Вы находитесь на странице: 1из 9

Risk Management

Process

Establish the context


Identify risks
Analyse risks
Evaluate risks
Assess risks

Monitor and Review

Communicate and consult

Risk Management Process AS/NZS 4360

Treat risks

Communication & Consult


Communication = as an interactive process of exchange
of information and opinion, involving multiple messages
about the nature of risk and risk management.
Stakeholder Involved : inside organizations, departments
or business units or outside to external stakeholders.
Consultation = as a process of informed communication
between organization and its stakeholders on an issue
prior to making a decision or determining a direction on a
particular issue.
Communication and Consultation seeks to:
Improve peoples understanding of risks and the risk
management process;
Ensure that the varied views of stakeholders are
considered;
Ensure that all participants are aware of their roles and
responsibilities.

Establish the Context


Establishing the context = the basic parameters within which risks must be
managed and sets the scope for the rest of the risk management process.
Concerned with understanding the background of the organization and its
risks, scoping the risk management activities being undertaken and developing
a structure for the risk management tasks to follow.
This step is needed:
to clarify the organizational objectives;
to identify the environment in which objectives are pursued;
to specify the main scope and objectives for risk management, boundary
conditions and the outcomes required;
to identify a set of criteria against which the risks will be measured; and
to define a set of key elements for structuring the risk identification and
assessment process.
The context includes
the organizations external and
internal environment and
the purpose of the risk management activity.
interface between the external and internal environments.

Identify Risk
This step seeks to identify the risks to
be managed.
Identification should include risks whether or
not they are under the control of the
organization.
The goal = to develop a comprehensive list of sources of risks and events
that might have an impact on the achievement of each of the objectives (or
key elements) identified in the context.

Identify Risk

Identify Risk
Identification process
1. What is the source of each risk?
2. What might happen that could:
increase or decrease the effective
achievement of objectives;
make the achievement of the objectives more
or less efficient (financial, people, time);
cause stakeholders to take action that may
influence the achievement of objectives.
produce additional benefits?
3. What would the effect on objectives be?
4. When, where, why, how are these risks (both
positive and negative) likely to occur?
5. Who might be involved or impacted?
6. What controls presently exist to treat this risk (maximize positive risks or
minimize negative risks)?
7. What could cause the control not to have the desired affect on the risk?

Identify Risk
Information for identifying risks
Important ?
From

Local or overseas experience.


Expert judgment.
Structured interviews.
Focus group discussions.
Strategic and business plans including SWOT analysis and
environmental scanning.
Insurance claims reports.
Post event reports.
Personal experience or past organizational experience.
Results and reports from audits, inspections and site visits.
Surveys and questionnaires.
Checklists.
Historical records, incident databases and analysis of failures
and previous risk registers if they exist.

Approaches to identifying risks

Identify Risk
Team-based brainstorming for example, where facilitated
workshops is a preferred approach as it builds commitment,
considers different perspectives and incorporates differing
experiences.
Structured techniques such as flow charting, system design
review, systems analysis, Hazard and Operability (HAZOP)
studies and operational modelling.
For less clearly defined situations, such as the identification of
strategic risks, processes with a more general structure such as
what-if and scenario analysis could be used.
Where resources available for risk identification and analysis
are constrained, the structure and approach may have to be
adapted to achieve efficient outcomes within budget limitations.

Оценить