Risk Register format

advertisement
Risk
Register
Ciaran Whyte
Risk Administrator
Planning & Strategic Projects Unit
January 2011
Agenda
• Objectives of Seminar
• Why manage risks?
• Who should have a risk register?
• Risk Management Theory
• Risk Register format
• Risk Register Intranet Tool
• Risk Registers and Coordinators
• Examples of managing risks
• Risk Assessment Process
• Active Risk Management
Objectives of Seminar
At the end of the seminar you should • Know why you should create a risk register
• Be able to create a risk register
• Know how to keep the register up to date
• Have an awareness of University risk management practices
• Know how to be more successful in risk management
Why manage risks?
risk
definition
“the threat or possibility that an action or event will adversely or
beneficially affect an organization's ability to achieve its objectives”
KNOWN
PROBLEMS
Issues
POTENTIAL
PROBLEMS
pro-active
management
Fire-fighting
Damage limitation
Costly emergency actions
Risks
Containment actions
Contingency
• lower costs
• less stressful
Who should have a risk register?

Project management teams

College / School management teams

Administrative Department management teams

University senior management teams (SAM / SMT)

All groups of people who meet to achieve common objectives
•
Current problems - Minutes / action items
•
Future problems - Risk register
Risk Management Theory
• past experiences
• inputs
• focus areas
• ignore risks outside control
Risk Identification
Risk Evaluation
Risk Mitigation
• determine likelihood or
probability of occurrence
• determine magnitude of
loss or impact
Risk Monitoring
• avoid
• contain
• active acceptance
• passive acceptance
• transfer
• chase actions / reassess probability & impact / add
new risks
• regular reviews of register
• quick & simple communication to key stakeholders
Identifying Risks
When you have a plan for the future project tasks
- step back and consider the possibility of each task failing to meet
timescales / budget / quality objectives
- review all assumptions
Write down a clear definition of the risk – ‘there is a risk that ….... which will impact......’
Consider past experiences
- lessons from past projects or other intellectual material
- review list with other project managers and key project team members
Consider all the evidence
- requirements and design documents, dependencies, resourcing, status reports
Brainstorm with key project individuals
- facilitated sessions – Delphi technique / SWOT analysis
- expert interviews
Foster open communication within project team
- give the team the opportunity to raise risks
- don’t shoot messengers!
Ignore risks over which you have no control
- keep within your scope and what is manageable
Evaluating Risks
Determine likelihood or probability of occurrence
- consider how many times this has been an issue before
- use past experience to guide probability
- select HIGH / MEDIUM / LOW
Determine magnitude of loss and impact
- assess impact in terms of scale of consequences should issue arise
- assess in relation to scope of area being managed
- select HIGH / MEDIUM / LOW
Mitigating Risks
avoid
- eliminate the cause
- remove task/activity causing risk from plan
contain
- add actions to plan to reduce probability (high  medium  low)
- add actions to plan to reduce impact (high  medium  low)
active acceptance
- set aside contingency
- allocate extra resource or finance
- take out insurance
passive acceptance
- do nothing
- accept consequences
transfer
- pass risk to another party
- commercial agreement
• is the action appropriate to risk severity?
• is cost of action effective enough?
• is the action timely enough?
• is the action realistic within project context?
• is the action agreed by all parties?
• is the action owned by a responsible person?
Monitoring Risks
 be disciplined in ensuring that all actions are completed
 ensure risk status covered in regular project reports
 consider new risks as the situation changes
 Gather feedback from owners of existing risks
- changes to probability/impact/trend
 Review RED risks and assign new actions
