Presentation is loading. Please wait.

Presentation is loading. Please wait.

Risk and Business Continuity Risk Registers A user guide Robbie Sinclair Manager Risk and Business Continuity.

Published byMorris Mosley Modified over 8 years ago

Similar presentations

Presentation on theme: "Risk and Business Continuity Risk Registers A user guide Robbie Sinclair Manager Risk and Business Continuity."— Presentation transcript:

1 Risk and Business Continuity Risk Registers A user guide Robbie Sinclair Manager Risk and Business Continuity

2 Risk and Business Continuity Agenda Our task is to 1.Understand what Risk is at Griffith university 2.Understand the Risk Policy, Framework and Register 3.Completing the Risk Register

3 Risk and Business Continuity Risk at Griffith University Risk is defined as “…the chance of something happening that will have an impact on achievement of the University’s objectives…” The International Standard (ISO 31000:2009) expands on this definition to include the influence of ‘uncertainty’

4 Risk and Business Continuity Risk at Griffith University 3 internal documents guide risk management at Griffith University 1.Risk Management Policy  Currently under review 2.Risk Management Framework  Currently under review 3.Risk Register  Executive review and support obtained

5 Risk and Business Continuity Risk at Griffith University About these documents? 1.Risk Management Policy  Remove operational aspects  Align closer to Strategic Objectives  Cognisant of TEQSA guidelines 2.Risk Management Framework  Closer reference to Risk Policy – consistent language  Reflect “best of breed” position 3.Risk Register  Existing template  Review of existing risks currently  Close alignment to TEQSA guidelines  Robust Executive Group discussion encouraged!

6 Risk and Business Continuity Risk at Griffith University - Hierachy Griffith University Council Executive Team (DVC – PVC) Executive Team (DVC – PVC) Divisional Management & Staff Endorsement of risk appetite and policies. Approval of target risk position and action plans Functional oversight and provide support to Council, Executive team and business units Day to day risk management activities Endorsement of risk appetite and policies. Approval of target risk position and action plans ASSURANCE PROVIDERS Internal Audit, Manager Risk and Business Continuity ASSURANCE PROVIDERS Internal Audit, Manager Risk and Business Continuity Independent challenge of risk information and review of control effectiveness and action implementatoin

7 Risk and Business Continuity Risk at Griffith University NoRisk Risk Category Inherent risk Risk decision Residual Risk Key controls / mitigating actionsStatus Executive responsible CLRatingCL Risk Categories Safety Finance Reputation Compliance Commercial Risk decision Accept Controls are deemed appropriate. Monitored and contingency plans developed Mitigation Reduce the likelihood - Improving management controls and procedures. Reduce the consequence - Putting in place strategies to minimise adverse consequences, e.g. contingency planning, Business Continuity Plan, liability cover in contracts. Transfer Shifting responsibility by contract or insurance. Can be transferred as a whole or shared. Avoid Not to proceed with the activity or choosing an alternative approach to achieve the same outcome. Aim is risk management, not aversion. Consequences Insignificant Minor Moderate Major Catastrophic Likelihood Rare Unlikely Possible Likely Almost Certain Rating Low Medium High Extreme Risk In this space articulate the risk in terms appropriate to the reader. Should be descriptive to remove ambiguity and misinterpretation Risk In this space articulate key control activities planned or underway to mitigate the risk (assuming the decision regarding the risk was to mitigate in the first place. Controls need to be defined and address the risk issues. Risk In this space advise who in your group is responsible for this risk

8 Risk and Business Continuity Likelihood rating The number of times within a specified period in which a risk may occur either as a consequence of operations or through failure of physical or virtual assets, operating systems, policies or procedures. RatingDescriptionOccurrenceProbability Almost CertainExpected to occur in most circumstancesMultiple / 12 months> 80% LikelyStrong possibility of occurrenceWithin 12 months61% – 80% PossibleMay occur occasionallyWithin 5 years31% – 60% UnlikelyNot expected to occur but may happenWithin 10 years5% – 30% RareMay only occur in exceptional circumstances>10 years< 5% Likelihood Rating: Evaluation Criteria Ratings are used to provide definition so there is a common understanding of their meaning. The likelihood rating is a measure of the probability over time of exposing the University to specific risks. It considers factors such as: Anticipated frequency of occurrence; The external environment (e.g. regulatory, economic, competition, community expectations and market issues); The procedures, tools and skills currently in place; and History of previous events – taking into account Griffith University, other University sector and wider business sector experiences.

