Presentation is loading. Please wait.

Presentation is loading. Please wait.

Risk Management PPD July 2019.

Published byJukka-Pekka Aarno Heikkilä Modified over 5 years ago

Similar presentations

Presentation on theme: "Risk Management PPD July 2019."— Presentation transcript:

1 Risk Management PPD July 2019

2 Aims Provide information about risk and risk management.
01/12/2014 Aims Provide information about risk and risk management. Understand why risk management is necessary. Provide some practical tools and guidance to support you in managing risks. Raise awareness of the University’s policy and procedures for risk management. Explore how these procedures can be implemented locally.

3 Outline What is risk? What is risk management? Identification of risk
01/12/2014 Outline What is risk? What is risk management? Identification of risk Analysis of the risk Controlling risk Risk recording Risk management at Cambridge Policy Roles and responsibilities Risk Registers Summary & questions.

4 What is risk? Risk: the threat or opportunity that an action or event will adversely or beneficially affect the University’s ability to meet its objectives. Issue: when a risk has occurred

5 Risk Management Risk management Identify risks Assess and analyse Plan mitigating actions Implement mitigating actions Measure, control and monitor Risk management is the process by which risks are identified, assessed, prioritised and managed in order to support well-informed decision making and maximise the realisation of opportunities across the University.

6 Identification of Risk
Risk management Identify risks Assess and analyse Plan mitigating actions Implement mitigating actions Measure, control and monitor

7 Horizon scanning Feedback Key issues Data analysis Lessons learnt
Identifying risks Identify key objectives Identify risks – i.e. what might stop you achieving the objectives Don’t forget to consider opportunities. Horizon scanning Feedback Key issues Data analysis Lessons learnt Opportunities

8 Identification Defining risk is the key to getting risk management right. Can be helpful to think about: Cause - the reason(s) why the risk could happen. Risk Event – incidents that arise from a cause that could have an effect on the achievement of objectives. Impacts – consequences of the risk event if it occurs.

9 Risk Descriptions Things to avoid when writing risk descriptions:
One-word risks Issue Essays Whinges Questioning the objective Failure of the objective Incident Statement of Fact Failure to…

10 Risk Descriptions Objective
To increase the number of students attending the Risk Management course What might cause us not to achieve the objective? What variation from the objective might arise? What would the impact be? IF new marketing materials can not be produced in time for recruitment for the next academic year. THEN the planned increase in student numbers may be delayed. RESULTING IN an inability to increase fee income.

11 Bowtie Analysis Impacts Causes Risk Event

12 Bowtie Analysis Flood Injury/Death Flooded houses Weather
Loss of utilities Strain on emergency services Economic impact Displaced people Weather Inadequate controls Burst pipe Human error Flood

13 Bowtie Analysis Cause Risk Event Impact
Failure to recruit or retain the best academic staff and research students. Difficulty in securing future research income Reduction in the attractiveness of the University to leading academic staff and highest quality research students Reduction in research income Failure to maintain or enhance research excellence Failure to invest in research support infrastructure Difficulty developing research collaborations (academic & industrial) Significant failure of research integrity or governance Reputational damage Research portfolio not at the cutting edge of research. Impact on teaching quality

14 Risk Owners Every risk should have a risk owner identified. Risk owners should (usually): be the owner of the relevant objective (i.e. accountable for the successful achievement of the objective); be able to deploy and direct resources needed to achieve the objective; have operational responsibility for managing the risk; monitor and report on the status of the risk; and ensure appropriate risk controls are put in place.

