risk and business continuity risk registers a user guide robbie sinclair manager risk and business...
TRANSCRIPT
![Page 1: Risk and Business Continuity Risk Registers A user guide Robbie Sinclair Manager Risk and Business Continuity](https://reader036.vdocument.in/reader036/viewer/2022082612/56649f135503460f94c27a3f/html5/thumbnails/1.jpg)
Risk and Business Continuity
Risk Registers
A user guide
Robbie Sinclair
Manager Risk and Business Continuity
![Page 2: Risk and Business Continuity Risk Registers A user guide Robbie Sinclair Manager Risk and Business Continuity](https://reader036.vdocument.in/reader036/viewer/2022082612/56649f135503460f94c27a3f/html5/thumbnails/2.jpg)
Risk and Business Continuity
Agenda
Our task is to
1.Understand what Risk is at Griffith university
2.Understand the Risk Policy, Framework and Register
3.Completing the Risk Register
![Page 3: Risk and Business Continuity Risk Registers A user guide Robbie Sinclair Manager Risk and Business Continuity](https://reader036.vdocument.in/reader036/viewer/2022082612/56649f135503460f94c27a3f/html5/thumbnails/3.jpg)
Risk and Business Continuity
Risk at Griffith University
Risk is defined as
“…the chance of something happening that will have an impact on achievement of the University’s objectives…”
The International Standard (ISO 31000:2009) expands on this
definition to include the influence of ‘uncertainty’
![Page 4: Risk and Business Continuity Risk Registers A user guide Robbie Sinclair Manager Risk and Business Continuity](https://reader036.vdocument.in/reader036/viewer/2022082612/56649f135503460f94c27a3f/html5/thumbnails/4.jpg)
Risk and Business Continuity
Risk at Griffith University3 internal documents guide risk management at Griffith University
1.Risk Management Policy Currently under review
2.Risk Management Framework Currently under review
3.Risk Register Executive review and support obtained
![Page 5: Risk and Business Continuity Risk Registers A user guide Robbie Sinclair Manager Risk and Business Continuity](https://reader036.vdocument.in/reader036/viewer/2022082612/56649f135503460f94c27a3f/html5/thumbnails/5.jpg)
Risk and Business Continuity
Risk at Griffith UniversityAbout these documents?
1.Risk Management Policy Remove operational aspects Align closer to Strategic Objectives Cognisant of TEQSA guidelines
2.Risk Management Framework Closer reference to Risk Policy – consistent language Reflect “best of breed” position
3.Risk Register Existing template Review of existing risks currently Close alignment to TEQSA guidelines Robust Executive Group discussion encouraged!
![Page 6: Risk and Business Continuity Risk Registers A user guide Robbie Sinclair Manager Risk and Business Continuity](https://reader036.vdocument.in/reader036/viewer/2022082612/56649f135503460f94c27a3f/html5/thumbnails/6.jpg)
Risk and Business Continuity
Risk at Griffith University - Hierachy
Griffith University CouncilGriffith University Council
Executive Team(DVC – PVC)
Executive Team(DVC – PVC)
Divisional Management & Staff
Divisional Management & Staff
•Endorsement of risk appetite and policies. Approval of target risk position and action plans
•Functional oversight and provide support to Council, Executive team and business units
•Day to day risk management activities
•Endorsement of risk appetite and policies. Approval of target risk position and action plans
ASSURANCE PROVIDERS
Internal Audit, Manager Risk and
Business Continuity
ASSURANCE PROVIDERS
Internal Audit, Manager Risk and
Business Continuity
Independent challenge of risk information and
review of control effectiveness and action
implementatoin
![Page 7: Risk and Business Continuity Risk Registers A user guide Robbie Sinclair Manager Risk and Business Continuity](https://reader036.vdocument.in/reader036/viewer/2022082612/56649f135503460f94c27a3f/html5/thumbnails/7.jpg)
Risk and Business Continuity
Risk at Griffith University
No RiskRisk
Category
Inherent risk
Risk decision
Residual Risk
Key controls / mitigating actions StatusExecutive
responsibleC L Rating C L Rating
Risk Categories
SafetyFinance
ReputationComplianceCommercial
Risk decisionAccept Controls are deemed appropriate. Monitored and contingency plans developed
Mitigation
Reduce the likelihood - Improving management controls and procedures.Reduce the consequence - Putting in place strategies to minimise adverse consequences, e.g. contingency planning, Business Continuity Plan, liability cover in contracts.
