Aim of Risk management policy

The risk management policy aims to minimize risk in the conduct of the Institutes activities and to seek appropriate opportunities in line with the Institutes strategy and business plans. Risk management is considered to be fundamental to good management practice and organizational governance. Effective management of risk provides an essential contribution towards the achievement of the Institutes strategic and operational objectives and goals. Considering IRRIs unique features as a research and training institute, we focus on the risks related to research activities. A major response to research related risks is quality assurance (QA). Giving particular attention to improving its internal quality assurance (QA) processes and practices, in recognition that an important subset of the Institutes risks, especially within research, is managed through such processes. QA ensures that IRRIs research outputs are of the highest verifiable quality, thus maintaining its reputation for scientific excellence and integrity. Risk assessment process Establish context define OU objectives, identify critical factors in the environment, identify stakeholders, and define risk appetite Identify risks what can happen? How and why? Analyze risks risk relevance, continuity implications, nature of risks, affected business processes, existing control measures, and risk levels (Fig. 1) Evaluate risks compare against risk appetite; accept or avoid risks. Business continuity management process Planning initiation, business impact analysis (identify downtime to each key process) Define response strategies, develop continuity plans for the chosen strategy Develop a communication strategy; training, maintenance and testing plans; activation and development of plans
Trigger (Initiator) Equipment failure Physically hazardous Environment Natural calamities

Table 2. Updated recovery action plans for SSD

Action plan: recovery of SSD research data

Action (What needs to be done) 1.Local travels: Provision of appropriate vehicles by TS based on requirements / specification of the researcher 2.International travel: Bangladesh and India: Provision of IRRI vehicle and driver 1.Dissemination of SSD Back-up retrieval procedure through training 2.Update SSD External Backup List and NETWIN Access.xls 3.Develop SOP on proper turnover of baseline data 4.Issuance of external drives for backup purposes 1.Develops standards for data documentation 2.Explore web tool applications that can monitor web access downtime 1.Onsite data audit 2.Use of digital technologies in data collection Responsible (Who is responsible for the work) SSD staff IPMO IRRI out-posted staff Procedure(s)/References (How the work needs to be done) Official cell phone (with roaming) IRRI vehicle

Inefficient data-turn over of departing staff Technological failure

IT Coordinator and RMQA IT Coordinator IT Admin

Funding Training / Staff time Hiring of OJT Beta test of SSD Internal clearance staff form

Risk management at SSD

Internal & External (Database Management)

SSD STAFF SSD-RDM

Funding Workshop / Staff time

Human Behavior Inadequate Levels of skills of some NARES partners

SSD Staff Collaborating OUs NARES Partners and DPPC SSD RDM IT Coordinator

Funding Staff Training NARES Partners SSD Staff time

Delayed Completion of Data collection and analysis, processing and research reports Possibility of data fabrication Career Pressure Plagiarism

1. Acquisition of tablet PC 2. Assessment / Development of tablet applications in digital household survey 1.New publication Guidelines Info Campaign 2.Enhance awareness on plagiarism 3.Implement Data access Policy for SSD 1.Coordinate with safety 2.PPS 3.HRS

Funding Training

OU Head SSD Staff SSD RDM

Staff time

Fig.1. Risk Profile and response Strategy

Slippery floors and stairways during rainy days Eye discomfort due to too much glare Installation flaw causes concern and discomfort

SSD SAFETY PPS HRS Heads

Funding Staff time

RMQA recent activities

SSD risk analysis process

The risks encountered are monitored and graded (Table 1) through this the RMQA officer would identify Evaluate the risk impacts: refer to the severity of the exposure of the Institute if a risk event occurred: risk likelihood refer to the probability of a risk occurring, given what is known about the degree of quality of the risk mitigation strategies in place for a given risk. For analytical purposes, this will be measured in terms of Low, Medium, High. Through this the RMQA officer together with the key person involved would identify the risk nature, risk owner (responsibility), and identify the existing control measure. Control measures are further assess by its effectiveness, if it can be improved or revised entirely. The recovery action plans (Table 2) will consists of the supporting documents.
Table 1. Summary of SSD risk registers from 2010-12
2010 2011
Risk level Risk impact
Risk likelihood

Business Continuity Management Shadow Planner Sessions ITLC Learning Center April 23-24, 2009

RM and BCM Overview Sept 9, 2009

2012
Risk level Risk impact
Risk likelihood

Data backup and recovery training May 31, 2011

Risk statement
Accidents during field work Loss of research data Inaccessible research data (Internal & External) Inaccurate and low-quality research data gathered Delayed completion of data analysis and research reports Scientific misconduct Workplace safety

Risk impact

Risk likelihood

Risk level

SSD Risk Management Initiative Mini Workshop IRRI Guesthouse, Feb. 26, 2010

High High

Low High

Med High

High High

Low High

Med High

High High

Low Med

Med High

SSD head Samarendu Mohanty SSD RMQA leader Thelma Paris SSD RMQA officer Dehner M. De Leon
SSD RMQA TEAM MEMBERS:

The SSD RMQA TEAM

High Med High High

Low Med Med Low

Med Med High Med

High Med High High

Low Med Med Low

Med Med High Med

High Med High Med

Low Low Low Med

Med Low Med Med

Piedad Moya Arnel Rala Orlee Velarde Donald Villanueva

RMQA senior manager: Marichu Bernardo