9.1 Organisational Risk and H & S

Question 1

Define ‘risk’

Answer 1

The effect of uncertainty on objectives

Question 2

To understand risk, what else do we need to understand?

Answer 2

We need to understand what our objectives are

Question 3

What is the difference between risks, and threats and hazards?

Answer 3

• A threat or a hazard can contribute to a risk and are chiefly what we know about- Risk, however, takes that information from many other sources and then considers uncertainty- the unknown - to make an assessment of overall risk

Question 4

Name the four key risk categories

Answer 4

• Operational- Corporate- Portfolio- Strategic

Question 5

What should you do throughout all stages of the risk management process (2)?

Answer 5

1) Communicate and consult2) Monitor and review

Question 6

What is the first step in the risk management process?

Answer 6

1. Establish context:- This help us to see the wider picture of the risks we need to manage.

Question 7

Regarding step 1 of the risk management process, describe the two types of context we need to understand.

Answer 7

Internal context - things within Police that influence how we manage risk eg, your objectives, policies and processes, resources, knowledge and skill level.External context - things outside Police that affect our ability to manage risk. For example, social, cultural, political and legal environment as well as relationships with stakeholders.

Question 8

What is step two of the risk management process and what does it mean?

Answer 8

2: Identify RiskIdentifying risk means understanding why something is risky and how risky it is.

Question 9

What is step 3 of the risk management process?

Answer 9

Step 3: Analyse risk

Question 10

What does step 3 (analyse risk impact) involve? (2)

Answer 10

It involves seeking further information to develop an understanding of two key things -1. The level of risk (risk matrix)2. Controls in place

Question 11

What tool might you use to help analyse your level of risk?

Answer 11

A risk matrix

Question 12

Which two areas does a risk matrix analyse?

Answer 12

The likelihood and the consequence

Question 13

What does determining the likelihood and consequence of a risk allow you to do?

Answer 13

By determining the likelihood and consequence of the risk you are able to categorise and communicate its significance. This is part of the analyse risk step.

Question 14

With regard to organisational risk management, what are some controls that might already be in place to mitigate risK (5)?

Answer 14

1) Policies2) Standard Operating Procedures3) Training4) Supervision5) IT Systems

Question 15

What is the difference between risk and threat/hazards?

Answer 15

Threats and hazards are chiefly what we know about - risk however takes that information, and information from many other sources, then considers uncertainty - the unknown - to make an assessment of overall risk.Example - the offender is the threat, the risk is the uncertainty of his intentions.

Question 16

What does step 4 (evaluate) of the risk management allow process us to do (5)?

Answer 16

The Evaluate step allows us to decide what action we need to take in relation to the risk. This could include acting, monitoring, accepting, acknowledging that effective management is achieved, or escalating it to another group.

Question 17

List the different types of action we could take when managing risk (4)

Answer 17

• Act- Monitor- Accept- Acknowledge that effective management is achieved

Question 18

What is step 5 of the risk management process?

Answer 18

Step 5: Take Action

Question 19

What two actions does a risk owner have if existing controls are not managing a risk to an acceptable level of comfort?

Answer 19

They can either act or monitor the risk.

Question 20

If you act on a risk, what impact does this have on the risk itself?

Answer 20

It should reduce the likelihood or consequences pre- (prevents) or post- (responds to) the uncertain event.

Question 21

How often should a risk owner monitor and review a risk after a risk evaluation?

Answer 21

As often as is appropriate for the level of risk and assurance we have.

Question 22

Regarding active risk management, what are the three lines of defence that we have at our disposal?

Answer 22

1st line - all Police personnel2nd line - Districts/Service Centres/PNHQ work groups3rd line - the assurance group

Question 23

How can SPTs be used to manage risk (3)?

Answer 23

1) SPTs ensure your workgroup has a strong understanding of what risks are in your area, 2) what gaps there are in how these are being managed, and 3) how this information can help inform annual planning.

Question 24

What is the first line of defence in active risk management and what does it involve (4)?

Answer 24

Everyone acts as the first line of defence - identifying and discussing any potential risks. It applies controls such as 1) policy, 2) process, 3) procedures, and 4) standards to their activities.

Question 25

What is the second line of defence in active risk management?

Answer 25

In the second line, Districts, Service Centres, and PNHQ work groups provide a robust management environment for discussing, acting upon, and escalating risks.

Question 26

What is the third line of defence in active risk management?

Answer 26

The Assurance Group and other independent functions which maintain a view of Police’s control environment are the third line of defence. The third line provides assurances and assesses, verifies, or certifies that controls are operating as intended.

Question 27

Blank

Answer 27

Blank

Question 28

How does changing how we do things manage risk?

Answer 28

When we change the way we do things the risks could change – considering our risks should just be part of the process for changing the ways we work.

Question 29

How do changes in our operating environment affect the management of risk?

Answer 29

This is a good chance to ensure our risks are still relevant and that nothing new has arisen.

Question 30

How do near misses, lessons learnt, and events help us manage risk?

Answer 30

When something goes wrong, could have gone wrong, or happens when we don’t expect it, this is a good chance to consider how we could prevent the same or a similar thing from happening again, reduce the seriousness of the consequences, or take advantage or a similar situation next time – how can we improve?

Question 31

What are the five steps for managing risk?

Answer 31

1) Establish context2) Identify risk3) Analyse risk impact4) Evaluate risk5) Take action

Question 32

What are the two on-going processes which take place during risk management?

Answer 32

1) Communicate and consult2) Monitor and review

Question 33

Why is communcation and consultation important for risk management?

Answer 33

Regular communication and consultation help ensure stakeholders interests are considered, your logic, thinking and judgement are checked and creates support for future management of risks.

Question 34

What is the equation which forms the risk rating in step 3 of the risk management process?

Answer 34

Risk rating = likelihood X consequence

Question 35

In step 5 (act) of the risk management process, treatments and any future action for different risks should be prioritised based on…(4)

Answer 35

1) Level of risk2) Assurance in the proposed treatments3) Relative costs and benefits of treatments/future action, and4) An ongoing assessment of our internal and external context

Question 36

What is the desired result from deciding to act on a risk?

Answer 36

The likelihood or consequences of the uncertain event are reduce.