15 Assessment and Analysis of Risk
Risk management Identify risks Assess and analyse Plan mitigating actions Implement mitigating actions Measure, control and monitor

16 Risk Scoring Guidance: Likelihood
Probability 1 – Highly Unlikely Less than 10% 2 – Unlikely 10-24% 3 – Possible 25-49% 4 – Probable 50-74% 5 – Extremely Likely More than 75%

17 Risk Scoring Guidance: Impact
Finance Compliance Safety Service Delivery Reputation People* 1 Very Low Minor loss <0.5% of operating budget Trivial, very short-term single non-compliance. Insignificant injury (no intervention). Negligible impact/unnoticed by service users. Insignificant damage. Negligible impact on morale and satisfaction. 2 Low Small loss % of operating budget Small, single, short-term non-compliance. Minor injury (local intervention). Small impact/small inconvenience. Minor or very short-term damage. Small or short-term impact on morale and satisfaction. 3 Medium Moderate loss 1 - 2% of operating budget Sustained single or a few short-term non-compliances. Moderate injury (professional intervention). Medium level impact/moderate inconvenience. Moderate or short-term to medium-term damage. Medium or short-term to medium-term impact on morale and satisfaction. 4 High Significant loss 2 - 10% of operating budget Multiple, sustained non-compliances. Major injury (hospital stay). Significant impact/serious inconvenience. Major or medium to long-term damage. Major or medium to long-term impact on morale and satisfaction. 5 Very High Substantial loss >10% of operating budget Multiple, long-term, significant non-compliances. Fatal injury. Substantial/complete service failure. Substantial or sustained damage. Substantial or sustained impact on morale and satisfaction. *The people impact applies to both retention and recruitment of staff and students.

18 Risk Scoring Heatmap Multiply the impact score by the likelihood score to give the total risk score. The heat map categorises the score as a red, amber, green risk status.

19 Risk Status

20 Mitigating and Controlling Risk
Risk management Identify risks Assess and analyse Plan mitigating actions Implement mitigating actions Measure, control and monitor

21 Risk Controls Once impact and likelihood have been determined, the risk owner should decide on appropriate controls to mitigate the risk. Risk control options: Terminate Exit the activity to eliminate the risk completely. Transfer Reduce the likelihood or impact by transferring or sharing the risk with a third party. Treat Containment: reduce the likelihood and/or the impact of the risk by taking further action. Contingent: establish a contingency to be enacted should the risk happen. Tolerate Accept the risk, subject to monitoring. Take the opportunity Take action to exploit an opportunity.

22 Mitigating Risks Assuming the option is taken to treat the risk, risk mitigation can be achieved through the implementation of: Preventative controls – to reduce the likelihood of the risk event occurring. Containment controls – to reduce the impact of the risk if it does occur.

23 Bowtie Analysis Impacts Causes Risk Event To reduce the likelihood
Preventative Controls Containment Controls Risk Event To reduce the likelihood To reduce the impact

24 Bowtie Analysis Flood Injury/Death Flooded houses Weather
Inadequate controls Burst pipe Human error Injury/Death Flooded houses Loss of utilities Strain on emergency services Economic impact Displaced people Drainage Maintenance Flood defences Communication Sand bags Contingency planning Insurance Flood

25 Implement Mitigating Actions
Risk management Identify risks Assess and analyse Plan mitigating actions Implement mitigating actions Measure, control and monitor

26 Implementing Mitigating Actions
Once further mitigating actions or controls have been identified, appropriate action owners should be identified to take the work forward. These actions should be incorporated as part of a work plan that underpins the relevant objective. Actions should be specific and deliverable.

27 Measure, Control and Monitor
Risk management Identify risks Assess and analyse Plan mitigating actions Implement mitigating actions Measure, control and monitor

28 Monitoring risk Risks should be assessed and monitored on a regular basis by the risk owner to make sure that the risk is being managed effectively through the controls that have been put in place. Risks should be reported to an appropriate committee/governing body, who will seek assurance on the management of the risks. Risk reports and risk registers are used to evidence risk management activities or act as a source of risk reporting.

29 Risk Registers Record of all identified risks that relate to a set of objectives. Tool to help managers achieve their objectives. Drives and evidences risk management activities. Acts as a means of or source of risk reporting. Must be kept simple and practical. Information must be worthwhile.

