1 Ciaran Whyte Risk Administrator Planning & Strategic Projects Unit Risk Register January 2011Ciaran WhyteRisk AdministratorPlanning & Strategic Projects Unit
2 Agenda Objectives of Seminar Why manage risks? Who should have a risk register?Risk Management TheoryRisk Register formatRisk Register Intranet ToolRisk Registers and CoordinatorsExamples of managing risksRisk Assessment ProcessActive Risk Management
3 Objectives of Seminar At the end of the seminar you should - Know why you should create a risk registerBe able to create a risk registerKnow how to keep the register up to dateHave an awareness of University risk management practicesKnow how to be more successful in risk management
4 “the threat or possibility that an action or event will adversely or Why manage risks?riskdefinition“the threat or possibility that an action or event will adversely orbeneficially affect an organization's ability to achieve its objectives”KNOWNPROBLEMSPOTENTIALPROBLEMSIssuespro-activemanagementRisksFire-fightingDamage limitationCostly emergency actionsContainment actionsContingencylower costsless stressful
5 Who should have a risk register? Project management teamsCollege / School management teamsAdministrative Department management teamsUniversity senior management teams (SAM / SMT)All groups of people who meet to achieve common objectivesCurrent problems - Minutes / action itemsFuture problems - Risk register
6 Risk Management Theory past experiencesinputsfocus areasignore risks outside controlRisk IdentificationRisk Evaluationdetermine likelihood or probability of occurrencedetermine magnitude of loss or impactRisk MitigationRisk Monitoringavoidcontainactive acceptancepassive acceptancetransferchase actions / reassess probability & impact / add new risksregular reviews of registerquick & simple communication to key stakeholders
7 Identifying RisksWhen you have a plan for the future project tasks - step back and consider the possibility of each task failing to meet timescales / budget / quality objectives- review all assumptionsWrite down a clear definition of the risk – ‘there is a risk that ….... which will impact......’Consider past experiences - lessons from past projects or other intellectual material - review list with other project managers and key project team membersConsider all the evidence - requirements and design documents, dependencies, resourcing, status reportsBrainstorm with key project individuals - facilitated sessions – Delphi technique / SWOT analysis - expert interviewsFoster open communication within project team - give the team the opportunity to raise risks - don’t shoot messengers!Ignore risks over which you have no control - keep within your scope and what is manageable
8 Evaluating RisksDetermine likelihood or probability of occurrence - consider how many times this has been an issue before - use past experience to guide probability - select HIGH / MEDIUM / LOWDetermine magnitude of loss and impact - assess impact in terms of scale of consequences should issue arise - assess in relation to scope of area being managed - select HIGH / MEDIUM / LOW
9 Mitigating Risksavoid - eliminate the cause - remove task/activity causing risk from plancontain - add actions to plan to reduce probability (high medium low) - add actions to plan to reduce impact (high medium low)active acceptance - set aside contingency - allocate extra resource or finance - take out insurancepassive acceptance - do nothing - accept consequencestransfer - pass risk to another party - commercial agreementis the action appropriate to risk severity?is cost of action effective enough?is the action timely enough?is the action realistic within project context?is the action agreed by all parties?is the action owned by a responsible person?
10 Monitoring Risksbe disciplined in ensuring that all actions are completedensure risk status covered in regular project reportsconsider new risks as the situation changesGather feedback from owners of existing risks changes to probability/impact/trendReview RED risks and assign new actionsReview ‘increasing’ trend risks and assign new actionsDo NOT review all risks – manage by exceptionescalate in good time to allow mitigation actions to be improved – don’t wait until it becomes an issue!
11 Red - existing controls not working/adequate (to escalate) Amber - existing controls in danger of failingGreen - controls are workingRisk Register formatIdentificationEvaluationMitigation
13 Risk Register Intranet Tool - Roles Risk DatabaseRisk OwnerRisk CoordinatorAdministratorRegister OwnerProject ManagerView all risksin registerManage risksfor assigned Schoolor Admin Dept‘owned’Manage risks for named projectView all University riskscreate new project registerSchool/Dept register restructuringaccess controlaudit and monitoringreporting to SAM/SMT/Audit CommitteeUniversity / School /Administrative DepartmentProject
16 Risk Assessment Process Pre-risk assessment checklist22 multiple choice questionsA – low riskB – medium riskC – high riskIdentifies impacts to administrative functionsRisk Assessment ReviewRisk assessment checklistRisk registerDRI summary of financesSummary presentation (major projects)SMT approval
17 Active Risk Management track risk actions as part of your status reportingfoster a ‘heads-up’ culture as part of tracking to keep looking aheadstart all tasks as early as possible to increase mitigation optionsmaintain open and non-threatening communicationsdecriminalise risk within project team – keep a positive attitude!Involve the key project skills in risk management – not just PMscommunicate risk information – stakeholders & project teammaintain your Project Files– and risk audit trailRisk management provides a –more efficient and cheaper way of workingless stressful working environment
18 THANK YOU for your time today ConclusionsTHANK YOU for your time today