Risk Management System Guidance Pack

Guidance Pack November 2008 Edition

A step-by-step guide to risk assessment.

This information set will assist you in making a risk assessment. An Introduction to Risk Management PowerPoint presentation is also available to support briefings within your school or department

  1. The Step by Step method
  2. Appendix A – The Risk Assessment Template
  3. Appendix B – Drawing up Working Data
  4. Appendix C - Guidelines for determining potential severity of risk being realised
  5. Appendix D - Guidelines for determining likelihood of risk being realised
  6. Appendix E – The Residual Risk Matrix
  7. Appendix F – The level of Institution to which risk is reported
  8. Appendix G - The Risk Appetite Policy and Procedure
  9. Appendix H – The Risk Realisation Template

1. Purpose

Risk management is an essential and integral part of effective management and should be undertaken in relation to any significant activity. It is an essential part of the project management. The following method is suitable for the identification and management of significant risks. The Risk Assessment Template (Appendix A) should be completed using the following guidelines:

(i) Identify the risk elements. The test of a satisfactorily defined statement of a risk element is that it should be clear how failure to achieve the objective will impact on the University. The risk elements should relate to the HEFCE identified headings of; Reputation, Student Experience, Human Resource, Estates and Facilities, Financial, Commercial, Information and IT, Organisational.

Example: There's a risk that the planned new teaching facility will not be completed on time which will mean that the School cannot recruit to the new programme. This would lead to a loss of £300K income and would also have an adverse effect on the University’s reputation.

You may find it helpful to complete the working data sheet (Appendix B) in preparation for the completion of the Risk Assessment Template (Appendix A).

(ii) Rate the potential severity and likelihood of risk: Rate the potential severity and likelihood of the risk being realised. Consult the severity descriptors set out in Appendix C.

(iii) Identify the controls that are in place and that you plan to put into place: Having identified the risk element and the potential severity of risk, it is necessary to consider the controls which would mitigate the impact and likelihood of the risk being realised. It is essential to distinguish the controls that are already in place from the actions which you plan to put into place. The assessment of residual risk in step (iv and v) must only be based upon the controls that are in place. The template also enables you to record relevant developments which may impact on the residual assessment of risk.

(vi) Assess the residual severity and likelihood of risk: Having regard for the controls which are already in place assess the residual severity of the risk (Appendix C) and the likelihood that the risk will happen. (Appendix D).

(v) Assess the Residual Risk: Use the Residual Risk Matrix to identify the residual risk for this risk element (Appendix E). This is the rating which should be reported to the Risk Management Manager within the faculty or department (Appendix F). S/he will enter the information on the faculty/departmental risk register. Having assessed the residual risk it is advisable to check risk elements against the Risk Appetite Matrix (Appendix G). If the risk element plots as unacceptable or borderline unacceptable, senior managers should give consideration as to whether the project or activity should continue.

(vi) Risk management and ownership: Identify the member of staff who will have responsibility for managing the risk. Risks are normally managed and owned by one department. However, if the risk is regarded as a corporate risk, the risk may be owned by the Corporate Management Team or the Executive but managed by a named department. Risks can also be transferred by agreement between departments but this is rare.

Risk monitoring: All acceptable risk elements should be monitored at regular intervals (normally in the range of one to four months) to ensure that the risk is being managed and remains acceptable. The original Risk Assessment Template is used. Revised and new text should be underlined to highlight the new information. It may be useful to use descriptive gradations within categories of residual risk to indicate any trends.

Example: the risk has increased to the lower part of substantial. If a managed risk element is realised then it is necessary complete the Risk Realisation Template (Appendix H) and submit this form to the faculty/departmental Risk Management Manager. The purpose of the form is to identify whether any lessons can be learnt for the future.

Appendices

FileAppendix A: The Risk Assessment Template
(77k)
FileAppendix B: Working Data
(26k)
FileAppendix C: Guidelines for determining potential severity of risk being realised
(32k)
FileAppendix D: Guidelines for determining likelihood of risk being realised
(26k)
FileAppendix E: The Residual Risk Matrix
(45k)
FileAppendix F: Level at which risk should be reported
(30k)
FileAppendix G: Risk Appetite Policy and Procedure
(47k)
FileAppendix H: The Risk Realisation Template
(29k)

© Copyright University of Derby 2012 | Accessibility | Privacy | Site map | Disclaimer | Freedom of Information | Company info | About us as a charity | Trademarks of the University of Derby | Staff admin