Risk Register Ciaran Whyte Risk Administrator Planning & Strategic Projects Unit January 2011 Agenda • Objectives of Seminar • Why manage risks? • Who should have a risk register? • Risk Management Theory • Risk Register format • Risk Register Intranet Tool • Risk Registers and Coordinators • Examples of managing risks • Risk Assessment Process • Active Risk Management Objectives of Seminar At the end of the seminar you should • Know why you should create a risk register • Be able to create a risk register • Know how to keep the register up to date • Have an awareness of University risk management practices • Know how to be more successful in risk management Why manage risks? risk definition “the threat or possibility that an action or event will adversely or beneficially affect an organization's ability to achieve its objectives” KNOWN PROBLEMS Issues POTENTIAL PROBLEMS pro-active management Fire-fighting Damage limitation Costly emergency actions Risks Containment actions Contingency • lower costs • less stressful Who should have a risk register? Project management teams College / School management teams Administrative Department management teams University senior management teams (SAM / SMT) All groups of people who meet to achieve common objectives • Current problems - Minutes / action items • Future problems - Risk register Risk Management Theory • past experiences • inputs • focus areas • ignore risks outside control Risk Identification Risk Evaluation Risk Mitigation • determine likelihood or probability of occurrence • determine magnitude of loss or impact Risk Monitoring • avoid • contain • active acceptance • passive acceptance • transfer • chase actions / reassess probability & impact / add new risks • regular reviews of register • quick & simple communication to key stakeholders Identifying Risks When you have a plan for the future project tasks - step back and consider the possibility of each task failing to meet timescales / budget / quality objectives - review all assumptions Write down a clear definition of the risk – ‘there is a risk that ….... which will impact......’ Consider past experiences - lessons from past projects or other intellectual material - review list with other project managers and key project team members Consider all the evidence - requirements and design documents, dependencies, resourcing, status reports Brainstorm with key project individuals - facilitated sessions – Delphi technique / SWOT analysis - expert interviews Foster open communication within project team - give the team the opportunity to raise risks - don’t shoot messengers! Ignore risks over which you have no control - keep within your scope and what is manageable Evaluating Risks Determine likelihood or probability of occurrence - consider how many times this has been an issue before - use past experience to guide probability - select HIGH / MEDIUM / LOW Determine magnitude of loss and impact - assess impact in terms of scale of consequences should issue arise - assess in relation to scope of area being managed - select HIGH / MEDIUM / LOW Mitigating Risks avoid - eliminate the cause - remove task/activity causing risk from plan contain - add actions to plan to reduce probability (high medium low) - add actions to plan to reduce impact (high medium low) active acceptance - set aside contingency - allocate extra resource or finance - take out insurance passive acceptance - do nothing - accept consequences transfer - pass risk to another party - commercial agreement • is the action appropriate to risk severity? • is cost of action effective enough? • is the action timely enough? • is the action realistic within project context? • is the action agreed by all parties? • is the action owned by a responsible person? Monitoring Risks be disciplined in ensuring that all actions are completed ensure risk status covered in regular project reports consider new risks as the situation changes Gather feedback from owners of existing risks - changes to probability/impact/trend Review RED risks and assign new actions Review ‘increasing’ trend risks and assign new actions Do NOT review all risks – manage by exception escalate in good time to allow mitigation actions to be improved – don’t wait until it becomes an issue! Red - existing controls not working/adequate (to escalate) Amber - existing controls in danger of failing Green - controls are working Risk Register format Project PI Project Manager ID RAG Owner Identification 001 Evaluation Mitigation Green PI 002 Amber PM 003 Red PM 004 Green PI there is a risk that insufficient resources will be available due to sickness, unplanned absences, etc. to deliver committed Project activity which will impact the delivery of Project outputs there is a risk that the space and office facilities necessary to support Project team members is inadequate which will impact the delivery of Project outputs and staff morale there is a risk that xxxxxxxxxxxxxx are not supportive of achieving xxxxxxxxxxx which will impact the ability to xxxxxxxxxxxxxxxxx there is a risk that timescales are not achievable due to delays with pre-requisite activities which will impact the timely delivery of plans and other outputs Probability M Impact H Action Due 1. all team members 2. all team members 3. all team members 4. PI 1. ongoing 2. Oct 2009 3. Aug 2009 4. ongoing 1. July 2009 2. ongoing 1. Jul 2009 Increasing H M Increasing involve xxxxxxx in delivery of xxxxxxxxxxxxxxx M M 1. create Project plan of all outputs No change 2. establish and communicate all leadtimes for Project deliverables 1. liaise with xxxxxxxxxxx to ensure that data is made readily available 2. timetable of available data published for xxxxxxxxxxxxxxx 1. ano3 1. ongoing 3. create timescales for all deliverables to allow time to gather 2. PI 2. Quarterly No change relevant information 3. all team members 3. Every 6 months H M PI there is a risk that relationships with external partners could be jeopardised strategically due to issues relating to xxxxxxxxxxxxxxx M M Green Action By H PI 006 Controls/Actions 1. maintain holiday plans 2. ensure working instructions documented for