Risk Methodology. Contents. Introduction... 2. The Risk Management Structure... 2. The Risk Management Cycle... 2. Methodology...



Similar documents
Risk Management Policy and Process Guide

Risk Management: Coordinated activities to direct and control an organisation with regard to risk.

Bridgend County Borough Council. Corporate Risk Management Policy

POLICY : CORPORATE RISK MANAGEMENT

The Lowitja Institute Risk Management Plan

RISK MANAGEMENT. Authors: Phil McNaull / Lorraine Loy Approved By: PME and Court Date: December 2008 Version: 4.0 1

RISK MANAGEMENT POLICY. Version 3

ERM Program. Enterprise Risk Management Guideline

Risk Management Framework

RISK MANAGEMENT STRATEGY

Project Risk Analysis toolkit

Risk Management Strategy and Guidelines

Version: 3.0. Effective From: 19/06/2014

CORP RISK MANAGEMENT POLICY & METHODOLOGY

Risk Assessment Tool and Guidance (Including guidance on application)

Risk assessment. made simple

River Stour (Kent) Internal Drainage Board Risk Management Strategy and Policy

Waveney Lower Yare & Lothingland Internal Drainage Board Risk Management Strategy and Policy

1.20 Appendix A Generic Risk Management Process and Tasks

Northern Ireland Blood Transfusion Service

RISK AND OPPORTUNITY MANAGEMENT STRATEGY

How To Ensure That Sovini Is A Successful Business

Shepway District Council Risk Management Policy

RISK MANAGEMENT POLICY

Risk Management - Board & Management Responsibilities Murray Short, MBA, CPA CA Not-for-Profit Partner RLB LLP

V1.0 - Eurojuris ISO 9001:2008 Certified

Healthcare risk assessment made easy

MARCH Strategic Risk Policy Update March 2012 v1.10.doc

WHS Risk Assessment and Control Form

Policy : Enterprise Risk Management Policy

Edwin Lindsay Principal Consultant. Compliance Solutions (Life Sciences) Ltd, Tel: + 44 (0) elindsay@blueyonder.co.

Bedford Group of Drainage Boards

Risk Management Policy Adopted by:

Risk Management Guide

Business Continuity Management Policy

Core Infrastructure Risk Management Plan

London Legacy Development Corporation s Statement of Risk Appetite September 2015

Risk Management. Policy

POLICY. Number: Title: Enterprise Risk Management. Authorization

Risk Management Policy and Framework

Project Risk Management. Presented by Stephen Smith

POL ENTERPRISE RISK MANAGEMENT SC51. Executive Services Department BUSINESS UNIT: Executive Support Services SERVICE UNIT:

Risk assessment. made simple. sayer vincent consultants and auditors. Introduction 3. step1 Identifying the risks 4. step2 Assessing the risks 7

The Risk Management strategy sets out the framework that the Council has established.

Risk Management Strategy and Policy. The policy provides the framework for the management and control of risk within the GOC

Audit Committee, 28 November. HCPC Project Risk Management. Executive summary and recommendations. Introduction

Risk Management Policy

RISK MANAGEMENT POLICY

Guidance for Industry: Quality Risk Management

Confident in our Future, Risk Management Policy Statement and Strategy

Managing Risk in Procurement Guideline

TRANSPORT FOR LONDON AUDIT COMMITTEE STRATEGIC RISK MANAGEMENT PROGRESS REPORT

RISK ASSESSMENT. Australian Risk Management Standard AS/NZS 4360:200 defines a risk as;

Risk Management Policy. Corporate Governance Risk Management Policy

In accordance with risk management best practices, below describes the standard process for enterprise risk management (ERM), including:

Risk Management Framework

Principal risks and uncertainties

ICSH Guidance Document: Preparing a Risk Register/ Risk Management Plan

Risks and uncertainties

Hazard Identification, Risk Assessment and Management Procedure. Documentation Control

Introducing and Managing Process Safety Key Performance Indicators (KPIs)

Risk Management Policy

Integration of Risk Management and Internal Audit. Chartered Institute of Management Accountants, New Zealand

RISK MANAGEMENT TOOLKIT

Compliance Management Framework. Managing Compliance at the University

PROCESS FOR RISK ASSESSMENT

Revised Risk Management Policy and Framework. Report by Head of Finance

The Key Performance Indicator Evaluation Process (KPI Process)

Guidance on Risk Assessment and Control

Managing Risk Control Environment and Responsibilities

Nova Scotia EMO. Hazard Risk Vulnerability Assessment (HRVA) Model. Guidelines for Use. October, 2010

A Risk Management Standard

Enterprise Risk Management for International Schools

Business Continuity Management; Guidance for Policy Implementation

SECTION 4 INCIDENT MANAGEMENT. CLASSIC STANDARD 4.01 Incident Management

AfDB New Procurement Policy: Training Program for the Bank s Procurement Staff. Risk-based design of Procurement Arrangements - Introduction

