Professional Documents
Culture Documents
Spec 2 - Report Topic - Tierra Monique
Spec 2 - Report Topic - Tierra Monique
SPECIALIZATION 2:
RISK MANAGEMENT
ASSIGNMENT
RISK REVIEW AND UPDATE
TIERRA, MONIQUE C.
18 – 11329 – 958 | 5-AR1
1 ARC515-18 SPECIALIZATION 2
RISK REVIEW AND UPDATE
The Risk Review is conducted at regular intervals throughout the project to assess the current
project environment to determine if any changes are needed to manage future risks.
When to review?
The risk review should be scheduled such that it occurs at regular intervals and includes input
from the project team, specifically the risk owners. It should be aligned to when changes are
planned for the project. Not every single change should require a risk review. Instead, only those
that have an impact on the overall project environment. Review may be necessary if the
following circumstances arise:
Each risk review should follow a structure so that the risk owners know how to prepare
and so that there are fewer opportunities to miss an impactful change. The risk owners, project
team, and project manager can ask questions such as these in the risk review:
2 ARC515-18 SPECIALIZATION 2
o For each existing risk, is the impact the same as before?
o Are any individual risks occurring together, thus amplifying the impact?
o Are there existing risks that are no longer possible and should be closed?
o Are there any lessons learned to apply moving forward?
After the risk review, the risk manager develops and writes the improvement plan for the
Risk Management to update the program in order to increase its maturity and performance. The
improvement plan should address:
o investment
o training
o communication
o policy changes
o contingency planning
o organizational changes (e.g., new teams)
o asset procurement
ACCOUNTABILITY
Many organisations today have a dedicated person or a team of ‘risk advisors’ responsible
for supporting the organisation’s risk taking initiatives and helping the Board and senior executives
manage a wide range of opportunities and risks. The role is often referred to Chief Risk Officer
(CRO), Risk Manager, Risk Advisor, Risk Management Co-ordinator or similar. Consequently,
one of the major problems facing risk advisors is the perception of who is actually responsible for
risk management. In this context, the following are the ones who plays important role in enforcing
Risk Management. These stakeholders are the Board, senior executives/ management and staff in
the risk management framework.
3 ARC515-18 SPECIALIZATION 2
The Board
Risk management governance would always start from the top and for this the Board is the starting
point. In general, the Board is ultimately responsible for adopting and committing to an
organization's Risk Management Framework/Policy. Responsibilities specific to the risk
management framework include:
The Chief Executive Officer with the assistance from the Chief Risk Officer, senior managers
and/or risk owners is responsible for leading the development of a sound risk management culture
across the organisation. Specifically the Chief Executive Officer is responsible for:
As with any CEO direct report, the CRO should be accountable to the CEO, executive management
and the board for enabling the institution to balance risk and reward and preserve enterprise value
and reputation. For example, he or she should:
4 ARC515-18 SPECIALIZATION 2
o Implement appropriate/meaningful action-oriented risk reporting to the overall board,
specific board committees and senior management
Senior Managers
Senior Managers are essentially the ‘risk owners’ and are required to manage risks on a day-to-
day basis. Senior managers are the first line defence in combating risk and are responsible for
implementing effective internal controls. Senior Managers are required to create an environment
where the management of risk is accepted as the personal responsibility of all staff, service
providers and contractors. They are accountable for:
o Maintaining sound risk management processes and structures within their area of
responsibility to conform with the organisations Risk Management Policy and supporting
arrangements;
o Identifying, recording and periodically evaluating risks;
o Identifying, recording and assessing effectiveness of existing controls;
o Determining whether to accept or further treat residual risks that are assessed as medium
or higher;
o Implementing, communicating and maintaining effective internal controls;
o Developing and monitoring risk treatment plans to treat higher level risks in a timely
manner;
o Maintaining up to date risk registers through periodic reviews and updates; and
o Ensuring all major incidents or issues are reported and resolved in a timely manner.
Managers are also responsible for supporting good management practices that compliment risk
management including:
o Complying with and monitoring staff compliance with all policies, procedures, guidelines
and designated authorities;
o Maintaining and communicating up-to-date information and documentation for key
operational processes; and
o Incorporating risk treatment plans into business processes as required.
Staff
Every staff member is responsible for effective management of risk including the identification of
potential risks. Risk management processes should be integrated with other planning processes
and management activities.
All staff, service providers and contractors should act at all times in a manner which does not place
at risk the health and safety of themselves or any other person in the workplace. Staff
are responsible and accountable for taking practical steps to minimise exposure to risks in so far
as is reasonably practicable within their area of activity and responsibility.
