Risk Management
Procedure: Development of a Risk Management Profile
The following outlines the process for developing a risk management profile.
1. Establish the context
● Define and identify the environment, characteristics and stakeholders, their goals and objectives, and the scope of the specific risk management process.
● Develop criteria against which risks are evaluated and identify the structure for risk management.
2. Identify and describe risks
● Risks are best identified through a collaborative approach involving a cross section of stakeholders.
● All conceivable risks must be considered. Ensure any certainties are identified as problems and addressed in the risk management profile.
3. Conduct current risk analysis
● An analysis of the risks is conducted to determine their causes, and estimate their probability and consequences. This analysis provides the basis for working on the ‘right’ risks.
4. Conduct risk evaluation
● Risks are considered and prioritised according to their potential impact, and each risk is assessed to determine its level of acceptability.
5. Develop and implement proposed risk treatments
● Risk treatments are developed to cost-effectively reduce, contain and control risk.
● Formal risk management reporting mechanisms are defined and documented.
● Categorise the risk likelihood.
6. Monitor, report, update and manage risks
● As risks change constantly, the risk profile is continuously monitored, reviewed and updated by management. New risks may be identified as more information becomes available and existing risks may be eliminated through the effectiveness of the risk treatments/actions. Record risks identified through regular audit on the risk audit log. Record risk management activities on the risk management register. MacVille’s Risk Areas
The following are four broad areas where potential for risk to MacVille has been identified. Under each area, examples of possible risks are detailed.
The following outlines the process for developing a risk management profile.
1. Establish the context
● Define and identify the environment, characteristics and stakeholders, their goals and objectives, and the scope of the specific risk management process.
● Develop criteria against which risks are evaluated and identify the structure for risk management.
2. Identify and describe risks
● Risks are best identified through a collaborative approach involving a cross section of stakeholders.
● All conceivable risks must be considered. Ensure any certainties are identified as problems and addressed in the risk management profile.
3. Conduct current risk analysis
● An analysis of the risks is conducted to determine their causes, and estimate their probability and consequences. This analysis provides the basis for working on the ‘right’ risks.
4. Conduct risk evaluation
● Risks are considered and prioritised according to their potential impact, and each risk is assessed to determine its level of acceptability.
5. Develop and implement proposed risk treatments
● Risk treatments are developed to cost-effectively reduce, contain and control risk.
● Formal risk management reporting mechanisms are defined and documented.
● Categorise the risk likelihood.
6. Monitor, report, update and manage risks
● As risks change constantly, the risk profile is continuously monitored, reviewed and updated by management. New risks may be identified as more information becomes available and existing risks may be eliminated through the effectiveness of the risk treatments/actions. Record risks identified through regular audit on the risk audit log. Record risk management activities on the risk management register. MacVille’s Risk Areas
The following are four broad areas where potential for risk to MacVille has been identified. Under each area, examples of possible risks are detailed.