版权说明:本文档由用户提供并上传,收益归属内容提供方,若内容存在侵权,请进行举报或认领
文档简介
1、ContentsCHAPTER 1: INTRODUCTION1.1 Purpose of this guideThis guide is intended to help organisations to put in place effective frameworks for taking informed decisions about risk. The guidance provides a route map for, bringing together recommended approaches, checklists and pointers to more detaile
2、d sources of advice on tools and techniques. It expands on the Guidelines for Managing Risk.The process of investment appraisal, in which assessments are made of costs, and risks, is outside the scope of this guide. However, many of the principles and techniques described here can be usedwhen develo
3、ping the. The approach described in this guide complements s guidance on programme and management and is continually updated to reflect current thinking. This approach, branded byas (), is supported by training and qualifications.1.2 What is management of risk?In this guide risk is defined asuncerta
4、inty of outcome, whether positive or negative. The termincorporates all the activities required to identify and control the exposure to risk which may have animpact on the achievement of an organisation s business objectives.Every organisation manages its risk, but not always in a way that is visibl
5、e, repeatable and consistently applied to support decision making. The task of is to ensure that the organisation makes cost effective use of a that has a series of well defined steps. The aim is to support better decision making through a good understanding of risks and their likely impact.There ar
6、e two distinct phases: and. Risk analysis is concerned with gathering information about exposure to risk so that the organisation can make appropriate decisions and manage risk appropriately.involves having processes in place to monitor risks, access to reliable and up to date information about risk
7、s, the right balance of control in place to deal with those risks, and decision making processes supported by a framework of and evaluation.covers a wide range of topics, including business continuity management, security, / management and operational service management. These topics need to be plac
8、ed in the context of an organisational framework for the. Some risk-related topics, such as security, are highly specialised and this guidance provides only an overview of such aspects.1.3 Why management of risk is importantA certain amount of risk taking is inevitable if your organisation is to ach
9、ieve its objectives. Effective helps you to improve performance by contributing to:increased certainty and fewer surprisesbetter service deliverymore effective management of changemore efficient use of resourcesbetter management at all levels through improved decision makingreduced waste and fraud,
10、and better value for moneyinnovationmanagement of contingent and maintenance activities.See for examples of the of more effective.1.4 Who is involved in risk managementIn practice, everyone in an organisation is involved in risk management to some extent and should be aware of their responsibilities
11、 in identifying and managing risk. However, there are some aspects for which responsibility must be assigned to individuals. Without clear responsibility (and the authority to support that responsibility) some risks will be missed or overlooked.In the public sector, there are two major roles with a
12、clear responsibility to ensure risks are managed (there will be equivalents to these roles in private sector organisations). These roles are:an Accounting Officer (or equivalent senior manager), who is responsible for theorganisation s overall exposure to risk. Typically this person will be the Chie
13、f Executive Officer (CEO); the senior manager in the organisation. They may delegate some of the actions but cannot forgo the responsibilitya senior manager acting as a owner , who is responsible for risk relating to a specific or andfor the realisation of associated business.Audience for this guida
14、nceBusiness managers, process owners, strategic planners, and teams, business continuity planners and security teams are the primary audience for this guidance, together with their service providers.It will also be of interest to auditors, with their responsibility for ensuring effective.1.5 How to
15、use this guideChapter 1 introduces the structure, process and culture of, explaining why organisations need to devise and implement effective strategies in order to maximise and minimise to the achievement of their business objectives. It identifies key personnel in the and the target audience for t
16、he guidance.outlines the key principles underpinning: establishing a framework, risk ownership, where risks occur, the decision making process, the importance of embedding the risk management culture, and allocating realistic budgets.describes the main activities of. It contains practical examples,
17、pointers and checklists for identifying and responding to risk, and monitoring.7 explain when and how should be applied throughout an organisation, at the strategic, , and operational levels.discusses the range of techniques available to support the process.The Annexes provide supporting detail: Exa
18、mples of of: Healthcheck: how well is your organisation managing risk?: Categorising risk: Setting a standard for evaluation of risk:, contractual and legal considerations: Managing organisational safety and security: Information on further techniques to support: Lessons learned from others: Assessi
19、ng the suitability of tools: Documentation outlines.1.6 The research for this guidancePrepared by OGCs Directorate, this guidance has been developed from extensive research into current thinking and practice in both the public and private sectors, drawing on published papers and interviews/studies w
