Risk & Opportunity Management
Everyone is a risk manager
Risk Management
Components
A. Risk Management Training
& Guidance
G. Decision Making
B. Service Risk
Registers
F. Partnership Risk
Management
RISK &
OPPORTUNITY
MANAGEMENT
STRATEGY
C. Maintenance of
Corporate Risk
Register
E. Project Risk
Management
D. Reporting on Risk
Management (Assurance)
Everyone is a risk manager
Delivering Council Priorities
CORPORATE
RISK
MANAGEMENT
CORPORATE
PLANNING
Corporate
Audit
Committe
Cabinet
Strategic
Directors
Group
Corporate
Risk Register
SERVICE RISK
MANAGEMENT
TEAM RISK
MANAGEMENT
Service Risk
Register
Team/Project
Risk Register
Everyone is a risk manager
SERVICE
PLANNING
Service Risk
Register
Team/Project
Risk Register
Team/Project
Risk Register
Team/Project
Risk Register
TEAM
MANAGEMENT
The Risk & Opportunity Management Framework
(Risk Register Perspective)
Operational
Individual Staff
Objectives
(PDR Process)
Strategic
Step 1
Step 2
Step 3
Team Objectives
Service Plan Objectives
Corporate Objectives
Risk Assess Ability to Meet
Team Objectives
Include Significant Team Risks
Within Service Risk Register
Identify Impact on Meeting
Service Objectives
Include Significant Service
Risks Within Corporate Risk
Register along with Risks that
Can Only be Managed by the
Council as a Whole.
Team Risk Register
Service Risk Register
Corporate Risk Register
Page 1
Everyone is a risk manager
Team Risk Registers
The Risk & Opportunity Management Framework
(Risk Register Perspective)
Operational
Individual Staff
Objectives
(PDR Process)
·
·
·
·
Strategic
Step 1
Step 2
Step 3
Team Objectives
Service Plan Objectives
Corporate Objectives
Risk Assess Ability to Meet
Team Objectives
Include Significant Team Risks
Within Service Risk Register
Identify Impact on Meeting
Service Objectives
Include Significant Service
Risks Within Corporate Risk
Register along with Risks that
Can Only be Managed by the
Council as a Whole.
Service Risk Register
Corporate Risk Register
Team Risk Register
Day to Day risks
regarding teams
roles
Focus on detail
Strong link to
performance
management
Reflects objectives
given to staff (PDR)
Page 2
Everyone is a risk manager
Service Risk Registers
The Risk & Opportunity Management Framework
(Risk Register Perspective)
Operational
Individual Staff
Objectives
(PDR Process)
·
·
·
·
·
Strategic
Step 1
Step 2
Step 3
Team Objectives
Service Plan Objectives
Corporate Objectives
Risk Assess Ability to Meet
Team Objectives
Include Significant Team Risks
Within Service Risk Register
Identify Impact on Meeting
Service Objectives
Include Significant Service
Risks Within Corporate Risk
Register along with Risks that
Can Only be Managed by the
Council as a Whole.
Team Risk Register
Recommended Best
Practice
Day to Day risks regarding
teams roles
Focus on detail
Strong link to performance
management
Reflects objectives given to
staff (PDR)
·
·
·
·
·
·
Service Risk Register
Higher Level Risks related
to delivery of Service Plan
and Corporate Priorities
Register is more
strategically orientated
Escalation of Risks
Corporate Risk Register
Risk scores may change to
reflect the perspective of the
Service (DD)
Reviewed at Management
Team meetings
Quarterly review by Risk
Management Team
Page 3
Everyone is a risk manager
Corporate Risk Register
The Risk & Opportunity Management Framework
(Risk Register Perspective)
Operational
Individual Staff
Objectives
(PDR Process)
Strategic
Step 1
Step 2
Step 3
Team Objectives
Service Plan Objectives
Corporate Objectives
Risk Assess Ability to Meet
Team Objectives
Include Significant Team Risks
Within Service Risk Register
Identify Impact on Meeting
Service Objectives
Include Significant Service
Risks Within Corporate Risk
Register along with Risks that
Can Only be Managed by the
Council as a Whole.