 Review ‘increasing’ trend risks and assign new actions
 Do NOT review all risks – manage by exception
 escalate in good time to allow mitigation actions to be improved
– don’t wait until it becomes an issue!
Red - existing controls not working/adequate (to escalate)
Amber - existing controls in danger of failing
Green - controls are working
Risk Register format
Project
PI
Project Manager
ID
RAG
Owner
Identification
001
Evaluation
Mitigation
Green
PI
002
Amber
PM
003
Red
PM
004
Green
PI
there is a risk that insufficient resources will be available
due to sickness, unplanned absences, etc. to deliver
committed Project activity which will impact the delivery
of Project outputs
there is a risk that the space and office facilities
necessary to support Project team members is
inadequate which will impact the delivery of Project
outputs and staff morale
there is a risk that xxxxxxxxxxxxxx are not supportive of
achieving xxxxxxxxxxx which will impact the ability to
xxxxxxxxxxxxxxxxx
there is a risk that timescales are not achievable due to
delays with pre-requisite activities which will impact the
timely delivery of plans and other outputs
Probability
M
Impact
H
Action Due
1. all team members
2. all team members
3. all team members
4. PI
1. ongoing
2. Oct 2009
3. Aug 2009
4. ongoing
1. July 2009
2. ongoing
1. Jul 2009
Increasing
H
M
Increasing
involve xxxxxxx in delivery of xxxxxxxxxxxxxxx
M
M
1. create Project plan of all outputs
No change 2. establish and communicate all leadtimes for Project deliverables
1. liaise with xxxxxxxxxxx to ensure that data is made readily available
2. timetable of available data published for xxxxxxxxxxxxxxx
1. ano3
1. ongoing
3. create timescales for all deliverables to allow time to gather
2. PI
2. Quarterly
No change relevant information
3. all team members 3. Every 6 months
H
M
PI
there is a risk that relationships with external partners
could be jeopardised strategically due to issues relating
to xxxxxxxxxxxxxxx
M
M
Green
Action By
H
PI
006
Controls/Actions
1. maintain holiday plans
2. ensure working instructions documented for all regular services
3. create deputy cover plan and conduct training
4. conduct regular reviews of Project commitments and secure
No change increased funding when required
M
M
ANO3
Trend
1. PM
1. assign responsibility for Estates interface to a single team member 2. PM and individual
2. gather feedback in individual reviews
team members
L
Green
Amber
Description & Impact
03/07/2009
03/08/2009
Date this revision
Date next revision
there is a risk that timely, relevant, up-to-date data isn't
available to create Project deliverables
there is a risk that priorities from higher management will
change during the Project, which will impact the Project
workload and achievement of outputs
005
007
name of project
ANO1
ANO9
PM
1. PI
1. Aug 2009
2. all team members 2. Oct 2009
1. create a change process by which new priorities are assessed for
Decreasing impact, have agreement and implementation plans
1. Aug 2009
1. PM
1. formalise a clear communications channel between xxxxxxxxxx on
existing relationships with external partners
2. Assign a liaison(s) for each external partner and use them to help 1. PM
1. Aug 2009
Increasing address project issues
2. all team members 2. Aug 2009
Risk Register Intranet Tool - Solution
HR/payroll
Authorised
names/depts
Owners –
read only
access
Intranet
Risk Register
Risk log
print-out for
meetings
Warning
messages
Coordinators –
update access
Administrator –
total access and
Audit reporting
Risk Register Intranet Tool - Roles
University / School /
Administrative Department
Register
Owner
View all risks
‘owned’
View all risks
in register
Risk
Owner
Risk Database
Project
Project
Manager
Manage risks
for assigned School
or Admin Dept
Manage risks for
named project
Administrator
Risk
Coordinator
• View all University risks
• create new project register
• School/Dept register restructuring
• access control
• audit and monitoring
• reporting to SAM/SMT/Audit Committee
Risk Registers & Coordinators
Administrative
Department
Code
Risk Coordinator
Academic Registry
ACR
Adrian Novis
ISS
ISS
Tony Ollier
DRI