TransferShifting responsibility by contract or insurance. Can be transferred as a whole or shared.
AvoidNot to proceed with the activity or choosing an alternative approach to achieve the same outcome. Aim is risk management, not aversion.
ConsequencesInsignificant
MinorModerate
MajorCatastrophic
LikelihoodRare
UnlikelyPossible
Likely
Almost Certain
RatingLowMediumHigh
Extreme
RiskIn this space articulate the risk in terms appropriate to the reader. Should be descriptive to remove ambiguity and misinterpretation
RiskIn this space articulate key control activities planned or underway to mitigate the risk (assuming the decision regarding the risk was to mitigate in the first place. Controls need to be defined and address the risk issues.
Risk
In this space advise who in your group is responsible for this risk
![Page 8: Risk and Business Continuity Risk Registers A user guide Robbie Sinclair Manager Risk and Business Continuity](https://reader036.vdocument.in/reader036/viewer/2022082612/56649f135503460f94c27a3f/html5/thumbnails/8.jpg)
Risk and Business Continuity
Likelihood rating
The number of times within a specified period in which a risk may occur either as a consequence of operations or through failure of physical or virtual assets, operating systems, policies or procedures.
Rating Description Occurrence Probability
Almost Certain Expected to occur in most circumstances Multiple / 12 months > 80%
Likely Strong possibility of occurrence Within 12 months 61% – 80%
Possible May occur occasionally Within 5 years 31% – 60%
Unlikely Not expected to occur but may happen Within 10 years 5% – 30%
Rare May only occur in exceptional circumstances >10 years < 5%
Likelihood Rating: Evaluation Criteria Ratings are used to provide definition so there is a common understanding of their meaning. The likelihood rating is a measure of the probability over time of exposing the University to specific risks. It considers factors such as:
Anticipated frequency of occurrence;
The external environment (e.g. regulatory, economic, competition, community expectations and market issues);
The procedures, tools and skills currently in place; and
History of previous events – taking into account Griffith University, other University sector and wider business sector experiences.
![Page 9: Risk and Business Continuity Risk Registers A user guide Robbie Sinclair Manager Risk and Business Continuity](https://reader036.vdocument.in/reader036/viewer/2022082612/56649f135503460f94c27a3f/html5/thumbnails/9.jpg)
Risk and Business Continuity
Consequence Rating: Evaluation CriteriaUniversity risks are assessed in terms of the consequence of their impact on strategic objectives. Indirect financial consequences such as reputation and management effort are key considerations. It is understood there can be more than one consequence, and those consequences can be either positive or negative, and sometimes simultaneously. Consequences can be expressed qualitatively or quantitatively and are considered in relation to the achievement of objectives. The following table is used to guide the assessment of consequence of each identified risk.
#The consequence category for “Project Budget” may differ according to the overall value of the project itself. Likewise, the criteria for “Program Delays” may also vary depending on the specific Project deadlines.
![Page 10: Risk and Business Continuity Risk Registers A user guide Robbie Sinclair Manager Risk and Business Continuity](https://reader036.vdocument.in/reader036/viewer/2022082612/56649f135503460f94c27a3f/html5/thumbnails/10.jpg)
Risk and Business Continuity
Risk at Griffith University
Consequences
LikelihoodInsignificant Minor Moderate Major Catastrophic
Almost Certain Low Medium High High Extreme
Likely Low Medium Medium High High
Possible Low Low Medium Medium High
Unlikely Low Low Low Medium Medium
Rare Low Low Low Low Medium
![Page 11: Risk and Business Continuity Risk Registers A user guide Robbie Sinclair Manager Risk and Business Continuity](https://reader036.vdocument.in/reader036/viewer/2022082612/56649f135503460f94c27a3f/html5/thumbnails/11.jpg)
Risk at Griffith University
Robbie Sinclair
Manager Risk and Business Continuity
Nathan Campus
Griffith University
Ph: +617 3735 7706