Organisational risk management Flashcards
How is risk defined
The effect of uncertainty on objectives
What is the difference between a risk and threat or hazard
Risk takes information and considers uncertainty to make an overall assessment.
A threat is a human actor
A hazard is a geological fault
Both can contribute to risk
What does understanding the need to escalate risk outside of our control do
- Ensures we are supported to carry out our roles
- Enables us to have confidence in our BAU processes
- Gives the executive assurance that risks across Police are being managed effectively
What are the types of risks and how do we manage them
We follow the risk oversight framework
- Operational
- Corporate
- Portfolio
- Strategic
What is an operational risk
May affect the achievement of day to day operations and may relate to planned objectives and deliverables at an operational level
What is a corporate risk
May affect the achievement of cross-organisational objectives
- Legislative and regulatory compliance
- Information management
- Assest management
- People and capability ie recruitment capacity capability pipeline and staffing mix
- external environment
What is a portfolio risk
Relates to delivery of portfolio and programmes and projects
What is a strategic risk
May affect the achievement of strategic objectives spelt out in our business
What is the 5 step management risk process
- Establish context
- Identify risk
- Analyse risk impact
- Evaluate risk
- Take action
How do we establish context
By understanding the internal and external content
So things within the Police that influence how we manage risk and things outside Police that affect our ability to manage risk
How do we proactively identify risks to be able to manage them
- Select an approach to risk identification
- Consider the potential risks to achieving objective and outcomes as well as the possible opportunities
- Record the risk, be clear about the cause, what could happen and who will be responsible for taking action
How do we analyse risk
Seek further information to develop an understanding of two key things
1. The level of risk - Your consequence and likelihood leads you to your risk rating
Likelihood - Rare, Unlikely, Possible, Likely, Almost certain
Consequence - Negligible, Minor, Moderate, Major, Severe
By determining the likelihood and consequence of the risk you are able to categorise and communicate it’s significance
- We need to identify any existing controls in place and determine how effective these are
How do we evaluate risk
We may decide to
- Act
- Monitor
- Accept
- Acknowledge that effective management is achieved
How do we take action
Treatments and any future action for different risks should be prioritised based on
- Level of risk
- Assurance in the proposed treatments
- Relative costs and benefits of treatments/future action AND
- An ongoing assessment of our internal and external context
What are the three lines of defence for active risk management
1st line: All Police personnel
2nd line: Management processes and controls
3rd line: Internal audit and assurance