9 Risk and Business Continuity Factor of Consequences / categories of risk Category InsignificantMinorModerateMajorCatastrophic Corporate, Group or Administrative Service Division Activity Compliance with Legislation. Oversight on reporting activity that is under control. No penalty or imprisonment. Minimal non-compliance to relevant legislation, within Group or Divisions. Breaches by an individual staff member. Penalty may be incurred. Non-compliance with legislation affecting other Group or Divisions. Possible closure of a course or Research Centre, penalty and/or imprisonment. Non-compliance with legislation affecting Group or Divisions activities. Closure of several non-core operations. High possibility for individual/corporate penalty and/or imprisonment. Non-compliance with legislation affecting closure of core Group or Divisions operations or key business activities and/or large penalty (individual/corporate) and/or imprisonment. Damage to Reputation. Minimal adverse publicity in local press. Letters received and printed but no further action taken. Adverse publicity in local/state press. Letters to the Editors, with follow up comments from the readership or interested parties. Extended negative local/state, plus national media coverage. Requirement to manage key stakeholders. Longer-term nation wide and international coverage. Need to increase focus on management of a broader group of stakeholders. Extended negative national and international wide coverage. Requirement to implement a communication plan for all stakeholders. Disruption to Established Routines and operations. No interruption to service. Inconvenience to localised operations. Some disruption manageable by altered operational routine. Reduction in operational routine. Disruption to a number of operational areas/campus. Closure of an operational area/campus for up to one day. Several key operational areas closed. Disruption to teaching / course schedules or key business activities for up to one week. Disruption to services causing campus closure or key business closure for more than one week. Financial. Less than $1M $1M to $5M. $5M to $20M. $20M to $50M. Greater than $50M. General Environmental & Social Impacts. No lasting detrimental effect on the environment i.e., harm, nuisance, noise, fumes, odour or dust emissions of short- term duration. Short term, detrimental effect on the environment or social impact, E.g. Minor discharge of pollutants within local neighbourhood. Serious, discharge of pollutant or source of community annoyance within general neighbourhood that requires remedial action. Long term detrimental environmental or social impact i.e., chronic &/or significant discharge of pollutant. Extensive detrimental long term impacts on the environment and community i.e., catastrophic &/or extensive discharge of persistent hazardous pollutant. WHS Incident – no lost time. No injury.Injury – no lost time. First aid required.Injury - Medical treatment required.Fatality or serious injury/stress resulting in hospitalisation. Multiple fatalities (not natural causes). Management Time and Effort Event absorbed by normal activity.Management effort required to minimise the impact. A significant event managed through normal practices. A critical event, which with proper management can be endured. Executive Management focus away from day to day key functions for extended periods. Major Project Project Budget # <1% of project budget1 to 5% of project budget5 to 10% of project budget10 to 25% of project budget>25% of project budget Program delays Little or no delayShort delay Duration increased >2% Significant delay Duration increased >10% Major delay Duration increased >25% Project halted major delay Duration increased >50% Relationship - Managing Contractor Either party is irritated but no formal complaints Resolved at working levelResolved at senior management levelDepartmental Head interventionLegal recourse initiated. Consequence Rating: Evaluation Criteria University risks are assessed in terms of the consequence of their impact on strategic objectives. Indirect financial consequences such as reputation and management effort are key considerations. It is understood there can be more than one consequence, and those consequences can be either positive or negative, and sometimes simultaneously. Consequences can be expressed qualitatively or quantitatively and are considered in relation to the achievement of objectives. The following table is used to guide the assessment of consequence of each identified risk. #The consequence category for “Project Budget” may differ according to the overall value of the project itself. Likewise, the criteria for “Program Delays” may also vary depending on the specific Project deadlines.