·
·
·
·
·
Team Risk Register
Day to Day risks regarding
teams roles
·
Focus on detail
·
·
Strong link to performance
management
Reflects objectives given to
staff (PDR)
·
·
Service Risk Register
Higher Level Risks related
to delivery of Service Plan
and Corporate Priorities
Register is more
strategically orientated
Escalation of Risks
Risk scores may change to
reflect the perspective of the
Service (DD)
Reviewed at Management
Team meetings
Quarterly review by Risk
Management Team
·
·
·
·
·
Corporate Risk Register
Risks that have a Corporate
Impact in terms of delivering
Corporate Priorities
Risks that are not
necessarily owned by one
service area
Major Financial or
Reputational Impact
Managed by SDG
Quarterly review by Risk
Management Team with
assistance from SD/DD’s
Page 4
Everyone is a risk manager
The Risk Register Template
This is the first time we have fundamentally reviewed the risk register template based on feedback from users :
Everyone is a risk manager
Key Changes – The Template
· A revised weighted 5×5 risk matrix
with simpler likelihood & impact
definitions that produces easier to
understand scores
· The use of dropdown menus to make
input easier as well as contextual
help and where appropriate, data
validation
· Improved presentation of the register
including a ‘Top 10’
Everyone is a risk manager
Key Changes – The Risk
Assessment Methodology
·
·
It uses current mitigated risk
assessment (i.e. assessing the
likelihood and impact of the
defined risk based on actions
implemented to date (completed or
on-target).
Pre / post mitigation risk
assessment is not assessed /
recorded.
Everyone is a risk manager
Likelihood & Impact
Scale
Likelihood
Scale
Impact
Negligible
1
Not Expected to Happen
(<1%)
Negligible
1
Negligible impact on Service/Project
Delivery
Low
2
Could Happen
(2 – 20%)
Small
2
Small impact on Service/Project Delivery
Medium impact on Service/Project Delivery
which may result in not meeting
objectives
Medium
3
Quite Often Occurs
(21% - 49%)
Medium
3
High
More Than Even Chance
(50% - 95%)
High
4
Severe threat to Service/Project Delivery
which may result in not meeting
objectives
Very High
Critical- almost certain
(96%-100%)
Critical
5
Disastrous with Objectives not being Met
Everyone is a risk manager
Impact
Impact
Cost
Negligible
Variations manageable by
virement against internal
budget headings
Slight slippage against
internal targets
Slight reduction in
quality/scope with no overall
impact on
usability/standards
Low
Requires some additional
funding from Service
Slight slippage against key
milestones or published
targets
Failure to include certain
'nice to have' elements or
'bells and whistles' promised
to stakeholders
Medium
Requires significant
additional funding from
Service/Council
Delay affects key
stakeholders and causes
loss of confidence in the
project
Significant elements of
scope or functionality will be
unavailable
High
Requires significant
reallocation of Council
funds (or borrowing) to
meet objectives
Failure to meet key
deadlines in relation to the
financial year or strategic
plan
Failure to meet the needs of
a large proportion of
stakeholders
Critical
Increases threaten
viability of Service
Delay jeopardises viability
of Service
Service outcomes effectively
unusable
Everyone is a risk manager
Time
Quality
Key Changes – Action Planning
·
It allows improved action planning that, whilst removing the detailed plans
from the register, ensures there are robust monitoring arrangements in place.
Everyone is a risk manager
Key Changes – Reporting
·
·
·
Improved presentation of the register
including a ‘Top 10’ Risk report and the
ability to tailor presentation by hiding
columns
The introduction of risk categorisation
and risk score tracking allowing us to
examine risk trends in more detail
The introduction of graphical reporting
that can be used to report on the
contents of the register
Everyone is a risk manager
Key Changes– The Future
Everyone is a risk manager
Questions?
Everyone is a risk manager