Add to collection(s) Add to saved
  1. Business
  2. Finance
Uploaded by Giang Nguyen

Risk Register

advertisement 
Inherent risk (before
control)
Low = 1, High = 5
Safety Controls
Assurance
Residual risk
(remaining risks after
controls have been
applied)
Risk Owner
Risk Type
Inadequately
administering the
contract
During the Contract
implementation
-Leads to overruns on time or
cost
-Full benefits not achieved
-Delivery of unsatisfactory
product
-Contract/supply disputes
-Potential of Fraud and
corruption
4
5
20
-Managing Contract
performance.
-Financial Regulations
Budgetary control
-Maintain up-to-date agency
procedures and practices
-Ensure all staff are suitably
trained and experienced in
contract planning and
management
-Assessment
-Training
-Contract
checklist
-Contract
performance
measurements
3
4
12
Head of
Procurement
Department
Financial
Reputational
2
Environmental
risk: Covid-19
pandemic
Before, during and
after the Contract
implementation
-Delays in delivery
-Delays in payment
-Volume of selling/purchasing
goods does not fulfill the
required amount in the Contract
5
5
25
-Make a proper demand
planning
-Keep a considerable
amount of inventory
-Seek for substitutes
-Contract
3
3
9
Warehousing
Manager
Financial
Reputational
3
Loss or damage to
goods in transit
During the delivery
phase
-Delays in delivery
-Downtime
-Liability disputes
4
4
16
-Include appropriate
packaging instructions in
specification
-Agree on insurance cover
for supplier to provide
-Accept delivery only after
inspection
-Know when title of goods is
transferred to buyer
-Contract
-Insurance
-Inspection
Certificate
2
3
6
Transporting
Manager
Financial
Environmental
Residual Risk
(L x C)
1
Inherent Risk
(L x C)
Consequence
C (1-5)
Potential consequences
Likelihood
L (1-5)
Stage of the contract
management
Consequence
C (1-5)
Risk Description
Likelihood
L (1-5)
Ref
No.
The risk register has an overall aim of improving the logistics contract
management of Mega Market. This risk management plan sets out financial and other
risks and how they will be mitigated. It explains the principles relating to the Company’s
risk management strategy and the approach to be taken with respect to this scheme. It
also refers to the contract management, governance, stakeholder engagement and
communication, procurement and contract management.
The Head of Procurement Department will be responsible for the management
of risks associated with the scheme, including chairing regular risk workshops and
maintaining the Risk Register. The risk management process improves when
responsibility for individual risks are delegated to team members, where necessary.
Therefore, risk workshops will be held at regular intervals during the delivery of the
scheme and will be timed to coincide with various key milestones and activities shown
on the programme.
• Start of detailed design for scheme elements
• Midpoint of detailed design for scheme elements
• Start of procurement for individual scheme elements
• Following award of contract for individual scheme elements
• During mobilisation period
• At frequent intervals during the contracting period.
The effective management of risk and uncertainty through accurate evaluation
and proactive mitigation of risks is critical to the success of the project. The following
guiding principles will be adhered to:
- Risk management is part of all project management board meetings and decisionmaking scheme risk will be managed as an on-going process as part of the
scheme governance structure. A scheme risk register is maintained and updated
at each of the two-weekly risk workshops. Responsibility for the risk register
being maintained is held by the Head of Procurement Department.
- Risk management will be proactively and consistently applied throughout the
contract lifecycle
- Risk communication will be open and transparent to all stakeholders
- The management of risks is to ensure their reduction to a level as low as
‘reasonably practical' or adopt appropriate mitigation strategies.
A risk assessment will be initiated at the beginning of the project, with the
identification and assessment of risks in terms of their likelihood and associated cost
outcomes. The risk assessment will be reviewed regularly and the Contract
Management team will identify risks and measure their impacts on the programme. All
risks will be documented in a register with the impact on the programme clearly defined
and the mitigation set out. The programme will take account of the ‘most likely’
scenario after mitigation.
The 1st step is the identification of all risks affecting the project through risk
workshops and risk reviews, resulting in a risk register. Risk workshops typically
include a mixture of expertise such as engineers, designers, finance officers,
procurement specialists, and environmentalists. On the screen, we have 3 risks in the
risk description, which is a summary of the hazard and what may cause it, after assessing
with the members and specialists. Our group focuses on the analysis of the first risk
“Inadequately administering the contract”. The consequence for not closely supervising
the Contract is mentioned in the next column.
