Chapter 9: Risk Management ** Flashcards

1
Q

Organisational Risk Management

What is the definition of risk?

A

Effect of uncertainty on objectives

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Organisational Risk Management

What are the four key risk categories?

A
  • Operational
  • Corporate
  • Portfolio
  • Strategic
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Organisational Risk Management

What are the five steps and two ongoing processes in Our Risk Management process?

A

Steps:

1) Establish Context
2) Identify Risk
3) Analyse Risk Impact
4) Evaluate Risk
5) Take Action

Ongoing processes:

1) Communicate and consult
2) Monitor and review

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Organisational Risk Management

The Risk Management Process

Ongoing process: Communicate and Consult

Tell me about it

A

Communicate and consult throughout all stages of the risk management process.

Regular communication and consultation helps ensure:

  • stakeholders interests are considered
  • your logic, thinking and judgement are checked
  • creates support for future management of risks.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Organisational Risk Management

The Risk Management Process

Step 1: Establish Context

Tell me about it

A

Establishing context helps up see the wider picture.

We need to understand the:

Internal context:
Things within Police that influence how we manage risk:
 - objectives
 - policies and processes
 - resources
 - knowledge and skill levels
External context:
Things outside of Police
 - social environment
 - cultural environment
 - political environment
 - legal environment
 - relationships with stakeholders
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Organisational Risk Management

The Risk Management Process

Step 2: Identify Risk

Tell me about it

A

We must identity a risk to be able to manage it and to prevent harm.

We are all responsible for identifying risks in our areas of responsibility. This can be done through standard processes like planning, debriefs, lessons learnt, or audits, or it could be ad hoc when you are carrying out your role.

Record risks in a way that can be used by yourself and others.

An unrecorded risk is as dangerous as an unidentified risk.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Organisational Risk Management

The Risk Management Process

Step 3: Analyse Risk

Tell me about it

A

Analysing risk involves working out two things:

1) level of risk
2) controls in place

Level of risk:
is determined using the Risk Matrix. It’s a table with ‘Consequence’ on top and ‘Likelihood’ on the side.
Depending on how likely something is to happen, and how serious it will when if/when it does, the matrix spits out a risk score.

Controls in place:
What controls are in place and how effective are they?
Are these controls likely to reduce the risk occurring or the consequences if it does occur?

Controls could include policies, SOP’s, training, supervision, IT systems and more.

Risk rating = likelihood x consequence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Organisational Risk Management

The Risk Management Process

Step 4: Evaluate

Tell me about it

A

After we know the risks and the controls in place, we must consider how comfortable we are with it and what action be taken.

We could:

  • Act
  • Monitor
  • Accept
  • Acknowledge that effective management is Achieved

You may need to escalate the risk to your manager or governance group if the risk can’t be managed with your level of authority or resources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Organisational Risk Management

The Risk Management Process

Step 5: Take Action

Tell me about it

A

After risk evaluation, if we find that the existing controls are NOT managing a risk to an acceptable level of comfort, the risk owner or governance group must ACT or MONITOR the risk.
To do this, they prioritise a treatment or future action.

Treatments and/or future actions should be prioritised based on:

  • level of risk
  • assurance in the proposed treatments
  • cost/benefits
  • an ongoing assessment of our internal and external context.

Note:
Each District, group, sup-group/team, portfolio, programme or project/product is responsible for managing it’s own risk, or escalating those it cannot manage on it’s own.

The risk owner must monitor and review their decisions (act/monitor/accept/achieved) as often as is appropriate.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Organisational Risk Management

The Risk Management Process

Ongoing process: Monitor and Review

Tell me about it

A

Whatever we’ve decided after a risk evaluation (act, monitor, accept, achieved) the risk owner must monitor and review this decision as often as is appropriate for the level of risk and assurance we have.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Organisational Risk Management

Active Risk Management

What are the three lines of defence for managing risk?

A

1st line: all Police personnel

2nd line: management processes and controls

3rd line: internal audit and assurances

How well did you know this?
1
Not at all
2
3
4
5
Perfectly