30 Summary Risk Register

31 Risk Reporting Template
Direction of movement of the risk score (since last reviewed) Current status Risk description/ information Risk appetite Raw (original) risk score Controls currently in place to mitigate the risk – what’s been done so far? Current risk score What further action should be taken? Risk owner

32 Risk Management at Cambridge

33 Risk Management Policy
01/12/2014 Risk Management Policy Sets out the University’s underlying approach to risk management. Together with additional guidance document, provides guidance on how colleagues are expected to assess and manage risk. Forms part of the University’s internal control and governance arrangements. Used to inform the University’s Internal Audit plan. Approved by the University Council on 21 January 2019. Available via the Registrary’s Office webpages.

34 Roles & Responsibilities
01/12/2014 Roles & Responsibilities Council Overall responsibility for risk management. Audit Committee Responsibility for reviewing risk management processes. Scrutiny and approval of University risk register. General Board Scrutiny of School and NSI risks. Senior Leadership Team Responsible for identifying and managing risks across the University’s activities. Heads of Schools/NSIs Encouraging good risk management practice. Ensure fundamental risks are identified, assessed and monitored. Escalation of risks to the SLT. Heads of Departments Encouraging good risk management practice. Ensure fundamental risks are identified, assessed and monitored. Escalation of risks to the Head of School/NSI.

35 Risk management at Cambridge
01/12/2014 Risk management at Cambridge

36 Reviewing Risks University’s Risk Management Policy and associated guidance sets out minimum requirements for formal review of risk registers. University Risk Register Senior Leadership Team (2x per year) Audit Committee (6x per year) Council (2x per year) School/NSI Risk Registers Management Committee (at least once per term, recommended as a standing item) University Senior Leadership Team (2x per year) Council/General Board (1x per year)

37 University Risk Register
01/12/2014 University Risk Register Twelve high-level risks that are considered to have a fundamental impact on the University’s ability to deliver its mission or to operate effectively. Linked to the University priorities. Available to members of the University via the Registrary’s Office webpages.

38 University Risk Register: Heatmap

39 Summary: why bother with risk management?
01/12/2014 Summary: why bother with risk management? Achievement of objectives is more likely. Damaging events are less likely. Resources are used more efficiently and effectively. Decision-making is better informed. Fire-fighting is reduced. Performance is improved. Reputation is protected and enhanced.

40 Questions & Further information
01/12/2014 Questions & Further information Questions? Feedback form Risk Management web pages: management Contact: Elle Bateman, / tel (3)39912 For general information about University Governance see the Governance hub at

41 01/12/2014

42 Risk Appetite The amount and type of risk you are willing to take
Risk Appetite labels Open Willing to consider all potential options and choose the one most likely to result in successful delivery, while also providing an acceptable level of reward and value for money. Moderate Inclined towards a balanced approach to achieving objectives, with exposure limited to medium risks and an acceptance of medium-level reward. Cautious Willing to accept some low risks, but with a preference for safe options that have a lower degree of risk and may only have limited potential for reward. Averse Preference for avoiding risk in this area.

43 University’s Risk Appetite Statement
The University will generally accept a level of risk proportionate to the benefits expected to be gained, and the scale or likelihood of damage. The University has a high appetite for risk in the context of encouraging and promoting critical enquiry, academic freedom, freedom of expression, and open debate. The University has a very low appetite for risk where there is a likelihood of significant and lasting reputational damage; significant and lasting damage to its provision of world-class research or teaching; significant financial loss or significant negative variations to financial plans; loss of life or harm to students, staff, collaborators, partners or visitors; or illegal or unethical activity; and regulatory compliance.

Download ppt "Risk Management PPD July 2019."

Similar presentations

Audit Committee Risk Management Training September 2010 John Allsop Marcus Richards.

Audit Committee Risk Management Training September 2010 John Allsop Marcus Richards.
Managing Risk: A Framework and Reporting Cycle 2014.

Managing Risk: A Framework and Reporting Cycle 2014.
Appendix H: Risk training slides (sample). What is Risk? “ Risk is the effect of uncertainty on objectives ” AS/NZS ISO31000:2009.