all regular services 3. create deputy cover plan and conduct training 4. conduct regular reviews of Project commitments and secure No change increased funding when required M M ANO3 Trend 1. PM 1. assign responsibility for Estates interface to a single team member 2. PM and individual 2. gather feedback in individual reviews team members L Green Amber Description & Impact 03/07/2009 03/08/2009 Date this revision Date next revision there is a risk that timely, relevant, up-to-date data isn't available to create Project deliverables there is a risk that priorities from higher management will change during the Project, which will impact the Project workload and achievement of outputs 005 007 name of project ANO1 ANO9 PM 1. PI 1. Aug 2009 2. all team members 2. Oct 2009 1. create a change process by which new priorities are assessed for Decreasing impact, have agreement and implementation plans 1. Aug 2009 1. PM 1. formalise a clear communications channel between xxxxxxxxxx on existing relationships with external partners 2. Assign a liaison(s) for each external partner and use them to help 1. PM 1. Aug 2009 Increasing address project issues 2. all team members 2. Aug 2009 Risk Register Intranet Tool - Solution HR/payroll Authorised names/depts Owners – read only access Intranet Risk Register Risk log print-out for meetings Warning messages Coordinators – update access Administrator – total access and Audit reporting Risk Register Intranet Tool - Roles University / School / Administrative Department Register Owner View all risks ‘owned’ View all risks in register Risk Owner Risk Database Project Project Manager Manage risks for assigned School or Admin Dept Manage risks for named project Administrator Risk Coordinator • View all University risks • create new project register • School/Dept register restructuring • access control • audit and monitoring • reporting to SAM/SMT/Audit Committee Risk Registers & Coordinators Administrative Department Code Risk Coordinator Academic Registry ACR Adrian Novis ISS ISS Tony Ollier DRI DRI Chris Talbot Catering CAT Les Carmichael School / College Code Risk Coordinator Arts & Humanities AAH Debbie Marshall Business & Economics BAE Alan Evans Conference Services CON Peter Belcher DACE DAC Judith James Egypt Centre EGY Carolyn Graves-Brown Engineering ENG Steve Davies Estates EST Ian MacPherson SOTEAS SOT Adrian Luckman Finance FIN Phil Gough Health & Human Sciences HHS John Davies HR HRE John Cox Law LAW Andrew Beale Marketing MKT Chris Marshall Medicine MED Paul Roberts / Sian Roberts PSPU PSP Ciaran Whyte Residential Services RES Gareth Atkinson Niels Jacob Safety Office SAF Graham Jones Sport & Physical Recreation SPR Kevin Harrison Student Services STS Sarah Huws-Davies Taliesin Arts Centre TAL Sybil Crouch VC’s Office VCO Martin Lewis University UNI Ciaran Whyte Physical Sciences PHY Examples of managing risks ID RAG U008 Amber SMG Working with Others Efficiency & U009 Amber Effectiveness U010 Amber U011 Amber Building Common Purpose Building Common Purpose SMT Owner Description & Impact Probability Impact VC failure to project an even better reputation of Swansea University M Raymond Ciborowski failure to manage the University efficiently or effectively within changing external market conditions which will impact delivery of services and University finances M VC Raymond Ciborowski in times of pressure on public funding failure to recruit, retain and motivate high quality staff to maintain the rate of academic development of the University M failure to maximise the performance of staff which will impact the quality of services delivered and University finances M H H M M Trend Controls/Actions 1. disseminate marketing strategy and put initial project plans in place 2. coordinate the contractual obligations of all EU activity into a coherent economic delivery plan 3. maximise the repertoire of case studies with business and industry and then market these working with DRI and the new business marketing Increasing forum structure 1. establish key performance indicators 2. establish improved mgt reporting processes 3. external advice on impact of HE No change market changes 1. ensure robust HR policies and practices 2. implementation of HR policies 3. management of staff 4. ensuring adequate physical Increasing environments for staff 1. provide training and staff development to Schools on performance management 2. implement performance management processes 3. to be addressed in Business No change Planning process Proxi mity Action By 1. SMT / Raymond Ciborowski / Catherine Mullin 2. Noel Thompson / Ian Cluckie / Head of Schools or Colleges 3. Noel Thompson / Ian Cluckie / Head of Schools or Colleges 1. Pat Price / Phil Gough 2. Raymond Ciborowski 3. Raymond Ciborowski 1. David Williams 2. David Williams 3. Head of Schools or Colleges / Directors of Administration 4. Craig Nowell / Head of Schools or Colleges / Directors of Administration 1. Raymond Ciborowski / David Williams / Andrew Morgan 2. Head of Schools 3. Noel Thompson / Ian Cluckie / Pat Price Action Due 1. Dec 2010 2. Aug 2011 3. Aug 2011 Aug-11 Aug-11 Aug-11 Risk Assessment Process Pre-risk assessment checklist 22 multiple choice questions A – low risk B – medium risk C – high risk Identifies impacts to administrative functions Risk Assessment Review Risk assessment checklist Risk register DRI summary of finances Summary presentation (major projects) SMT approval Risk.Assessment@swansea.ac.uk Active Risk Management track risk actions as part of your status reporting foster a ‘heads-up’ culture as part of tracking to keep looking ahead start all tasks as early as possible to increase mitigation options maintain open and non-threatening communications decriminalise risk within project team – keep a positive attitude! Involve the key project skills in risk management – not just PMs communicate risk information – stakeholders & project team maintain your Project Files– and risk audit trail Risk management provides a – • more efficient and cheaper way of working • less stressful working environment Conclusions THANK YOU for your time today c.m.whyte@swansea.ac.uk