Risk

Register January 2011

Ciaran Whyte

Risk Administrator
Planning & Strategic Projects Unit
Agenda
• Objectives of Seminar
• Why manage risks?
• Who should have a risk register?
• Risk Management Theory
• Risk Register format
• Risk Register Intranet Tool
• Risk Registers and Coordinators
• Examples of managing risks
• Risk Assessment Process
• Active Risk Management
 Objectives of Seminar

At the end of the seminar you should -

• Know why you should create a risk register

• Be able to create a risk register
• Know how to keep the register up to date
• Have an awareness of University risk management practices
• Know how to be more successful in risk management
 Why manage risks?
risk “the threat or possibility that an action or event will adversely or
definition beneficially affect an organization's ability to achieve its objectives”

KNOWN POTENTIAL
PROBLEMS PROBLEMS

Issues pro-active Risks

management

Fire-fighting Containment actions

Damage limitation Contingency
Costly emergency actions

• lower costs
• less stressful
Who should have a risk register?

 Project management teams

 College / School management teams
 Administrative Department management teams
 University senior management teams (SAM / SMT)
 All groups of people who meet to achieve common objectives
• Current problems - Minutes / action items
• Future problems - Risk register
Risk Management Theory
• past experiences
• inputs
• focus areas
Risk Identification • ignore risks outside control

Risk Evaluation
• determine likelihood or

Risk Mitigation probability of occurrence

• determine magnitude of
loss or impact

Risk Monitoring
• avoid
• contain
• active acceptance
• passive acceptance
• transfer • chase actions / reassess probability & impact / add
new risks
• regular reviews of register
• quick & simple communication to key stakeholders
Identifying Risks
When you have a plan for the future project tasks
- step back and consider the possibility of each task failing to meet
timescales / budget / quality objectives
- review all assumptions
Write down a clear definition of the risk – ‘there is a risk that ….... which will impact......’
Consider past experiences
- lessons from past projects or other intellectual material
- review list with other project managers and key project team members
Consider all the evidence
- requirements and design documents, dependencies, resourcing, status reports
Brainstorm with key project individuals
- facilitated sessions – Delphi technique / SWOT analysis
- expert interviews
Foster open communication within project team
- give the team the opportunity to raise risks
- don’t shoot messengers!
Ignore risks over which you have no control
- keep within your scope and what is manageable
Evaluating Risks

Determine likelihood or probability of occurrence

- consider how many times this has been an issue before
- use past experience to guide probability
- select HIGH / MEDIUM / LOW

Determine magnitude of loss and impact

- assess impact in terms of scale of consequences should issue arise
- assess in relation to scope of area being managed
- select HIGH / MEDIUM / LOW
Mitigating Risks
avoid
- eliminate the cause
- remove task/activity causing risk from plan
contain
- add actions to plan to reduce probability (high  medium  low)
- add actions to plan to reduce impact (high  medium  low)
active acceptance
- set aside contingency
- allocate extra resource or finance
- take out insurance
passive acceptance • is the action appropriate to risk severity?
- do nothing • is cost of action effective enough?
- accept consequences • is the action timely enough?
transfer • is the action realistic within project context?
- pass risk to another party • is the action agreed by all parties?
- commercial agreement • is the action owned by a responsible person?
Monitoring Risks

 be disciplined in ensuring that all actions are completed

 ensure risk status covered in regular project reports
 consider new risks as the situation changes
 Gather feedback from owners of existing risks
- changes to probability/impact/trend
 Review RED risks and assign new actions
 Review ‘increasing’ trend risks and assign new actions
 Do NOT review all risks – manage by exception
 escalate in good time to allow mitigation actions to be improved
– don’t wait until it becomes an issue!
 Red - existing controls not working/adequate (to escalate)
Amber - existing controls in danger of failing

Risk Register format Green - controls are working

Project name of project

PI ANO1 Date this revision 03/07/2009
Project Manager ANO9 Date next revision 03/08/2009
Prob-
ID RAG Owner Description & Impact ability Impact Trend Controls/Actions Action By Action Due
1. maintain holiday plans
there is a risk that insufficient resources will be available 2. ensure working instructions documented for all regular services 1. all team members 1. ongoing
Identification due to sickness, unplanned absences, etc. to deliver
committed Project activity which will impact the delivery
3. create deputy cover plan and conduct training
4. conduct regular reviews of Project commitments and secure
2. all team members
3. all team members
2. Oct 2009
3. Aug 2009
001 Green PI of Project outputs M H No change increased funding when required 4. PI 4. ongoing
there is a risk that the space and office facilities
necessary to support Project team members is 1. PM
inadequate which will impact the delivery of Project 1. assign responsibility for Estates interface to a single team member 2. PM and individual 1. July 2009
002 Amber PM outputs and staff morale M H Increasing 2. gather feedback in individual reviews team members 2. ongoing
there is a risk that xxxxxxxxxxxxxx are not supportive of
achieving xxxxxxxxxxx which will impact the ability to
003 Red PM xxxxxxxxxxxxxxxxx H M Increasing involve xxxxxxx in delivery of xxxxxxxxxxxxxxx PM 1. Jul 2009
there is a risk that timescales are not achievable due to
delays with pre-requisite activities which will impact the 1. create Project plan of all outputs 1. PI 1. Aug 2009
004 Green PI timely delivery of plans and other outputs M M No change 2. establish and communicate all leadtimes for Project deliverables 2. all team members 2. Oct 2009
Evaluation
1. liaise with xxxxxxxxxxx to ensure that data is made readily available
2. timetable of available data published for xxxxxxxxxxxxxxx 1. ano3 1. ongoing
there is a risk that timely, relevant, up-to-date data isn't 3. create timescales for all deliverables to allow time to gather 2. PI 2. Quarterly
005 Green ANO3 available to create Project deliverables L M No change relevant information 3. all team members 3. Every 6 months
there is a risk that priorities from higher management will
change during the Project, which will impact the Project 1. create a change process by which new priorities are assessed for
006 Green PI workload and achievement of outputs H M Decreasing impact, have agreement and implementation plans 1. PM 1. Aug 2009
Mitigation 1. formalise a clear communications channel between xxxxxxxxxx on
there is a risk that relationships with external partners existing relationships with external partners
could be jeopardised strategically due to issues relating 2. Assign a liaison(s) for each external partner and use them to help 1. PM 1. Aug 2009
007 Amber PI to xxxxxxxxxxxxxxx M M Increasing address project issues 2. all team members 2. Aug 2009
Risk Register Intranet Tool - Solution

