Topics
Risk Detail
The purpose of Risk Management is to support effective decision making by dealing with risk in a way that is visible, repeatable and consistent. A meaningful Risk Management process will provide an organisation with better understanding of risks and their likely impact. In turn, this helps to ensure that an organisation makes cost effective use of a process that is based on a series of well defined steps. The key elements in effective risk management are illustrated below.
| Risk Management Element | Description |
|---|---|
| Identify | Includes considering risks in context, how they could affect an organisation’s objectives and describing them in enough detail to ensure a common understanding |
| Assess | Includes ensuring that risks can be ranked in terms of estimated impact, how close (in time) they are to occurring (ie proximity) and gaining an understanding of the overall level of risk associated with the activities in question |
| Control | Includes describing how to respond appropriately to identified risks and then authorising, monitoring and controlling these responses |
Programme or Project risks can arise from a variety of sources and an understanding of the business context is an essential first step. Risk Registers or Lessons Learned reports from previous projects will point to where potential threats may arise. Generic lists of risk types can be useful to bring to facilitated workshops, providing stakeholders with a good starting point for the risk identification process.
There are several excellent sources of best practice risk management guidance eg the Office of Government Commerce’s (OGC’s) Management of Risk (M_o_R) framework and the NI Audit Office's report titled Good Practice in Risk Management. Generic Risk Management awareness has been provided across many NICS departments and the requirements of corporate governance applied in the public sector demands that organisations maintain and regularly review corporate risk registers. Other sources of best practice information include the Association of Project Management (APM) Body of Knowledge.
Main risk management roles and responsibilities are illustrated below.
| Role | Responsibility |
|---|---|
| Senior Responsible Owner (SRO) | In a Programme and Project Management (PPM) context, the SRO has overall responsibility for putting in place an effective Risk Management policy and process |
| Sponsoring Group or Board | Has key oversight responsibility for Risk Management processes and a prime role in setting policy and approving action in the mitigation of risks that are causing concern |
| Programme or Project Manager | Day to day risk management responsibility rests here. Key role in implementing PPM related Risk Management policy |
| Risk Owner | Person best placed to direct or take mitigating action against individual risks |
| All staff | Risk Management is the responsibility of all staff in the organisation. Staff will adopt various roles at different stages in the programme or project |