5 ARC515-18 SPECIALIZATION 2
All staff, volunteers, service providers and contractors must be aware of operational and business
risks that apply to their role. Specific responsibilities include:
COMMUNICATION
Identifying risks should never be purely an academic exercise in reality, risk assessments are next
to useless unless effectively communicated. Why should you communicate risks?
o Promote Accountability
Before risks are identified, it can be difficult for project roles and responsibilities
to be defined. Businesses identify accountability as a key obstacle to project
completion and highlighting the need for better role allocation and procedures for dealing
with risks. If project managers are able to immediately call to the right individual or
resources to deal with an issue, projects can stay on track when or if a risk occurs,
as potential risks are already 'marked in red'. By communicating potential risks to the right
people, such as your teams and stakeholders, you're able to better understand who you
should allocate roles and responsibilities to.
Project stakeholders will have multiple reasons for investing their finances, time, and
support into your project that is why it is important to return the gesture with transparent
communications about your project timeline. If your stakeholders have unrealistic
expectations that are not met, it's likely they will become disengaged and may cause
damage to your project by being non-responsive or communicating negatively to others. If
you find a balance in both general and risk communications and communicate the potential
risks that could alter project timelines, your stakeholders are likely to have higher trust and
confidence in your project.
6 ARC515-18 SPECIALIZATION 2
o Unify Your Team
By taking steps to communicate risk, you identify potential issues beforehand and equip
your teams with the ability to respond effectively. This reduces confusion and enhances
problem-solving skills in your teams. Risk analysis software can detect potential risks
and communicate them using graphical reports. This provides your teams with easily
understood information, enabling them to respond to risk instantly, without needing to be
informed by other personnel who may be in different locations or time zones.
Risks need to be clearly communicated before, during, and after a project to ensure that stakeholder
expectations and opinion are upheld.
Unfortunately, we all know that risk management isn't as easy as writing a list and sliding it across
the table towards your most important stakeholders. Project managers need to involve stakeholders
in project conversations, keep important individuals engaged, and use the correct tools to enable
effective communication.
Here are our four tips for communicating risks to stakeholders, and why they're important:
Project managers are often held responsible for communicating with stakeholders, but they
shouldn't be the only line of communication. Risk management requires the involvement
of all of your project team members, especially if individuals hold expertise in certain risk
areas, or are leaders of a specific aspect of the project.
These particular specialists will provide relevant and detailed information, and help build
more realistic stakeholder expectations. By meeting expectations, it's easier to relate to
project stakeholders and obtain their vital support for your project.
Studies conducted by The Project Management Institute found that by shaping realistic
stakeholder expectations, projects were found to be more successful, as support was a
distinguishing factor between successful and challenged projects. By allocating
communication responsibilities to expert individuals, stakeholders can obtain more
relevant information that provides them with these vital realistic expectations.
If key stakeholders aren't located near you or your project, it can make it difficult to
communicate effectively. Ideally, you should choose a project team member who is close
7 ARC515-18 SPECIALIZATION 2
to the location of your stakeholders, whether it's by region, country, or timezone, who can
more easily respond to questions and concerns.
3. Utilize technology
Risk analysis technology can equip you and your team members with the ability to
communicate quantitative risk analysis to your stakeholders. When risk assessment is
purely speculative or includes an inaccurate assessment of resources, finances, or time,
stakeholder expectations can become misguided towards unrealistic demands. This can
leave them unhappy with your project's management, potentially damaging their support.
Cost risk tools can perform a cost-only risk analysis from the beginning of your project
until closeout, ensuring that financial expectations are met. Additionally, risk analysis
technology can perform a schedule risk analysis that identifies high-risk areas of your
project, provides high value information such as a prioritized report of the top risks likely
to delay your project, and allows you to accurately determine an end date (a crucial
stakeholder expectation).
Moreover, risk assessment tools enable you to visualize alternative scenarios to your risks
and enable you to calculate the impact of them. By using technology, you can communicate
accurate information to your stakeholders that is more likely to ensure their support.
By regularly reporting on your project, you can check for common issues, report potential
issues with interactive links, and submit them for analysis. You can then set up alerts for
potential risks and retroactively react and inform key individuals or stakeholders who need
to know.
8 ARC515-18 SPECIALIZATION 2
REFERENCES
https://insights.sei.cmu.edu/blog/10-steps-managing-risk-octave-forte/
https://projectmanagementacademy.net/resources/blog/risk-audit-vs-risk-review/
https://www.linkedin.com/pulse/who-responsible-risk-managementscope-responsibilities-khan
https://www.safran.com/blog/how-to-communicate-risk-to-project-stakeholders
9 ARC515-18 SPECIALIZATION 2