HR/payroll Owners – Risk log

read only print-out for
access meetings
Authorised
names/depts
Warning
Intranet messages
Risk Register
Coordinators –
update access
Administrator –
total access and
Audit reporting
Risk Register Intranet Tool - Roles
University / School /
Administrative Department
Risk
View all risks
Register View all risks ‘owned’
Owner
Owner in register

Risk Database
Project
Manage risks
Risk
Project Manage risks for for assigned School Coordinator
named project or Admin Dept
Manager

• View all University risks

Administrator • create new project register
• School/Dept register restructuring
• access control
• audit and monitoring
• reporting to SAM/SMT/Audit Committee
 Risk Registers & Coordinators
Administrative Code Risk Coordinator
Department
Academic Registry ACR Adrian Novis
ISS ISS Tony Ollier
DRI DRI Chris Talbot
School / College Code Risk Coordinator
Catering CAT Les Carmichael
Arts & Humanities AAH Debbie Marshall
Business & Economics BAE Alan Evans Conference Services CON Peter Belcher
DACE DAC Judith James Egypt Centre EGY Carolyn Graves-Brown
Engineering ENG Steve Davies Estates EST Ian MacPherson
SOTEAS SOT Adrian Luckman Finance FIN Phil Gough
Health & Human Sciences HHS John Davies HR HRE John Cox
Law LAW Andrew Beale Marketing MKT Chris Marshall
Medicine MED Paul Roberts / PSPU PSP Ciaran Whyte
Sian Roberts
Residential Services RES Gareth Atkinson
Physical Sciences PHY Niels Jacob Safety Office SAF Graham Jones
Sport & Physical Recreation SPR Kevin Harrison
Student Services STS Sarah Huws-Davies
Taliesin Arts Centre TAL Sybil Crouch
VC’s Office VCO Martin Lewis
University UNI Ciaran Whyte
 Examples of managing risks
Prob- Proxi Action
ID RAG SMG SMT Owner Description & Impact ability Impact Trend Controls/Actions mity Action By Due
1. disseminate marketing strategy
and put initial project plans in place
2. coordinate the contractual
obligations of all EU activity into a
coherent economic delivery plan 1. SMT / Raymond Ciborowski / 1. Dec
3. maximise the repertoire of case Catherine Mullin 2010
studies with business and industry 2. Noel Thompson / Ian Cluckie 2. Aug
and then market these working with / Head of Schools or Colleges 2011
Working with failure to project an even better reputation DRI and the new business marketing 3. Noel Thompson / Ian Cluckie 3. Aug
U008 Amber Others VC of Swansea University M H Increasing forum structure / Head of Schools or Colleges 2011
1. establish key performance
failure to manage the University efficiently indicators
or effectively within changing external 2. establish improved mgt reporting
market conditions which will impact processes 1. Pat Price / Phil Gough
Efficiency & Raymond delivery of services and University 3. external advice on impact of HE 2. Raymond Ciborowski
U009 Amber Effectiveness Ciborowski finances M H No change market changes 3. Raymond Ciborowski Aug-11
1. David Williams
1. ensure robust HR policies and 2. David Williams
practices 3. Head of Schools or Colleges /
in times of pressure on public funding 2. implementation of HR policies Directors of Administration
Building failure to recruit, retain and motivate high 3. management of staff 4. Craig Nowell / Head of
Common quality staff to maintain the rate of 4. ensuring adequate physical Schools or Colleges / Directors
U010 Amber Purpose VC academic development of the University M M Increasing environments for staff of Administration Aug-11
1. provide training and staff
development to Schools on
performance management 1. Raymond Ciborowski / David
2. implement performance Williams / Andrew Morgan
Building failure to maximise the performance of management processes 2. Head of Schools
Common Raymond staff which will impact the quality of 3. to be addressed in Business 3. Noel Thompson /
U011 Amber Purpose Ciborowski services delivered and University finances M M No change Planning process Ian Cluckie / Pat Price Aug-11
Risk Assessment Process
 Pre-risk assessment checklist
 22 multiple choice questions
 A – low risk
 B – medium risk
 C – high risk
 Identifies impacts to administrative functions
 Risk Assessment Review
 Risk assessment checklist
 Risk register
 DRI summary of finances
 Summary presentation (major projects)
 SMT approval
 Risk.Assessment@swansea.ac.uk
 Active Risk Management
 track risk actions as part of your status reporting
 foster a ‘heads-up’ culture as part of tracking to keep looking ahead
 start all tasks as early as possible to increase mitigation options
 maintain open and non-threatening communications
 decriminalise risk within project team – keep a positive attitude!
 Involve the key project skills in risk management – not just PMs
 communicate risk information – stakeholders & project team
 maintain your Project Files– and risk audit trail

Risk management provides a –

• more efficient and cheaper way of working
• less stressful working environment
Conclusions

THANK YOU for your time today

c.m.whyte@swansea.ac.uk