9.1 Organisational Risk Management Flashcards
Define ‘risk’
The effect of uncertainty on objectives
To understand risk, what else do we need to understand?
We need to understand what our objectives are
What is the difference between risks, and threats and hazards?
- A threat or a hazard can contribute to a risk and are chiefly what we know about
- Risk, however, takes that information from many other sources and then considers uncertainty- the unknown - to make an assessment of overall risk
Name the four key risk categories
- Operational
- Corporate
- Portfolio
- Strategic
What should you do throughout all stages of the risk management process (2)?
1) Communicate and consult
2) Monitor and review
What is the first step in the risk management process?
- Establish context:
- This help us to see the wider picture of the risks we need to manage.
Regarding step 1 of the risk management process, describe the two types of context we need to understand.
Internal context - things within Police that influence how we manage risk eg, your objectives, policies and processes, resources, knowledge and skill level.
External context - things outside Police that affect our ability to manage risk. For example, social, cultural, political and legal environment as well as relationships with stakeholders.
What is step two of the risk management process and what does it mean?
2: Identify Risk
Identifying risk means understanding why something is risky and how risky it is.
What is step 3 of the risk management process?
Step 3: Analyse risk
What does step 3 (analyse risk impact) involve? (2)
It involves seeking further information to develop an understanding of two key things -
- The level of risk (risk matrix)
- Controls in place
What tool might you use to help analyse your level of risk?
A risk matrix
Which two areas does a risk matrix analyse?
The likelihood and the consequence
What does determining the likelihood and consequence of a risk allow you to do?
By determining the likelihood and consequence of the risk you are able to categorise and communicate its significance. This is part of the analyse risk step.
With regard to organisational risk management, what are some controls that might already be in place to mitigate risK (5)?
1) Policies
2) Standard Operating Procedures
3) Training
4) Supervision
5) IT Systems
What is the difference between risk and threat/hazards?
Threats and hazards are chiefly what we know about - risk however takes that information, and information from many other sources, then considers uncertainty - the unknown - to make an assessment of overall risk.
Example - the offender is the threat, the risk is the uncertainty of his intentions.