South West Lincolnshire NHS Clinical Commissioning Group Business Continuity Policy

University of New England Compliance Management Framework and Procedures

Project Management Toolkit Version: 1.0 Last Updated: 23rd November- Formally agreed by the Transformation Programme Sub- Committee

ENTERPRISE RISK MANAGEMENT FRAMEWORK

RISK MANAGEMENT POLICY

A tool for small-to-medium sized businesses. Anti-Money Laundering and Counter-Terrorism Financing Act 2006

RISK MANAGEMENT FRAMEWORK. 2 RESPONSIBLE PERSON: Sarah Price, Chief Officer

RISK ASSESSMENT MATRIX GUIDANCE NOTES

Risk Management approach for Cultural Heritage Projects Based on Project Management Body of Knowledge

RISK MANAGEMENT STRATEGY

Transcription:

Risk Methodology Contents Introduction... 2 The Risk Management Structure... 2 The Risk Management Cycle... 2 Methodology... 3 Appendix 1...5 Definition of Controls... 5 Appendix 2...6 Definition of Impact... 6 Appendix 3...7 Definition of Likelihood... 7 Appendix 4...8 Risk Severity... 8 Risk Matrix... 8 Risk Appetite... 8 January, 2012 1 of 8

Risk Methodology Introduction Queen Mary s risk management methodology conforms to standard practice, but is tailored to QM s requirements and reflects its internal systems and procedures, for example, relating each risk to Strategic KPIs. The Risk Management Structure Strategic Risk Management Professional Services Faculties Cross-Cutting (T&L / Research / External Relations) Departments Schools and Institutes Risk management takes place at all levels and in all areas of QM, using the same methodology and reporting through the use of Risk Registers. These are essentially the same at each level, although additional reports are produced at the Strategic Level, for reporting to Audit and Risk Committee, and Council. Risks from the Strategic Register which are specifically relevant to a particular department, faculty, or school will be cascaded down to the lower level risk register by the representative of that area on the SRMG. Similarly, risks on school, department, or faculty risk registers which are considered to have a strategic impact will be cascaded up by that same representative. The Risk Management Cycle Because circumstances change and initial responses may not be effective, regular review is an important part of managing risk. Identify risks Evaluate risks Review and report Identify suitable responses 2 of 8 Implement actions

Risk Methodology Methodology Risk area Risk is grouped according to the strategic area that it relates to: Knowledge Creation Knowledge Dissemination Student Experience Innovation & Enterprise Governance Estates Financial & Commercial Staff Management and Development Information Reputation and External Relations Strategic KPI Each risk is related to one or more Strategic KPI, as published in the Strategic Plan 2010-15. Owner and Lead Officer The Owner has overall responsibility for the management and reporting of the risk, and maybe an individual or a committee. The Lead Officer has operational responsibility for the risk, ensuring that mitigating actions (Controls) are in place and ensuring that they are operating effectively. Term This is the period in which the risk may occur: Short Up to 2 years Medium Likely to continue for 2 to 5 years Long Lasting more than 5 years Enduring Those likely to continue indefinitely are expressed as Long Term. Controls These are actions that are intended to manage risk by reducing its impact, its likelihood of occurrence, or both. They should be genuine, practicable and realistic. See Appendix 1 Impact This indicates the seriousness of the risk materialising, and is scored on a scale of 1 5: 1. Negligible 2. Minor 3. Moderate 4. Major 5. Catastrophic See Appendix 2 3 of 8

Risk Methodology Likelihood This represents the likelihood of the risk materialising, and is scored on a scale of 1 5: 1. Rare 2. Unlikely 3. Possible 4. Likely 5. Almost Certain See Appendix 3 Risk Score This is a product of the Impact score multiplied by the Likelihood score, which is calculated twice: The Initial Risk Score represents the initial estimation of the severity of the risk: Initial risk score Impact x Likelihood before controls are in place The Residual Risk Score is calculated by reassessing the risk taking onto consideration the effect of the Controls on the Impact and likelihood: Residual risk score Impact x Likelihood after controls are in place Controls in Place Indicates the extent to which the Controls have been implemented: A Implemented and operating effectively B Identified and being implemented C Not yet identified, incomplete or not operating effectively Use of Controls This provides a sense check of the reliance on Controls based on the size of the difference between Initial and Residue Risk Scores: L < 50% Reliance on Controls is not excessive M >= 50% Controls should be checked to ensure that they are realistic and in place H >= 66% Controls should be reviewed urgently to ensure that they are realistic and functioning properly Further Actions These can be considered as Controls that have yet to be implemented. Direction of Travel The Risk Register allows for the current ratings to be compared with those from the previous register. The Direction of Travel indicates whether the measure it relates to has Improved ( ), Worsened ( ) or is Unchanged ( ). 4 of 8