20、ith a number of leading organisations involved in major change and with specialist experts in the. It builds on the recent work of the National Audit Office (), HM Treasury and Cabinet Office, together with OGCs published guidance on best practice in; it also aims to address issues relating to.This
21、guidance responds to lessons learned and the experiences of real-world practical issues, as reported by consultants in s Strategic Assignments Consultancy Service and their clients. In addition, it incorporates feedback from contributors to workshops and other review channels. These contributions ar
22、e acknowledged with thanks.CHAPTER 2: PRINCIPLESThis chapter outlines the key principles underpinning the effective.2.1 Critical success factors for management of riskThe key elements that need to be in place if is to be effective, and innovation encouraged, include:clearly identified senior managem
23、ent to support, own and lead onpolicies and the of effective management clearly communicated to all staffexistence and adoption of a framework for that is transparent and repeatableexistence of an organisational culture which supports well thought-through risk taking and innovationfully embedded in
24、management processes and consistently appliedclosely linked to achievement of objectivesrisks associated with working with other organisations explicitly assessed and managedrisks actively monitored and regularly reviewed on a constructive-blame basisno.Joint working and partnerships often involve m
25、ore complex types of risk that can adversely affect the delivery of business services. For example, if part of the service provided by one organisation is delayed or of poor quality, the success of the whole collaboration can be put at risk. You must make sure that your organisation knows about the
26、approaches of your partners. Sharing information about risk management means that risks in collaborative can be identified and managed in a proactive way.Public sector concernsThe Modernising Government initiative seeks to encourage the public sector to adopt well managed risk taking where it is lik
27、ely to lead to sustainable improvements in service delivery. More effectivewill improve the public sector s ability to undertake the increasingly complexrossand-cutting that are demanded by the Modernisation agenda. Public sector organisations need to have in place the skills, management structures
28、and organisational structures to take advantage of potential toperform better and to reduce the possibility of failure.The key areas that have to be addressed are:the requirements of including more focused and open ways of managing risk (see the section on below)the need for a at senior level, for a
29、n activity (strategy, or). He or she is supported by at everyday working levels as appropriate for the activity and risk exposurethe need for improved reporting and upward referral of major problemsand the potential resolution approachesthe need for shared understanding of at all levels in the organ
30、isation and with partners, combined with consistent treatment of riskmanaging in the wider context of of change and the business.The study of ( Supporting Innovation: Managing Risk in Government Departments), the CabinetSuccessful : Modernising Government in Action, and HM TreasuryOrange BookOffice
31、s report sprovide valuable messages that are incorporated in this guidance.Meeting the needs of corporate governanceCorporate governance is the ongoing activity of maintaining a sound system of internal control tosafeguard shareholders investment and the company s.The states that: company objectives
32、, its internal organisation and the environment which it operates in are continually evolving and as a result the risks it faces are continually changing. A sound system ofcontrol therefore depends on a thorough and regular evaluation of the nature and extent of the risksto which the company is expo
33、sed. Since profits or business results are in part the reward for successful risk taking in business, the purpose of internal control is to help manage and control riskrather than eliminate it.frameworks must ensure that management is held accountable for a corporations performance athat owners are
34、able to monitor and intervene in the operations of management.These principles apply equally to the public and private sectors. Whereas corporations focus mainlyon shareholder returns and the preservation of shareholders value, the public sector s implement cost effectively in accordance with Govern
35、ment legislation and policies.The British Standards Institute () has produced a guidance note onCorporate GovernancePD6668:2000 relating to the management of. It outlines a management framework for identifying the, determining the risks, implementation and maintaining control measures and finally re
36、portingannually on the organisation s commitment to this process.PolicyonmanagementofrisktosupportcorporategovernanceTo support, there needs to be a policy in place. This policy should:be appropriate for the size and nature of your organisation, its business and operating environmentbe clear about t
37、he roles (and, if possible, individuals) that are responsible for riskbe clear about escalation criteria in relation to (i.e., when to refer decision making upwards)ensure that processes, and the culture/infrastructure, to identify and manage risk are put in place; these processes must be repeatable
38、set up the mechanism for monitoring the success of the application of the policy (including reports to management, at least annually)ensure that internal control mechanisms are in place for independent assessment that the policy is implemented (and checked).2.2 What is at risk and why?There are many
39、 diverse factors that could place an organisation at risk. outlines the main reasons why there should be a robust process in place.Your organisation will have a set of key objectives. Risks should be identified against these objectives, ideally not more than 10-15 at high level. These high-level ris
