Add to collection(s) Add to saved
  1. Business
  2. Management
  3. Project Management

ECU Risk Management Plan

advertisement 
Risk Management Plan
[Insert Project or Activity name]
This document is confidential and has been prepared solely for internal use by management and staff of Edith Cowan University. It must
not be disclosed to any third party without the consent of the Director, Risk Management & Audit Assurance. Edith Cowan University
accepts no responsibility, liability or duty of care to any third party for any observations or conclusions which are stated or implied in this
report.
NOTE: Text in this font is included as a guide for document authors and is to be deleted in
the final version. Italicised text in the main document is for guidance only and should be
substituted with the relevant project data and re-formatted as normal text.
Document Location
[Indicate where the document will be located. This will assist staff with accessing or
retrieving the document. Areas where the document may be located include; Faculty/School
web page, Office of Research and Innovation, Centre.]
Revision History
The following updates have been made to this document:
Version Revision
Date
Summary of changes made
Changes made by.
Approvals
This document requires the following approvals:
Signed approvals are filed in the Management Section of this document.
Name
Title/position
Date of approval
Distribution
This document has been distributed to:
Name
Title/position
Version: <Insert version>
Issues: <Insert issue date.
Printed: 22/03/2016 8:29:00
PM
Date of issue
Table of Contents
1.
Introduction ....................................................................................................... 4
2.
Context............................................................................................................... 4
3.
Roles and Responsibilities .............................................................................. 4
4.
Communication and Consultation ................................................................... 4
5.
Risk Identification and Analysis ...................................................................... 4
5.1.
5.2.
5.3.
5.4.
5.5.
5.6.
Risk Identification................................................................................................ 5
Risk Analysis ....................................................................................................... 5
Risk Evaluation .................................................................................................... 5
Risk Treatment .................................................................................................... 6
Monitoring and Review ....................................................................................... 6
Risk Reporting ..................................................................................................... 6
6.
Documentation .................................................................................................. 7
7.
Approval ............................................................................................................ 7
Read this first
This Risk Management Plan (RMP) is produced as a stand-alone document for a University
activity/event, or as a component of a Project Management Plan (PMP). It describes whom,
what, when, where, how and why of the risks to your project or activity, and include such
aspects as:



Who:
o
Are the stakeholders;
o
Have various responsibilities within the project or activity;
o
Is responsibility for approvals;
o
Ensures that the risks and controls are being monitored.
What risk management (identification, analysis, evaluation, treatment, monitoring)
activities are being conducted for the management of risk to ensure compliance with
ECU Risk Management Policy and the AS/NZ ISO 31000:2009 – Risk Management –
Principles and Guidelines.
This RPM is not to be a generic plan, but is to ensure that specific information is
provided to the project team or activity participants. In doing so, the risk management
activities will be clear, unambiguous, understood and actioned by all parties.
A practical and well thought out RMP will define how you are to deal with risk. Moreover, it
will help to create a culture of sensible risk awareness and management of your project or
activity.
1. Introduction
The introduction addresses the purpose and objectives of the Risk Management Plan (RMP),
and should provide a brief summary of the project or activity.
2. Context
The context has to clearly outline the project or the activity’s objectives and scope for each
stage. The context needs to provide a description of any arrangements, including political,
legal, or international influences that could affect or assist in the management of the risks.
There should also be clear linkages to the Universities Strategic Priorities, Functional Plans
and/or Faculty/Centre Annual Plans
Furthermore, the context needs to detail any relationships and/or interconnections whereby
the project or activity will have an effect upon safety, environment, or regulatory frameworks
3. Roles and Responsibilities
The RMP is to detail the organisation involved in the project and the activity team
responsible for managing the risks. This should include the person/s responsible for the
following:

Project or activity sponsor;

Oversighting the risk management process;

Identifying, and assessing risks to the project or activity;