DRI
Chris Talbot
Catering
CAT
Les Carmichael
School / College
Code
Risk Coordinator
Arts & Humanities
AAH
Debbie Marshall
Business & Economics
BAE
Alan Evans
Conference Services
CON
Peter Belcher
DACE
DAC
Judith James
Egypt Centre
EGY
Carolyn Graves-Brown
Engineering
ENG
Steve Davies
Estates
EST
Ian MacPherson
SOTEAS
SOT
Adrian Luckman
Finance
FIN
Phil Gough
Health & Human Sciences
HHS
John Davies
HR
HRE
John Cox
Law
LAW
Andrew Beale
Marketing
MKT
Chris Marshall
Medicine
MED
Paul Roberts /
Sian Roberts
PSPU
PSP
Ciaran Whyte
Residential Services
RES
Gareth Atkinson
Niels Jacob
Safety Office
SAF
Graham Jones
Sport & Physical Recreation
SPR
Kevin Harrison
Student Services
STS
Sarah Huws-Davies
Taliesin Arts Centre
TAL
Sybil Crouch
VC’s Office
VCO
Martin Lewis
University
UNI
Ciaran Whyte
Physical Sciences
PHY
Examples of managing risks
ID
RAG
U008 Amber
SMG
Working with
Others
Efficiency &
U009 Amber Effectiveness
U010 Amber
U011 Amber
Building
Common
Purpose
Building
Common
Purpose
SMT Owner
Description & Impact
Probability Impact
VC
failure to project an even better reputation
of Swansea University
M
Raymond
Ciborowski
failure to manage the University efficiently
or effectively within changing external
market conditions which will impact
delivery of services and University
finances
M
VC
Raymond
Ciborowski
in times of pressure on public funding
failure to recruit, retain and motivate high
quality staff to maintain the rate of
academic development of the University M
failure to maximise the performance of
staff which will impact the quality of
services delivered and University finances M
H
H
M
M
Trend
Controls/Actions
1. disseminate marketing strategy
and put initial project plans in place
2. coordinate the contractual
obligations of all EU activity into a
coherent economic delivery plan
3. maximise the repertoire of case
studies with business and industry
and then market these working with
DRI and the new business marketing
Increasing forum structure
1. establish key performance
indicators
2. establish improved mgt reporting
processes
3. external advice on impact of HE
No change market changes
1. ensure robust HR policies and
practices
2. implementation of HR policies
3. management of staff
4. ensuring adequate physical
Increasing environments for staff
1. provide training and staff
development to Schools on
performance management
2. implement performance
management processes
3. to be addressed in Business
No change Planning process
Proxi
mity
Action By
1. SMT / Raymond Ciborowski /
Catherine Mullin
2. Noel Thompson / Ian Cluckie
/ Head of Schools or Colleges
3. Noel Thompson / Ian Cluckie
/ Head of Schools or Colleges
1. Pat Price / Phil Gough
2. Raymond Ciborowski
3. Raymond Ciborowski
1. David Williams
2. David Williams
3. Head of Schools or Colleges /
Directors of Administration
4. Craig Nowell / Head of
Schools or Colleges / Directors
of Administration
1. Raymond Ciborowski / David
Williams / Andrew Morgan
2. Head of Schools
3. Noel Thompson /
Ian Cluckie / Pat Price
Action
Due
1. Dec
2010
2. Aug
2011
3. Aug
2011
Aug-11
Aug-11
Aug-11
Risk Assessment Process
 Pre-risk assessment checklist

22 multiple choice questions

A – low risk

B – medium risk

C – high risk

Identifies impacts to administrative functions
 Risk Assessment Review

Risk assessment checklist

Risk register

DRI summary of finances

Summary presentation (major projects)
 SMT approval
 Risk.Assessment@swansea.ac.uk
Active Risk Management
 track risk actions as part of your status reporting
 foster a ‘heads-up’ culture as part of tracking to keep looking ahead
 start all tasks as early as possible to increase mitigation options
 maintain open and non-threatening communications
 decriminalise risk within project team – keep a positive attitude!
 Involve the key project skills in risk management – not just PMs
 communicate risk information – stakeholders & project team
 maintain your Project Files– and risk audit trail
Risk management provides a –
•
more efficient and cheaper way of working
•
less stressful working environment
Conclusions
THANK YOU for your time today
c.m.whyte@swansea.ac.uk
Download