Chapter 9: Organisational Risk Management

Question 1

Risk defined

Answer 1

Effect of uncertainty on objectives

Question 2

What is an objective?

Answer 2

What do we want??

Objective could be:

• to carry out an operation effectively
• to deliver an initiative
• for everyone to be safe and feel safe

Question 3

What is uncertainty?

Answer 3

Could prevent or delay us from achieving our objectives

Question 4

What is a threat?

What is a hazard?

Answer 4

E.g human actor

E.g geological fault

Threats and hazards are chiefly what we know about…

Question 5

How does Police manage risk?

Answer 5

Risk oversight framework

Question 6

What are the types of risk?

Answer 6

1) strategic risks
2) portfolio risks
3) corporate risks
4) operational risks

Question 7

What are strategic risks?

Answer 7

Strategic risks may affect the achievement of strategic objectives spelt out in Our Business

Executive leadership team oversees strategic risk.

Question 8

What is portfolio risks?

Answer 8

Investment portfolios

Oversees risks related to the delivery of portfolios, programs and projects.

Once these are delivered or become BAU - any associated risks will pass to other parts of the business to manage.

Question 9

What are corporate risks?

Answer 9

Risks that may affect the achievement of cross-organisational objectives

Those related to

• legislative and regulatory compliance
• information management
• asset management
• people and capability
• external environment

Police governance groups oversee these risks

Question 10

What are Operational risks?

Answer 10

Risks that may affect the achievement of day to day operations.

May relate to planned objectives and deliverables at an operational level.

National Operations Steering Group oversees operational risks and the application of TENR.

Question 11

How many steps does the risk management process have?

Answer 11

5 steps and 2 ongoing processes.

Question 12

What are the five steps in the risk management process?

Answer 12

1) Establish context
2) identify risk
3) analyse risk
4) evaluate
5) take action

Question 13

What is Monitor and review in the Risk management process?

Answer 13

Whatever is decided after a risk evaluation (Act, Monitor, Accept, Achieved)

Risk owner must monitor and review this decision as often as is appropriate for the level of risk.

Question 14

What is communicate and consult in the risk management process?

Answer 14

Communicate and consult throughout all stages of the risk management process.

Regular communication and consultation help ensure

• stakeholders interests are considered
• your logic, thinking and judgement are checked
• creates support for future management of risks

Question 15

What are the 2 ongoing processes in the risk management process?

Answer 15

1) communicate and consult

2) monitor and review

Question 16

What is step 1 in the risk management process?

Establish context.

Answer 16

See the wider picture of risks we need to manage.

INTERNAL context: things within police influence how we manage risk (policies and processes, objectives, resources, knowledge and skills)

EXTERNAL context: things outside Police that effector ability to manage risk (social, cultural, political, legal, relationships with stakeholders).

Question 17

How do we manage risk?

Answer 17

1) Planning / SPT’s
2) new initiatives
3) changing how we do things
4) changes in our operating environment
5) near misses, lessons learnt, and events

Question 18

What are the 3 lines of defence?

Answer 18

Police operates a “three lines of defence” operating model.

Everyone on Police is responsible for managing risk.

First line: Everyone - identifying and discussing any potential risks.

Second line: districts / service centres / PNHQ.

Third line: the Assurance group and other independent functions