Preparation of a Risk Register



Preparation of a Risk Register
A risk register is defined in the ISO Guide 73 as the document used for recording risk management process for identified risks. The end result of the risk assessment process is duly completed risk identification and analysis sheets that contains more detailed information relating to each risk identified and analyzed.

The purpose of the risk register is to facilitate ownership and management of each risk. Typically, the risk register covers the significant risks facing the organization or the project. It will record the results of the risk assessment related to the process, operation, location, business unit or project under consideration. All sheets should be summarized in a single spread-sheet called the Risk Register Most of the information needed to complete the register is already completed in the risk identification and analysis sheets. The risk identification and analysis sheets become attachments to the register to provide more information.


Development and Implementation of Risk Treatment Action Plans
Risk treatment involves identifying the range of options for risks, assessing these options and the preparation and implementation of treatment plans. A key outcome of the risk evaluation process is a list of those risks requiring further treatment, as determined by the overall level of the risk against the organization’s risk tolerance levels. However, not all risks with require treatment as some may be accepted by the organization and only require occasional monitoring throughout the period. The risks that fall outside of the organization’s risk tolerance levels are those which pose a significant potential impact on the ability of the organization to achieve set objectives. The purpose of treating risks is to minimize or eliminate the potential impact the risk may pose to the achievement of set objectives.
Treating risks involves the following key steps, each of which are covered in detail in this section:
a)     Identify risk treatment options,
b)    Conduct a cost-benefit analysis,
c)     Assign risk ownership,
d)    Prepare risk treatment plans,
e)     Identify risk treatment options.
Each of these steps is explained below:


Identify risk treatment options
Risk treatment design should be based on a comprehensive understanding of how risks arise. This includes understanding not only the immediate causes of an event but also the underlying factors that influence whether the proposed treatment will be effective.
The following are the common treatment options available;
Ø  Avoid (also Terminate) the risk change the business process or objective so as to avoid the risk,
Ø  Change the likelihood (also Treat) undertake actions aimed at reducing the probability of the risk occurring,
Ø  Change the consequence (also Treat) undertake actions aimed at reducing the impact of the risk,
Ø  Share (also Transfer) the risk – transfer the ownership and liability to a third party(e.g. insurance),
Ø 

 
Retain (also Tolerate) the risk – accept the impact of the risk.


Conduct a cost-benefit analysis
Consideration should be given to the cost of the treatment as compared to the likely risk reduction that will result. For example, if the only available treatment option would cost in excess of $100 to implement and the cost impact of the risk is only $50, it may not be advisable. In order to understand the costs and benefits associated with each risk treatment option, it is necessary to conduct a cost-benefit analysis as follows;
Ø  Define, or breakdown the risk into its elements by drawing up a flowchart or list of inputs, outputs, activities and events,
Ø  Calculate,   research or estimate the cost and benefit associated with each (include if possible direct, indirect, financial and social costs and benefits)
Ø  Compare the sum of the costs with the sum of the benefits.


Assign risk ownership
Allocate responsibility to risks according to the nature/category of the risks and action needed to take treatment plans. The risk owner nominated assumes responsibility for developing and completing effective Risk Treatment Action-plans. The risk owner should be a senior staff member or manager with sufficient technical knowledge about the risk and/or risk area for which treatment is required. The risk owner may delegate responsibility (but not accountability) to his/her subordinates.

Table below presents an example on how to assign risk ownership to different levels of management, depending on risk category:
Table : Example on Assigning Risk Ownership
Risk type
Risk owner
Strategic
Accounting Officer
Human resources
Director of Human Resource and Administration
Finance/Budget
Chief Accountant
Health and Safety
Director of Human Resource and Administration
Reputational
Accounting Officer/ Public Relations Officer
IT and Systems
IT Manager



Complete Risk Treatment Action Plans
The successful implementation of the risk treatment require an effective management system that specified the methods chosen, assign responsibilities and individual accountabilities for actions, allocate resources to risk treatments, and monitor them against specified criteria. Linking the risk treatment option with daily implementation of strategic/operational activities will maximize the potential for curbing the risks identified.

Comments

Post a Comment

Popular posts from this blog

Routes of communications and their advantages and disadvantages

Communication has been defined as exchange of information creating and maintaining relationship as well as sharing understanding with those around us. Also communication is defined as process in which people share information, ideas and feelings. It involves spoken and written words, body language personal mannerisms, styles and anything that adds meaning to a message. Therefore, Communication is a transfer of information to achieve a goal. Organizational communication is the process by which information is shared within organizations such as businesses. Outside of informal social interactions, individuals in an organization typically communicate with coworkers in their departments who have attained the same status they have, or they communicate with their direct superiors or subordinates. Routs of Communication are ways in which information transfer from one place/person to another, these are: Lateral/Horizontal communication  is  communication  b...
Read more

How to listen properly? - Strategies to improve listening skills

Image
Strategies to improve listening skills Most groups of people such as students spend a lot of time listening to their teachers/instructors during learning/class sessions. Listening is practiced in our daily life experiences. It is important to improve the level of listening so that to improve communication. Oral communication is the one mostly involving the listening skills. Various strategies can be used to improve listening skills. Some of these strategies have been stipulated here below; Maintain eye contact with the instructor. Eye contact keeps you focused on the subject matter at hand and keeps you involved in the matter. Eye contact Increases the level of concentration and understanding. If eye contact is not maintained, it is likely to lose focus, concentration and understandability. Focus on content, not delivery. Content carries the message that someone is about to deliver during the speech. Focusing on the content increases the level of understandabil...
Read more