Most of the content on this intranet is made up of ex county council information due to the county intranet being turned off. Please read the blog to find out more about how we have developed this new intranet and where you can go to find information that relates to you.
Process and tools
Process and tools for risk management.
Risk Management Process
The risk management process follows a series of distinct stages, as illustrated in the diagram opposite. Within each stage there are a number of sequential steps.
Whilst we recommend following this process, it is more important that the key controls implemented to manage or mitigate the risk are effective and are helping to achieve the stated objectives and outcomes of the Plan, Programme, Project, Partnership, Contract, etc.
Setting the Scope and Context
he risk management process starts with establishing the context and scope of activity and providing clarity around the objectives and outcomes being risk assessed. This then sets the scene for assessing the relevant risks within the scope of the chosen activity.
At the centre of the risk management process are the activities of risk assessment and risk response.
Risk Assessment
Risk Assessment comprises three main stages:
- Risk Identification - Having identified the risk there is a need to adequately describe the risk.
- Risk Analysis - Each risk should be analysed for its potential in terms of impact and likelihood on objectives.
- Risk Evaluation - Having scored each risk it becomes clear which risks are more significant and therefore require action.
To ensure consistency and the ability to compare risks across the Council a standard 5 x 5 risk matrix is used to evaluate risk scores for all risks.
Risk Response
Risk response comprises four options known as the 4 T’s:
- Terminate or avoid the risk altogether (though this may not be possible for certain statutory functions).
- Tolerate or accept the risk.
- Transfer the risk.
- Treat / Reduce the risk.
The chosen risk response option should be proportionate to the scale and impact of the identified risk, with some risks being transferred or included within insurance policies.
For more significant risks it will be mandatory for them to be reduced or, due to limited resources, to be tolerated at an agreed level.
All risk responses should identify ownership and timescale for implementing the chosen action.
Risk Recording and Reporting
As part of good governance, it is important to record all key risks.
The Council manages a register of key strategic risks, assigning clear responsibility for ensuring that effective control measures are implemented and monitored.
Directorates and Assistant Directors are responsible for developing appropriate risk registers for their area of service delivery against the minimum agreed standards.
Risk Management Tools
For each stage of the risk management process, the following table summarises the tools and techniques that can support that part of the process. For further details see the Risk Management Toolkit (SharePoint) and the Risk Management Process Guide (SharePoint).
| Process Stage | Tools and Techniques | |
| 1. Identify Risks: | Setting the context. |
Stakeholder analysis. PESTLE analysis. Risk Categories. SWOT analysis. Horizon Scanning. |
| Identifying and describing the risks. |
Root Cause Analysis. Risk Descriptions. |
|
| 2. Assess Risks: | Risk estimation. |
Impact assessment. Likelihood assessment. |
| Risk evaluation. | Summary risk profiles. | |
| 3. Risk Response: | Risk response planning. |
Risk Action Planning. Cost Benefit analysis. Risk Identification and Action Form. |
| 4. Reporting and Reviewing: | Risk monitoring. |
Update summary risk profile. Risk Register. |