Determining or approving;
o
The risk assessment;
o
Implementing risk treatments; and
o
The review and monitoring of associated risks.
Roles within the project/activity need to be defined to ensure that that risk owners are aware
of their risk management responsibilities for the duration of the project/activity.
4. Communication and Consultation
The RMP is to identify the internal and external stakeholders and the mechanisms for
engaging them. At this point project/activity managers should document stakeholders and
other relevant contact details.
5. Risk Assessment
The following risk management process is conducted in accordance with the AS/NZ ISO
31000:2009 – Risk management – Principles and Guidelines, and ECU’s Integrated Risk
Management Policy.
5.1. Risk Identification
The RMP is to describe the methods used to identify the risks. This should include who was
involved; sources of information; and the processes used. The aim of this step is to generate a
list of risks, based upon the project or activity that might create, enhance, prevent, accelerate
or delay a successful outcome. ECU has pre-defined risk categories that will assist you in
providing structure in the risk identification process.
Once you have identified the risks they need to be recorded in an RMAA Risk Register
Template. The following link will redirect you to the appropriate resource:
http://intranet.ecu.edu.au/staff/centres/risk-management-and-audit-assurance/riskmanagement/risk-management-tools-and-templates
5.2. Risk Analysis
Analysing the risks previously identified will build an understanding of the risks, and needs
to take into consideration the cause and source of the risk, existing treatments/controls in
place, and the positive and negative effects of the consequences and the likelihood of the
consequences occurring.
Determining the outcomes (Likelihood/Consequences) of an event can be achieved through a
number of processes. This can include either or a combination of the following:

Experience and exposure in the industry or organisation,

Previous outcomes from an event or events,

Event modelling, and/or

Extrapolation of available data from studies, or statistics.
Analysing the risk for the RPM is to be conducted utilising the Risk Assessment Matrix at
Appendix1. Once the level of risk has been determined, it is to be documented within the
RMAA Risk Register.
5.3. Risk Evaluation
Evaluating the process assists in making decisions based upon the outcomes of the risk
analysis. The RMP is to describe the procedures for evaluating and prioritising risks to the
project or activity. This will assist in identifying which risks require further treatment and the
priority for treatment implementation? In some cases, risks may be low and not require
implementing treatments. Whilst other risks will need to be considered for treatment, this will
depend upon the level of risk tolerance.
The table below can be utilised as a means to illustrate the number and level of risks that
have the potential to influence the outcome of the project or activity.
Risk Level
Number of risks identified
Low
Moderate
Substantial
High
Extreme
Note: Where a RMP is developed for Strategic Projects and/or International Programs the
qualitative and quantitative risk score from the Risk Register must be included. This will
ensure that approving Committees or Council have oversight of the risks.
5.4. Risk Treatment
The RMP is to describe the risk treatment procedures. The development of treatment
measures will minimise the impact of an identified risk. Risks identified as Moderate or above
require the implementation of treatment measures; these measures include:

Avoiding the risk by changing aspects of the project or activity to eliminate the threat.
This can be achieved by clarifying requirements, obtaining more information,
improving communication, or obtaining expertise.

Take the risk by informed decision or increase the risk in order to pursue an
opportunity.

Removing the source of the risk.

Sharing the risk with another group or party.

