Fundamentals of Risk Management
Approaches to risk management
Download 3.45 Mb. Pdf ko'rish
|
Fundamentals of Risk Management
- Bu sahifa navigatsiya:
- Designing a risk register
|
Approaches to risk management
88 review and evaluation of information relating to emerging risks. In order to compre- hensively determine the specific impact and consequences for the organization, the mechanism for identifying emerging risks should also include provision for identifying opportunities that may be exploited in the future. In summary, the organization is required to identify each specific external, internal and risk management context issue that could impact the organization, acquire and evaluate timely knowledge and information about them, evaluate the risks and opportunities that these context factors present and take appropriate actions to mitigate the risks and embrace the opportunities. All of this must be documented within the scope of the risk architecture, strategy and protocols (RASP). Designing a risk register The use of risk registers has become established practice for many risk managers. There are disadvantages associated with the use of risk registers, including the danger that the information recorded in the risk register will not be used in a dynamic way. The risk register could become a static record of risk status, rather than the risk action plan for the organization. A risk register is defined in the ISO Guide 73 as the ‘document used for recording risk management process for identified risks’. The guide adds that the purpose of the risk register is to facilitate ownership and management of each risk. Typically, the risk register will cover the significant risks facing the organization or the project. It will record the results of the risk assessment related to the process, operation, location, business unit or project under consideration. When a risk assessment is undertaken of strategic options, it is more usual for the risk assessment to be used as part of decision-making activities. Typically, this infor- mation will not be recorded in the format of a risk register, but will be presented to the decision maker as part of the full range of information available for making that strategic decision. The purpose of the risk register is to form an agreed record of the significant risks that have been identified. Also, the risk register will serve as a record of the control activities that are currently undertaken. It will also be a record of the additional actions that are proposed to improve the control of the particular risk. Other information about risks will also be included in the risk register. Although there is no fixed format for this document, Table 7.1 provides an outline of a basic format for a risk register. It may not be necessary to include all of the risk description information set out in the table in the risk register, as this could make it a complex and clumsy document. Risk registers can be compiled in a number of formats, depending on the type of risk assessment that is being recorded. Table 7.2 provides an example of a partially completed risk register for a sports club and Table 7.3 provides an example of a risk register for a hospital. At its most simple, the risk register can be stored as a document held on a computer. However, there are many more sophisticated forms of risk registers, including |
