2013-04-18-risk-management

Report
Risk Management 101
Tom Dixon (Bright Consulting)
ANU Risk Management Matrix
Consequence
Minor
Moderate
Major
Catastrophic
(1)
(2)
(3)
(4)
M-4
H-8
E-12
E-16
M-3
M-6
H-9
E-12
L-2
M-4
M-6
E-8
L-1
L-2
M-3
M-4
Almost
Certain
Likelihood
(4)
Likely
(3)
Possible
(2)
Unlikely
(1)
Likelihood
Title
Almost Certain
Probability
Historical
>50%
Is expected to occur in most circumstances
Likely
25% –50%
Will probably occur in most circumstances
Possible
5% – 25%
Might occur at some time in the future
Unlikely
<5%
May only occur in exceptional circumstances
Consequence
Risk
Minor
Moderate
Major
Catastrophic
(1)
(2)
(3)
(4)
Scrutiny required
by internal
committees or
internal audit to
prevent
escalation.
Scrutiny required
by external
committees or
ACT Auditor
General’s Office,
or inquest, etc.
Intense public,
political and
media scrutiny.
E.g. front page
headlines, TV,
etc.
Assembly inquiry
or Commission of
inquiry or adverse
national media.
Financial
2.5% of Budget
> 5% of Budget
> 10% of Budget
>25% of Budget
Safety and
Minor injuries /
first aid
required
First aid and
ongoing medical
treatment.
Probable lost
time.
Extensive injuries/
possible multiple
injuries. Single
Fatality
Multiple Fatality
Minor damage.
Loss of operation
no more than 1
day.
Significant damage
to assets. Loss of
operation between
1 day to 1 week.
Compliance
Minor breach of
statue or
regulation.
Formal warning
from regulator.
Schedule
2.5% of Duration
> 5% of Duration
Category
Reputation
& Image
Injury
Operational
Loss
Major damage to
assets. Loss of
operations
between 1 week
and 1 month.
Suspension of
activity and
prosecution/
financial penalty.
> 10% of Duration
Significant loss of
assets. Loss of
operations > 1
month.
Prosecution,
financial penalty,
cessation of
activity.
>25% of Duration
Ratings
Rating
Required Action
Low
Acceptable: Unlikely to require specific application of resources;
manage by routine procedures. Monitor and review.
Medium
Acceptable: Unlikely to cause much damage and/or threaten the
efficiency and effectiveness of the program/activity; treatment plans
to be developed and implemented by operational managers.
Manage by specific monitoring or response procedures.
High
Generally not acceptable: Likely to cause some damage, disruption
or breach of controls. Senior management attention needed and
management responsibility specified; treatment plans to be
developed and reported to PVC/Executive Director or ViceChancellor.
Extreme
Not acceptable: Likely to threaten the survival or continued effective
function of the program or the organisation, either financially or
politically. Immediate action required; must be managed by senior
management with a detailed treatment plan reported to
PVC/Executive Director, Vice-Chancellor and Council.
Hypothetical Project
• A camping trip…
Camping Trip Details
• Four people attending (Chris, James, Sarah and
Meg)
• Chris is managing the trip, however everybody
has been assigned responsibilities
• Two day trip in July 2013
• Kosciuszko National Park, NSW
• Nobody in the group has ever camped before
• $400 budget
• Desired outcome is a relaxing weekend
Management Strategies
Strategy
Description
Avoid
Eliminate, withdraw from or not become involved
Mitigate
Mitigate
Transfer
Outsource or insure
Accept
Accept and budget
Risk Register
Item
Description
ID#
Identification number of the risk
Title
Title of the risk
Description
Description of the risk
Impact
Impact of the risk if it is realised
Assigned To
Individual/area that will be managing the risk
Status
Status of the risk (open, deferred, closed)
Cost/Exposure
Cost if the risk is realised
Due Date
Due date for action or anticipated date that the risk will be realised
Risk Category
Categorisation of the risk (reputation and image, financial, safety and injury, operational
loss, compliance or schedule.
Likelihood
Likelihood of the risk occurring (unlikely, possible, likely or almost certain)
Consequence
Consequence of the risk occurring (minor, moderate, major, catastrophic)
Risk Calculation
Risk calculation as per the ANU Risk Matrix
Risk Strategy
The risk management strategy taken (avoid, mitigate, transfer or accept)
Mitigation Plan
Actions that are planned to mitigate the risk
Mitigation Cost
The cost of the mitigation plan
Contingency Plan
What actions will be taken if the risk still occurs despite the mitigation strategies
Owner
Who’s overseeing the management the risk
Revised Likelihood
The revised likelihood of the risk occurring after consideration of the mitigation plan
Revised Consequence
The revised consequence of the risk occurring after consideration of the mitigation plan
Revised Risk Calculation
The revised risk calculation as per the ANU Risk Matrix

similar documents