40、ks will then be consideredand managed by senior management, increasing the organisation s ability to meet its objectives. provides a healthcheck to see if an organisation is adopting an effective framework for and risk management process.expands on possible categories of risk.Relating management of
41、risk to safety, security and businesscontinuityshould be carried out in the wider context of safety concerns, security and business continuity.Health and safety policy and practice is concerned with ensuring that the workplace is a safe environment.Security is concerned with protecting the organisat
42、ion and so on. s, including information, buildingsBusiness continuity is concerned with ensuring that the organisation could continue to operate in the event of a disaster , such as loss of a service, flood or fire damage.Figure 1: Reasons for a processReducing risk in large scale projectsExperience
43、 has shown that and attempting a large scale, comprehensive business change are less likely to be successful than those taking a less ambitious, step-by-step approach. Although the latter increases management activity, with each of the elements needing to be controlled and coordinated, the advantage
44、s are that activities are:easier to managesimpler to implement within the business environmenteasier to accept formally as, typically, the specification is easier to document and thus simpler to verify that it has been metable to offer more options for contingencymore likely to accommodate fast movi
45、ng changes in technology, or in the political or financial environmentable to offer more decision points, allowing greater control of the.2.3 Decisions about riskDecisions about risk need to be balanced so that the potential are worth more to the organisation than it costs to address the risk.For ex
46、ample, innovation is inherently risky but could achieve major in improving services. The ability of the organisation to limit its exposure to risk will also be of relevance.You should aim to make an accurate assessment of the risks in a given situation and analyse the potential. The risks and presen
47、ted by each course of action should be defined in order to identify appropriate response.Scope of decisionsDecisions about risk will vary depending on whether the risk relates to long, medium or short-term goals.Strategic decisions are primarily concerned with long-term goals; these set the context
48、for decisions at other levels of the organisation. The risks associated with strategic decisions may not become apparent until well into the future. Thus it is essential to review these decisions, and associated risks, on a regular basis.Medium-term goals are usually addressed through and to bring a
49、bout business change. Decisions relating to medium-term goals are narrower in scope than strategic ones, particularly in terms of timeframe and financial responsibilities.At the operational level the emphasis is on short-term goals to ensure ongoing continuity of business services; however, decision
50、s about risk at this level must also support the achievement of long- and medium-term goals. These organisational levels are discussed in more detail in Chapters, , and.There are also considerations about what can realistically be achieved in one change initiative. Delivery of each of the of a chang
51、e initiative (whether a, or stage) must provide some direct benefit to the organisation as a result of its delivery. This could be by delivering:a major to support/build towards the intended outcomefor example, providing atelephone helpline first as part of a new information service and then adding
52、websiteservices to expand the facilities available to the publicthe to part of the end user community and then rolling out to the rest of that communityfor example, introducing a new information service in the North-East and gradually making it available nationwide.This is a modular and/or increment
53、al approach that is further discussed in Chaptersandand in.When managing any it is essential to ensure major decisions are made appropriately. A will support some business change and so require something to be produced and then put into use.shows the main stages of the process and the decisions to b
54、e taken about breaking projects downinto manageable packages . For major projects, there will be formal in addition to the normal decision points; these reviews establish whether the is ready to proceed to the next stage.Figure 2: Main stages of the process2.4 Where risks occurThe process should be
55、most rigorously applied where critical decisions are being made.shows where risk can occur in an organisation. For convenience, these levels are described as:strategic or corporateoperational.In practice, the levels overlap; however, it is helpful to clarify the occurrence of risks at these levels to inform the kind
温馨提示
- 1. 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。图纸软件为CAD,CAXA,PROE,UG,SolidWorks等.压缩文件请下载最新的WinRAR软件解压。
- 2. 本站的文档不包含任何第三方提供的附件图纸等,如果需要附件,请联系上传者。文件的所有权益归上传用户所有。
- 3. 本站RAR压缩包中若带图纸,网页内容里面会有图纸预览,若没有图纸预览就没有图纸。
- 4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
- 5. 人人文库网仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对用户上传分享的文档内容本身不做任何修改或编辑,并不能对任何下载内容负责。
- 6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
- 7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。
最新文档
- 国家勋章和国家荣誉称号获得者黄宗德先进事迹学习(英勇战斗以身许国)
- 人教版七年级下册语文教案 全册
- “科教融合”背景下创新人才培养模式研究
- 穴位按摩联合中药穴位贴敷治疗 1 例妇科腹腔镜术后腹胀患者的护理
- 2021-2022学年广东省广州市广外增城实验学校六年级(上)期末英语试卷
- 离子反应的应用 高一上学期化学人教版(2019)必修第一册
- Unit+11+Wor ds+and+expressions 人教版英语九年级全册
- 教师实习心得体会(34篇)
- 初中教师读书心得体会14篇
- 交通事故自行协商处理合约(标准版)
- 专用镗孔机床的电气控制系统设计
- 焊接气瓶管理安全风险辨识预控措施
- 五年级下学期 长方体和正方体 物体浸没问题专项应用题训练35题 带答案
- 雷达料位计技术协议
- 弹簧支架技术
- 低压电机检修工艺规程完整
- 大单元教学在政治与法治课中的应用 课件
- 艺人管理守则
- 废钻井泥浆环保处理技术与设备
- 人教版小学二年级上册体育教案(全册详案版)
- 多维视角认识家庭教育
评论
0/150
提交评论