Bute Tipster is a Knowledge Database giving information, hints and tips on Microsoft Office applications and Personal Skills. Bute Tipster is updated daily and you can follow the daily entries on Twitter , Facebook and LinkedIn .

To review the database by topic, click on Table of Contents .

Risk Management

Reviewing and Evaluating the Framework

A plan for periodic review and evaluation of the risk management framework is a critical element of any risk management program. Typically a thorough review is performed annually.

Things that should be covered in the review process include:
·          Analysis of risk response measures and whether they achieved the desired result, and did so efficiently
·          Review of reporting and monitoring procedures
·          Knowledge gap analysis for risk assessments (Were people able to find the information they needed?)
·          Compliance check with appropriate regulations and organizations
·          Opinions of key external and internal stakeholders
·          Self-certification
·          Risk disclosure exercise, to identify future risks
·          Repeat of risk assessment
·          Lessons learned
·          Recommendations and implementation plan

To review the course outline for Risk Management: Click here

Reporting and Monitoring
When your organization establishes its risk management framework, a reporting hierarchy should also be established. Your reporting structure will differ depending on the complexity of your risk management program. Some common setups include:
·          A part-time risk manager
·          A risk management committee
·          A full-time risk management champion
·          A risk management team
·          A risk management department with an internal audit team

To review the course outline for Risk Management: Click here

Identifying and Evaluating Controls

Once a risk has been identified, and you have chosen to treat it, it’s time to look at controls that can be put into place to mitigate the risk.

Possible controls can include:

·          Re-allocating existing people or equipment

·          Additional people

·          New equipment

·          Skills and training

·          New information 

To review the course outline for Risk Management: Click here

Types of Processes

The first step in risk management is to recognise and identify risks. Remember, your risk assessment process should be proportionate to your organisation, so if you have a large, complex organisation, you will need a formal, complex risk identification process. If you have a small organisation, a short, informal process may suffice. Either way, you need to spend time recognising and identifying risks.

To review the course outline for Risk Management: Click here

What is Risk?

The ISO guide about risk management defines risk as, “the effect of uncertainty on objectives.”

Risks are typically related to one of four areas:

1        The organization’s long-term strategy (three years, five years, and beyond)

2        The way that an organization manages change (for example, during mergers and
           restructuring)

3        The day-to-day operations of the organization

4        The general financial health of an organization

Risk can be positive, negative, or neutral – simply a deviation from the norm. Risk is often defined as an event or a consequence.

To review the course outline for Risk Management: Click here