitigation actions will occur
•record in the risk matrix
•severe risks may require an adjustment to the planning and
design of the intervention
4.12.17
Risk Management in NARS organizations
Planning risk mitigation actions
•plan the risk mitigation actions further during implementation of
intervention
•possibly record in a separate document, such as a risk
management plan
•in smaller interventions the risk matrix may suffice
•managers report on the timeliness and success of the mitigation
actions in regular reporting
4.12.18
Risk Monitoring
•
risks need to be monitored throughout the life of the
intervention
•
reviewing risk analysis annually ? is one method to monitor
risks for medium to low risks
•
severe and high risks may require the development of risk
indicators to measure the threat
•
monitor risk indicators as early warning when a risk may occur
and whether a risk becomes inacceptable for the intervention
4.12.19