Risk Methodology Appendix 1 Appendix 1 Definition of Controls Controls are those actions which are taken to lower the impact of the risk or reduce the likelihood of the risk materialising, or both of these. The possible effects of Controls are to: avoid risk, where the only option might be not to proceed with an activity or to withdraw from it seek risk, where risks have desirable potential consequences modify risk, to optimise potential opportunities and minimise threats transfer risk by measures including insurance, contractual arrangements, partnerships and joint ventures retain risk, where no further worthwhile actions can be devised and the risk is within the risk appetite (see below), or the only remaining responses are unacceptable for some reason. One way of determining Controls is to consider the indicators of risks materialising and how these might be anticipated. For example: Risk Indicator Control Negative student experience Quality of research is inadequate Quantity of research is inadequate NSS score National research assessment score Number of postgraduate research students Internal survey that gives an early indication of NSS score Review of research quality by external expert Benchmarking PGR numbers against competitor HEIs 5 of 8

Risk Methodology Appendix 2 Appendix 2 Definition of Impact Impact indicates the potential seriousness should the risk materialise. Score Impact Possible consequences Examples 1 Negligible 2 Minor 3 Moderate 4 Major 5 Catastrophic Minimal impact or no discernable impact at all. Impact of risk materialising or opportunity lost is unlikely to have any permanent or significant effect on performance or reputation: loss of less than 1% of total turnover no regulatory consequence minor adverse publicity minor reversible injury Impact of risk materialising or opportunity lost will have a significant effect on performance or reputation in the short term: loss of up to 2% of total turnover in any year limited regulatory consequence local adverse publicity major reversible injury Impact of risk materialising or opportunity lost will have a serious effect on performance or reputation in the medium term: loss of over 2% of total turnover in any year significant threat to a key business area major savings programme required to address this in the medium term significant regulatory consequence negative headlines in national press irreversible injury or death Impact of risk materialising or opportunity lost will have a serious effect on performance or reputation in the long term: loss of over 2% of total turnover in consecutive years closure of a key business area substantial regulatory consequence sustained negative headlines in national press irreversible injury or death slippage by one or two points in a newspaper league table failure to apply for low value research grant limited assurance of risk management audit failure to improve in National Student Survey overspend on capital programme academic programme fails QAA audit sustained fraud reported in relation to public funding collapse of overseas recruitment discipline s financial position requires major restructuring programme to regain sustainability health and safety regime found to be non-compliant and reported by national press HEFCE ceases to fund research major discipline is unsustainable failure to satisfy institutional audit falsification of health-related research results condoned at a high level 6 of 8

Risk Methodology Appendix 3 Appendix 3 Definition of Likelihood Likelihood indicates the chance of a risk materialising in the given Term: Score Likelihood Chance 1 Very low 2% likely to happen: a one in fifty chance 2 Low 5% likely to happen: a one in twenty chance 3 Medium 10% likely to happen: a one in ten chance 4 High 20% likely to happen: a one in five chance 5 Very high 50% or over: a one in two chance or more likely to happen than not 7 of 8

Risk Methodology Appendix 4 Appendix 4 Risk Severity The severity of the Residual Risk is broken down into three levels, with actions accorded using a traffic light system as follows: GREEN 0-6.9 AMBER 7-13.9 RED 14-25 Low risk Medium risk High risk Review at least annually Review and monitor 6-monthly as a minimum and quarterly if necessary Review constantly and monitor monthly Risk Matrix The Risk Matrix is a graphical representation of the Risk Severity and the extent to which the Controls mitigate it. This is used only at the Strategic level for reporting to the Audit and Risk Committee and Council. Risk Matrix: Medium and High Net Risks (before and after Controls) Catastrophic 5 10 15 Risk Appetite 20 25 2 4 4 5 1 4 8 12 16 20 Major 2 1 IMPACT Negligible Minor Moderate 3 2 1 6 9 4 6 2 3 12 3 3 8 4 15 10 Likelihood 5 Risk Severity Rare 2% : 1/50 High (14-25) Unlikely 5% : 1/20 Moderate (7-13.9) Possible 10% : 1/10 Low (0-6.9) Likely 20% : 1/5 Almost Certain 50% : 1/2 Note: Fine arrows represent management's assessment of the adequacy and effectiveness of controls currently in place. Rare Unlikely Possible LIKELIHOOD Likely Almost Certain n Gross risk assessed n Gross risk assessed n before Controls after Controls Gross risk = Net risk n n Direction of Travel since previous report Risk Appetite Risk appetite is defined as the level of risk that an institution is prepared to tolerate. At Queen Mary, no risk with a Residual Risk Score of 20 or greater is tolerated without: Confirmation from the risk owner that the objective to which the risk relates is of high strategic importance A statement from the risk owner that there are no further mitigating actions that can be taken to lower the risk score 8 of 8

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information