Appendix H: Risk training slides (sample). What is Risk? “ Risk is the effect of uncertainty on objectives ” AS/NZS ISO31000:2009.
Child Safeguarding Standards

Child Safeguarding Standards
Risk Management Policy & Procedures An Overview for Staff Prepared by MSM Compliance Services Pty Ltd.

Risk Management Policy & Procedures An Overview for Staff Prepared by MSM Compliance Services Pty Ltd.
Note: See the text itself for full citations. Information Technology Project Management, Seventh Edition.

Note: See the text itself for full citations. Information Technology Project Management, Seventh Edition.
DERBYSHIRE COUNTY COUNCIL RISK MANAGEMENT AWARENESS TOOLKIT FOR ELECTED MEMBERS Martin Brassington and Tom Smith 2006.

DERBYSHIRE COUNTY COUNCIL RISK MANAGEMENT AWARENESS TOOLKIT FOR ELECTED MEMBERS Martin Brassington and Tom Smith 2006.
AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.

AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.
The Australian/New Zealand Standard on Risk Management

The Australian/New Zealand Standard on Risk Management
Benefits for using a standardised risk management framework to risk assess Infection Prevention and Control Sue Greig Senior Project Officer National.

Benefits for using a standardised risk management framework to risk assess Infection Prevention and Control Sue Greig Senior Project Officer National.
For more information visit us at www.hempsons.co.uk Small Charities Coalition Risk management Catherine Rustomji Head of Third Sector North – Hempsons.

For more information visit us at Small Charities Coalition Risk management Catherine Rustomji Head of Third Sector North – Hempsons.
Welcome ISO9001:2000 Foundation Workshop.

Welcome ISO9001:2000 Foundation Workshop.
Irish League of Credit Unions, 2012 W E L O O K A T T H I N G S D I F F E R E N T L Y Risk Management for Credit Unions September 2013 Risk Management.

Irish League of Credit Unions, 2012 W E L O O K A T T H I N G S D I F F E R E N T L Y Risk Management for Credit Unions September 2013 Risk Management.
Equity Housing Group Risk Management. 05 August 2002 © MazarsEquity Housing Group: Risk Management 2 Agenda Introduction: what is Risk Management? The.

Equity Housing Group Risk Management. 05 August 2002 © MazarsEquity Housing Group: Risk Management 2 Agenda Introduction: what is Risk Management? The.
RISK ASSESSMENT 2010/2011 M.J Ramakgolo. THE PURPOSE The aim of the risk assessment session is to develop the Strategic Risk Profile for the municipality.

RISK ASSESSMENT 2010/2011 M.J Ramakgolo. THE PURPOSE The aim of the risk assessment session is to develop the Strategic Risk Profile for the municipality.
SMS Operation.  Internal safety (SMS) audits are used to ensure that the structure of an SMS is sound.  It is also a formal process to ensure continuous.

SMS Operation.  Internal safety (SMS) audits are used to ensure that the structure of an SMS is sound.  It is also a formal process to ensure continuous.
Presented to President’s Cabinet. INTERNAL CONTROLS are the integration of the activities, plans, attitudes, policies and efforts of the people of an.

Presented to President’s Cabinet. INTERNAL CONTROLS are the integration of the activities, plans, attitudes, policies and efforts of the people of an.
Risk Management - the process of identifying and controlling hazards to protect the force.  It’s five steps represent a logical thought process from.

Risk Management - the process of identifying and controlling hazards to protect the force.  It’s five steps represent a logical thought process from.
Hartley, Project Management: Integrating Strategy, Operations and Change, 3e Tilde Publishing Chapter 10 Risk Management Proactively managing the positive.

Hartley, Project Management: Integrating Strategy, Operations and Change, 3e Tilde Publishing Chapter 10 Risk Management Proactively managing the positive.
Risk Assessment and Management. Objective To enable an organisation mission accomplishment, by better securing the IT systems that store, process, or.

Risk Assessment and Management. Objective To enable an organisation mission accomplishment, by better securing the IT systems that store, process, or.

Similar presentations

Ads by Google