| |
| |
|
|
| |
Why help is needed to manage risk
A number of reports have been published recently concerning risk management. Each looks at specific aspects on risk management. Most notably the UK National Audit Office (NAO) study of risk management (Supporting Innovation: Managing Risk in Government Departments), the UK Cabinet Office's report Successful IT: Modernising Government in Action, and HM Treasury's Orange Book provide valuable messages.
The above demonstrates that there is a significant amount of guidance available on risk management. But, as stated in the Successful IT report, there is little evidence of sustained uptake. Part of the reason for this is seen as the potentially divergent advice (and language used) within the various reports which makes adoption difficult.
Management of risk is critical to organisational success. Informed risk-taking helps to improve performance through innovative approaches for managing the business, service delivery and value for money. Thus we need to improve the implementation of risk management practices.
Coverage of M_o_R
The key areas that have to be, and are addressed, in M_o_R are:
- The requirements of corporate governance – including more focused and open ways of managing risk
- The need for a ‘risk owner' at senior level, for an activity (e.g. strategy, programme or project). He or she is supported by risk owners at everyday working levels as appropriate for the activity and risk exposure
- The need for improved reporting and upward referral of major problems opportunities and the potential resolution approaches
- The need for shared understanding of risk management at all levels in the organisation and with partners, combined with consistent treatment of risk
|
|
| |
Managing project risk in the wider context of programmes of change and the business.
Management of risk covers a wide range of topics, including business continuity management, security, programme/project risk management and operational service management. These topics need to be placed in the context of an organisational framework for the management of risk. Some risk-related topics, such as security, are highly specialised and the M_o_R guidance provides only an overview of such aspects.
The OGC Management of Risk approach complements the OGC's guidance on programme and project management. |
|
|
|
|
| |
|
|
| |
Essential elements of risk management
Risk includes the probability of both good and bad outcomes; the consideration of risk has to be set in the context of opportunity. The task of risk management is to limit the organisation's exposure to an acceptable level of risk by taking action on the probability of the risk occurring, its impact or both. The principles of risk management can be directed both to limiting adverse outcomes and achieving desirable ones. |
|
| |
|
|
| |
The key elements that need to be in place include:
- Nominated senior management individuals to support, own and lead on risk management
- Risk management policies, and the benefits of following them, clearly communicated to all staff
- Existence and adoption of a framework for management of risk that is transparent and repeatable
- Existence of an organisational culture that supports well thought-through risk taking and innovation
- Management of risk fully embedded in management processes and consistently applied
- Management of risk closely linked to achievement of objectives
- Risks associated with working with other organisations explicitly assessed and managed
- Risks actively monitored and regularly reviewed on a constructive ‘no-blame' basis.
|
|
|
|
Joint working and partnerships often involve more complex types of risk that can adversely affect the delivery of business services. For example, if part of the service provided by one organisation is delayed or of poor quality, the success of the whole collaboration can be put at risk. |
|
|
| |
|
|
| |
|
|
|
|