10 Risk and Business Continuity Risk at Griffith University Consequences Likelihood InsignificantMinorModerateMajorCatastrophic Almost Certain LowMediumHigh Extreme Likely LowMedium High Possible Low Medium High Unlikely Low Medium Rare Low Medium

11 Risk at Griffith University Robbie Sinclair Manager Risk and Business Continuity Nathan Campus Griffith University Ph: +617 3735 7706

Download ppt "Risk and Business Continuity Risk Registers A user guide Robbie Sinclair Manager Risk and Business Continuity."

Similar presentations

AASHTO Internal Audit Conference 2012 – Phoenix Daniel Fodera, CMQ/OE Program Management Improvement Team Federal Highway Administration.

AASHTO Internal Audit Conference 2012 – Phoenix Daniel Fodera, CMQ/OE Program Management Improvement Team Federal Highway Administration.
Risk Management 101 Tom Dixon (Bright Consulting).

Risk Management 101 Tom Dixon (Bright Consulting).
More than OH&S. Definitions of Risk Risk is virtually anything that threatens or limits the ability of a community or non-profit organisation to achieve.

More than OH&S. Definitions of Risk Risk is virtually anything that threatens or limits the ability of a community or non-profit organisation to achieve.
Determining the Significant Aspects

Determining the Significant Aspects
Risk The chance of something happening that will have an impact on objectives. A risk is often specified in terms of an event or circumstance and the consequences.

Risk The chance of something happening that will have an impact on objectives. A risk is often specified in terms of an event or circumstance and the consequences.
Appendix H: Risk training slides (sample). What is Risk? “ Risk is the effect of uncertainty on objectives ” AS/NZS ISO31000:2009.

Appendix H: Risk training slides (sample). What is Risk? “ Risk is the effect of uncertainty on objectives ” AS/NZS ISO31000:2009.
Mindari Session Scoutsafe and Risk Management By RL Brian See

Mindari Session Scoutsafe and Risk Management By RL Brian See
PROJECT RISK MANAGEMENT

PROJECT RISK MANAGEMENT
Note: See the text itself for full citations. Information Technology Project Management, Seventh Edition.

Note: See the text itself for full citations. Information Technology Project Management, Seventh Edition.
ICS 417: The ethics of ICT 4.2 The Ethics of Information and Communication Technologies (ICT) in Business by Simon Rogerson IMIS Journal May 1998.

ICS 417: The ethics of ICT 4.2 The Ethics of Information and Communication Technologies (ICT) in Business by Simon Rogerson IMIS Journal May 1998.
Service Design – Section 4.5 Service Continuity Management.

Service Design – Section 4.5 Service Continuity Management.
Role of actuarial function supporting the FLAOR leading to the ORSA Ian Morris June 2014.

Role of actuarial function supporting the FLAOR leading to the ORSA Ian Morris June 2014.
ISO General Awareness Training

ISO General Awareness Training
COMP8130 and COMP4130 Adrian Marshall Verification and Validation Risk Management Adrian Marshall.

COMP8130 and COMP4130 Adrian Marshall Verification and Validation Risk Management Adrian Marshall.
Title slide PIPELINE QRA SEMINAR. PIPELINE RISK ASSESSMENT INTRODUCTION TO GENERAL RISK MANAGEMENT 2.

Title slide PIPELINE QRA SEMINAR. PIPELINE RISK ASSESSMENT INTRODUCTION TO GENERAL RISK MANAGEMENT 2.
1 Risk management and Investigation Peter Roberts

1 Risk management and Investigation Peter Roberts
Irish League of Credit Unions, 2012 W E L O O K A T T H I N G S D I F F E R E N T L Y Risk Management for Credit Unions September 2013 Risk Management.

Irish League of Credit Unions, 2012 W E L O O K A T T H I N G S D I F F E R E N T L Y Risk Management for Credit Unions September 2013 Risk Management.
COBIT® 5 for Risk Introduction

COBIT® 5 for Risk Introduction
A PRESENTATION ON FIJI NATIONAL UNIVERSITY 1 Mr. Amitesh Prasad Manager Risk and Insurance.

A PRESENTATION ON FIJI NATIONAL UNIVERSITY 1 Mr. Amitesh Prasad Manager Risk and Insurance.
Www.bluevisions.com.au Risk Management & Liability Informa Brownfield Hospital Development Summit 23-24 June 2009.

Risk Management & Liability Informa Brownfield Hospital Development Summit June 2009.

Similar presentations

Ads by Google