Академический Документы
Профессиональный Документы
Культура Документы
1 The risk assessment template uses Excel. It is helpful to be familiar with Excel and some simple, but less common commands. The Office of Internal Audit and Management Advisory Services is available as a resource if you have any questions about using this template or Excel. Complete all cells for each line, do not skip cells or leave cells blank. This affects the graph of risks (heat map). List the objective for each risk. This is important when you sort and rank the risks. Number the risks consecutively regardless of the objective. This is necessary for the numbering of the heat map. If the same risk is identified on more than one of the function's process maps, list each occurrence separately in the risk assessment. The same risk occurring in different circumstances can have different likelihood, different impact, and different mitigation controls. Identify all corresponding controls currently in place, this information is factored into the graph of risks (heat map). When all the objectives and risks have been listed and rated step back and ask yourself if this makes sense, adjust as needed. When you think you have all the objectives and risks listed, ask yourself, "What keeps me up at night?" " What do I worry about?" If you have not included these items already, be sure to include them. When ranking the risks, do not be concerned with small differences and complete accuracy in lowerlevel rankings. For example, don't spend time deciding if an item is risk 77 or 79. As long as the risk falls into the appropriate quadrant of the heat map, minor differences between numbers will not have a big effect. When you are done ranking all of the risks look at the heat map to see if the map appears reasonable. for example ask yourself "Does it make sense that risk 1 is in this quadrant while risk 2 is in another?" If a risk is ranked as" low" or "minimal concern" it may not be necessary to implement any new controls. If this is the case, indicate that you have considered the risk and the existing controls and not action is needed. Suggested wording is "Impact and Likelihood are low, existing controls appear adequate. No additional controls are needed at this time." After the information is complete, sort the risks in descending order by the " Risk Factor (automatically calculated)" field. The Office of Internal Audit and Management Advisory Services is available as a resource if you have any questions about how to do this. Review the existing controls in the context of their risk factor (a factor of likelihood and impact). Consider if any controls in place are redundant or outdated and could be eliminated. Complete the Corrective Action Plan section, describing any additional controls that will be put in place to further reduce or mitigate each risk, as appropriate, and defining a target completion date for each new control. Define the applicable Service and Function name in the header for the document. To do this, click View > Header and Footer. Select Custom Header, and replace the following text with the name of the service and function: [Enter Service and Function Name].
2 3 4
6 7
10
11
12
13
14
15
After you have completed your risk assessment, be sure to save the document with the appropriate file name.
Likelihood
Score 1 10 20 30 40 50 60 70 80 90 100 Description Very small chance of happening. Small chance of happening. Moderate chance of happening. This will happen about half the time. Likely to happen. Very high chance of happening. Certainty this will happen!
Impact
Score 1 10 20 30 40 50 Impact is small, and manageable. Description Very small impact. Even if the risk becomes reality, there will be negligible effect on the RF
Impact is significant and noticeable. If financial risk, dollar amount is significant but fixable with current resources; if strictly operational, it will affect operations but can be worked around. Very serious impact; challenges with working around it.
60 75 80 90 100
[Enter Service and Function Name] Risk Assessment and Corrective Action Plan
2/9/2014
x
Risk Poor planning and/or inadequate process Likelihood 15
y
Impact 75
84
90
174
Comment Poor planning and/or inadequate process planning is central to the success of a project. It is important to define what constitutes project success or failure at the earliest stage of the process. It is also essential to drill down the big picture to smaller tasks. Inefficient way to document and track progress this is an oversight on the part of the project manager. Tracking milestones is a crucial way to see if 200 expectations are being met. Documentation and tracking also lets the manager identify which areas require more resources to be completed on time. 120 Poor leadership at any level the leader is usually identified as the project manager. However, the management-level executive also has a responsibility of ensuring the projects success. He/she should work together with the manager to ensure that the companys exact requirements are understood. Failure to set expectations and manage them in working in a team setting, it is critical that youre able to manage people. If and when expectations are not met, there should be clearly-defined consequences. The task should then be prioritized and possibly reassigned to a more competent individual.
55
50
105
105
32
80
112
130
30
90
120
20
70
90
35
86
121
Inadequately-trained project managers the project manager is taking on a heavy responsibility. It is important to assign management roles only to 120 individuals who have the capabilities to meet requirements. In some cases, poorly-trained managers are assigned to complex projects; this is a recipe for failure. Inaccurate Time estimation there are instances when the cost of an undertaking is grossly underestimated. When it runs out of resources, the 50 project cannot be completed. This can be mitigated when the lack of resources is identified early by the project manager. Lack of communication at any level communication between the management executive and the project manager, and between the latter and 170 the team members are always important. Everyone should feel free to come forward to state their concern or give suggestions. Culture or ethical misalignment the culture of the company must prize competence, pro-activeness, and professionalism. If it doesnt, the team members may not have the motivation to do their best. In essence, everyone involved must be concerned about the success of their undertaking.
50
60
110
150
Competing priorities
30
30
60
Competing priorities when a companys resources are stretched, there will 40 be competing priorities in terms of manpower and financing. Having good cost estimation at the start will eliminate this problem. Disregard of project warning signs when a project is on the verge of failing, 190 there will always be warning signs. Taking action immediately can save the project. Otherwise, the whole endeavor can just go down the drain.
10
70
100
170
Page 4 of 5
Threatening
100 90 80
10
5 7 4 1 6
Mitigate Manage
200
70
I m p a c t
60 50
Monitor
8 3
80
60
Likely; low potential
Less Risky
40 20 0 1 2 3 4 5 6 7 8 9 10 11
40 30
Make do
20
10
Low
10
20
30
40
50
Average Chance
60
70
80
90
100
No Chance
Certain
Likelihood
Notes: For Dec 2010, major changes since September 2010: *A/R increases reflected in higher impact; NYS holdback reflected in higher likelihood *accrued exp for self-insured programs- noted likelihood should be higher since amount is subjectively determined *similarly, other assets include swap and forward contracts- calcs are based on estimates. Likelihood was increased, while impact was decreased since balances are small. *made adjustments to other accounts to reflect impact as it relates to the size of the balance sheet- accts over 50 mil should be at or over the 50 impact; with accrued accts just below.