The second step is to identify where the risks are going to arise during the
Contracting period and the consequences to the activity if the risk were to materialize.
For this Contract, the Team divided the risk management into 3 stages: before, during,
and after implementing the Contract. For this risk, ineffective contract administration
leads to overruns on time or cost and failure to meet the set aims. Other outcomes could
be late deliveries, payment delay, disputes arising between the 2 parties as they fail to
perform their obligations, or the worst scenario is the deliberate exploitation of the staff
to embezzle the fund of the company.
The third step of the process is the analysis of the various risks by defining their
distributions in terms of probabilities, impacts and knock-on effects. This information
is gathered through risk workshops and other interactions. A qualitative risk ranking
will be undertaken in the form of a standard decision matrix or the inherent risk columns
in the risk register. In risk management, inherent risk is the natural risk level without
using controls or mitigations to reduce its impact or severity. It is measured by two
factors – impact and likelihood on the scale from 1 to 5. The inherent risk is calculated
by multiplying the 2 elements likelihood and consequence with the highest score of 25.
Any risk scoring 20 or above (i.e. in the red shaded area, named Extreme) are serious
in nature and, therefore, will be under strict control of the Team. The scores from 15 to
19 are in the High level, from 12 to 14 are in the Medium level, while the remaining is
observed as Insignificant. Poor contract administration results in serious deficits, and
there is a great possibility that the Contract is not under proper supervision, therefore,
the team gives this risk the likelihood score of 4 and the impact score of 5. The inherent
risk is 20 after calculating, which is an extremely high threat to the organization.
The fourth step is to identify if there are any controls currently in place to
mitigate those risks. If not, develop and document Risk mitigation actions. For those
risks that have been ranked as medium, high or extreme, address with mitigating
actions:
- Medium: Mitigation actions to reduce the likelihood and seriousness should be
identified and appropriate actions to be endorsed at a Divisional level.
- High: If uncontrolled, a risk event at this level may have a significant impact on
the operations of the Company as a whole. Mitigating actions need to be very
reliable and should be approved and monitored by the contract owner with
reporting to the responsible Dean or Executive Director. Even with mitigating
actions in place, the Executor (contract signatory) should be advised of identified
or potential risks which have been graded at this level.
- Extreme: Activities and projects with unmitigated risks at this level should be
avoided or terminated. Mitigation actions of these types of risks may outweigh
the benefits of the activity to the Company. This is because risk events graded at
this level have the potential to have significant adverse effects to the budget
holder or the Company.
As the score for this risk is 20, the Company takes serious controls such as managing
Contract performance, budget control, maintaining up-to-date procedures and practices
and staff training.
For the Assurance, its aim is to track the effectiveness of the safety control through the
meetings, verification, or internal audit. This risk is managed through assessment,
training, contract checklist, contract performance measurements. The training and
assessment aim to check the professional knowledge, understanding and skills of the
staff, meanwhile the contract checklist is designed to provide valuable insights into the
contract lifecycle management through contract performance measurements such as
annualized contract value, quality/complaints resolved, perfect orders, etc.
The sixth step is to re-assess and re-rank the risks based on residual results.
Residual risk rating is the overall rating given to the hazard based on the likelihood and
consequence after safety controls have been put in place. If the risk rating still remains
high or extreme, there should be the interference of the specialists or third party
consultants. The ranking of the risk after applying the mitigation strategies drops to 12,
which is acceptably in the Medium level.
The seventh step is to identify the name of the position responsible for the hazard
and safety control. There can only be one risk owner per risk in order to avoid the
duplicable responsibility. Head of the Procurement Department is in charge of this risk.
The last one is the risk type. This column shows how the risks are going to affect which
aspects of the Company. Financial risk is risk arising from insufficient funding, losing
monetary resources, spending, fraud or impropriety, or incurring unacceptable
liabilities. Meanwhile, reputational risk is risk from damage to the organization’s
credibility and reputation.
Related documents
Risk Management Plan Guideline
Risk Management Plan Guideline
Risk
Risk
Risk management activities as applied to project management
Risk management activities as applied to project management
Risk Assessment - Health, Safety and Emergency Management
Risk Assessment - Health, Safety and Emergency Management
E&D risk assessment
E&D risk assessment
Standardized Risk Management Terms, Based on ISO/IEC Guide 73
Standardized Risk Management Terms, Based on ISO/IEC Guide 73
Project Update to Leadership
Project Update to Leadership
Risk Assessment of Work
Risk Assessment of Work
Download
advertisement