Mitigating the risk by reducing the likelihood or the consequences to an acceptable
level.
When a risk has not been treated in a way that entirely eliminates it, then indicators of the
risk eventuating may need to be identified. Indicators identified will need to be included as
part of this RPM to ensure that members of the project are conscious of any change.
6. Monitoring and Review
Monitoring and reviewing the project or activity’s risks needs to be an ongoing element of the
project/activity life cycle. The RMP is to detail when the timeframes for when this plan is to
be reviewed; reviews can be regular, periodic or ad hoc. Whatever frequency is determined,
it is to be documented in this plan. Monitoring and review is to ensure that the mechanisms
for reporting to stakeholders remain current.
7. Risk Reporting
The RMP is to detail the processes for reporting risks, including the reporting mechanisms
used and timeframes. In addition, any emerging risk identified during the project or activity
life cycles are to be included into the RMP.
8. Documentation
The results of the risk process are to be included in the Risk Register Template which is to be
attached to this RMP.
Approval
I (Name) ……………………….., (Position) …………………………………, being the
project/activity sponsor approve this Risk Management Plan and supporting Risk
Register.
(Insert signature block)
I (Name) ……………………….., (Position) …………………………………, being the
project/activity approver endorse this Risk Management Plan and supporting Risk
Register.
(Insert signature block)
Appendix 1 – Risk Assessment Matrix
DELEGATIONS
Low
Moderate
Substantial
RESPONSIBLE
OFFICER
No injuries
First aid treatment
Medical treatment
Death or extensive
injuries
< $50K or 5% of
Operational
Budget
$250K - $3M or 25%
of
Operational Budget
$3M - $10M or 50%
of
Operational Budget
Little or no impact
on assets
$50K - $250K or
10% of
Operational
Budget
Minor loss or
damage to assets
Major damage to
assets
Significant loss of
assets
Complete loss of assets
< 1/2 day
1/2 - 1 day
1 day to < 1 week
1 week - 1 month
> 1 month
Unsubstantiated,
low impact, low
profile or no news
items
Substantiated, low
impact,
low news profile
Substantiated, public
embarrassment,
moderate impact,
moderate news
profile
Substantiated, public
embarrassment, very
high multiple impacts ,
high widespread news
profile, third party
actions
> 50% variation to
relevant PI's
Injuries
Staff
Financial Loss
HOS/Manager/
Associate Dean
Executive
Dean/Dean/
Director
Asset Loss
Interruption to
Services
Multiple Deaths or
severe
permanent disabilities
> $10M or >50% of
Operational Budget
High
Chancellery
Member
Reputation &
Image
Extreme
V-C
Academic
Performance
Up to 5%
variation to
relevant PI's
5 -10% variation to
relevant PI's
10 - 25 % variation
to relevant PI's
Substantiated,
public
embarrassment,
high impact, high
news profile, third
party actions
25 - 50% variation
to relevant PI's
CONSEQUENCES
Minor
Disruptive
Serious
Critical
Catastrophic
Score
1
2
3
4
5
Rare
(<5%probability)
1
1
(Low)
2
(Low)
3
(Low)
4
(Low)
5
(Moderate)
Possible
(5-10%probability)
2
2
(Low)
4
(Low)
6
(Moderate)
8
(Moderate)
10
(Substantial)
This event may occur more than twice
during the life cycle of the activity or
during the life of the equipment
Occasional
(10-25%
probability)
3
3
(Low)
6
(Moderate)
9
(Moderate)
12
(Substantial)
15
(High)
This event may occur frequently during
the life cycle of the activity or during
the life of the equipment
Likely
(25-50%
Probability)
4
4
(Low)
8
(Moderate)
12
(Substantial)
16
(High)
20
(Extreme)
Expected to occur routinely during the
life cycle of the activity or during the
lifetime of the equipment
Almost Certain
(>50% Probability)
5
5
(Moderate)
10
(Substantial)
15
(High)
20
(Extreme)
25
(Extreme)
Description
Theoretically possible but not
expected to occur during the life cycle
of the activity or the lifetime of the
equipment
Possible that it may occur once during
the life cycle of the activity or the life of
the equipment
LIKELIHOOD
Related documents
APPLICATION FORM Students )
APPLICATION FORM Students )
Major Angus Leacroft Drew RMP – By the Regimental Secretary
Major Angus Leacroft Drew RMP – By the Regimental Secretary
Risk assessment template
Risk assessment template
Chapter 7 Trajectory Generation
Chapter 7 Trajectory Generation
Linear Positioning System 11-17
Linear Positioning System 11-17
General Risk Assessment Form
General Risk Assessment Form
WUN RMP Application Form PhD
WUN RMP Application Form PhD
School hazards assessment
School hazards assessment
Optional Prompts
Optional Prompts
REGIONAL MASTER PLAN UPDATE  
REGIONAL MASTER PLAN UPDATE  
F-15E Radar Modernization Program (RMP)
F-15E Radar Modernization Program (RMP)
Download
advertisement