9.1 Organisational Risk Management Flashcards

1
Q

Define ‘risk’

A

The effect of uncertainty on objectives

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

To understand risk, what else do we need to understand?

A

We need to understand what our objectives are

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is the difference between risks, and threats and hazards?

A
  • A threat or a hazard can contribute to a risk and are chiefly what we know about
  • Risk, however, takes that information from many other sources and then considers uncertainty- the unknown - to make an assessment of overall risk
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Name the four key risk categories

A
  • Operational
  • Corporate
  • Portfolio
  • Strategic
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What should you do throughout all stages of the risk management process (2)?

A

1) Communicate and consult

2) Monitor and review

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is the first step in the risk management process?

A
  1. Establish context:

- This help us to see the wider picture of the risks we need to manage.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Regarding step 1 of the risk management process, describe the two types of context we need to understand.

A

Internal context - things within Police that influence how we manage risk eg, your objectives, policies and processes, resources, knowledge and skill level.

External context - things outside Police that affect our ability to manage risk. For example, social, cultural, political and legal environment as well as relationships with stakeholders.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is step two of the risk management process and what does it mean?

A

2: Identify Risk

Identifying risk means understanding why something is risky and how risky it is.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is step 3 of the risk management process?

A

Step 3: Analyse risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What does step 3 (analyse risk impact) involve? (2)

A

It involves seeking further information to develop an understanding of two key things -

  1. The level of risk (risk matrix)
  2. Controls in place
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What tool might you use to help analyse your level of risk?

A

A risk matrix

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which two areas does a risk matrix analyse?

A

The likelihood and the consequence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What does determining the likelihood and consequence of a risk allow you to do?

A

By determining the likelihood and consequence of the risk you are able to categorise and communicate its significance. This is part of the analyse risk step.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

With regard to organisational risk management, what are some controls that might already be in place to mitigate risK (5)?

A

1) Policies
2) Standard Operating Procedures
3) Training
4) Supervision
5) IT Systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is the difference between risk and threat/hazards?

A

Threats and hazards are chiefly what we know about - risk however takes that information, and information from many other sources, then considers uncertainty - the unknown - to make an assessment of overall risk.

Example - the offender is the threat, the risk is the uncertainty of his intentions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What does step 4 (evaluate) of the risk management allow process us to do (5)?

A

The Evaluate step allows us to decide what action we need to take in relation to the risk. This could include acting, monitoring, accepting, acknowledging that effective management is achieved, or escalating it to another group.

17
Q

List the different types of action we could take when managing risk (4)

A
  • Act
  • Monitor
  • Accept
  • Acknowledge that effective management is achieved
18
Q

What is step 5 of the risk management process?

A

Step 5: Take Action

19
Q

What two actions does a risk owner have if existing controls are not managing a risk to an acceptable level of comfort?

A

They can either act or monitor the risk.

20
Q

If you act on a risk, what impact does this have on the risk itself?

A

It should reduce the likelihood or consequences pre- (prevents) or post- (responds to) the uncertain event.

21
Q

How often should a risk owner monitor and review a risk after a risk evaluation?

A

As often as is appropriate for the level of risk and assurance we have.

22
Q

Regarding active risk management, what are the three lines of defence that we have at our disposal?

A

1st line - all Police personnel
2nd line - Districts/Service Centres/PNHQ work groups
3rd line - the assurance group

23
Q

How can SPTs be used to manage risk (3)?

A

1) SPTs ensure your workgroup has a strong understanding of what risks are in your area,
2) what gaps there are in how these are being managed, and
3) how this information can help inform annual planning.

24
Q

What is the first line of defence in active risk management and what does it involve (4)?

A

Everyone acts as the first line of defence - identifying and discussing any potential risks. It applies controls such as

1) policy,
2) process,
3) procedures, and
4) standards to their activities.

25
Q

What is the second line of defence in active risk management?

A

In the second line, Districts, Service Centres, and PNHQ work groups provide a robust management environment for discussing, acting upon, and escalating risks.

26
Q

What is the third line of defence in active risk management?

A

The Assurance Group and other independent functions which maintain a view of Police’s control environment are the third line of defence. The third line provides assurances and assesses, verifies, or certifies that controls are operating as intended.

27
Q

Blank

A

Blank

28
Q

How does changing how we do things manage risk?

A

When we change the way we do things the risks could change – considering our risks should just be part of the process for changing the ways we work.

29
Q

How do changes in our operating environment affect the management of risk?

A

This is a good chance to ensure our risks are still relevant and that nothing new has arisen.

30
Q

How do near misses, lessons learnt, and events help us manage risk?

A

When something goes wrong, could have gone wrong, or happens when we don’t expect it, this is a good chance to consider how we could prevent the same or a similar thing from happening again, reduce the seriousness of the consequences, or take advantage or a similar situation next time – how can we improve?

31
Q

What are the five steps for managing risk?

A

1) Establish context
2) Identify risk
3) Analyse risk impact
4) Evaluate risk
5) Take action

32
Q

What are the two on-going processes which take place during risk management?

A

1) Communicate and consult

2) Monitor and review

33
Q

Why is communcation and consultation important for risk management?

A

Regular communication and consultation help ensure stakeholders interests are considered, your logic, thinking and judgement are checked and creates support for future management of risks.

34
Q

What is the equation which forms the risk rating in step 3 of the risk management process?

A

Risk rating = likelihood X consequence

35
Q

In step 5 (act) of the risk management process, treatments and any future action for different risks should be prioritised based on…(4)

A

1) Level of risk
2) Assurance in the proposed treatments
3) Relative costs and benefits of treatments/future action, and
4) An ongoing assessment of our internal and external context

36
Q

What is the desired result from deciding to act on a risk?

A

The likelihood or consequences of the uncertain event are reduce.