Risk Treatment Plan


Published on

This presentation provides a high level view of an approach to developing the Risk Treatment Plan.

Published in: Business, Technology
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Risk Treatment Plan

  1. 1. Enterprise Risk Management Guidelines for developing Risk Treatment Plans © Business & Systems Consultants Pty Ltd
  2. 2. About this presentation…. Risk management is an executive responsibility that should have a “line of sight” to the highest level in the organisation (e.g. the Board, Department Head or the Government Minister). Ideally, it should have a 360 ° view of the enterprises risk including technical and business risks. A method for developing and implementing Risk Treatment Plans is articulated in this presentation. We at Business & Systems Consultants have many years of executive level experience in enterprise risk management can assist your organisation to adapt this process and transfer the knowledge in an enduring way. Contact us at: [email_address] Jay Menon: +61 417 585 061
  3. 3. Background <ul><li>Prior to embarking on the risk-treatment planning stage, the following tasks would have been completed: </li></ul><ul><ul><li>Identification of the risks. </li></ul></ul><ul><ul><li>Assessment of their impact and likelihood. </li></ul></ul><ul><ul><li>Prioritisation of the risks based upon the assessment to enable the development of the risk-treatment plans. </li></ul></ul><ul><ul><li>Identification of the Causes of the risks and the Control mechanisms (Controls) to deal with the risks. </li></ul></ul><ul><ul><li>All of the above documented in suitable formats so that they can be used as ‘inputs’ to the risk-treatment stage. The documents are: </li></ul></ul><ul><ul><ul><li>The Risk-register comprising all primary risks and their assessment. </li></ul></ul></ul><ul><ul><ul><li>Risk-profile document (one each for each primary risk). </li></ul></ul></ul><ul><ul><ul><li>Risk cause and Control matrix that shows the major causes of risks and the control mechanisms that exist at strategic, process and tactical levels. </li></ul></ul></ul>
  4. 4. The risk-treatment plan development process. <ul><li>Review and confirm the risk-register (risk-sponsor and risk-owner): </li></ul><ul><ul><li>Quickly review, adjust and confirm priorities. </li></ul></ul><ul><ul><li>Assign a risk-owner for each primary risk. Avoid split-responsibilities. </li></ul></ul><ul><li>Determine treatment option (risk-owner): </li></ul><ul><ul><li>For each primary-risk, determine the treatment option: mitigate, transfer, finance, or accept . </li></ul></ul><ul><li>Determine treatment-actions (risk-owner): </li></ul><ul><ul><li>For each risk elected for mitigation evaluate their causes against the controls and evaluate their adequacy and determine any mitigation actions needed. Use Cause-Control Matrix. </li></ul></ul><ul><li>Develop work packages (risk-owner): </li></ul><ul><ul><li>Organise treatment-actions into discrete activity groups with clear deliverables (outcomes) and assign implementation responsibilities. </li></ul></ul><ul><li>Determine Schedule and Resources and Funding approach (risk-owner): </li></ul><ul><ul><li>This can be done at work package level or for the whole treatment-plan. </li></ul></ul><ul><li>Review risk-register and assess residual-risk after treatment (risk-owner and risk-sponsor): </li></ul><ul><ul><li>Express the residual risk in terms of impact and likelihood after treatment. This should be a justification for approving the risk-treatment plan. </li></ul></ul><ul><ul><li>Update Risk-Profile, Risk-Register and Risk-Treatment Plan Register. </li></ul></ul><ul><li>Obtain approval (risk-sponsor): </li></ul><ul><ul><li>Estimate the costs, benefits, including the benefit of any reduced risk due to treatment. </li></ul></ul><ul><ul><li>Approve the treatment plan. </li></ul></ul>
  5. 5. Tools and artefacts <ul><li>Inputs: </li></ul><ul><ul><li>Risk Register. </li></ul></ul><ul><ul><li>Risk Profiles. </li></ul></ul><ul><ul><li>Cause-Control Matrix. </li></ul></ul><ul><li>Outputs: </li></ul><ul><ul><li>Risk Treatment Plan and Residual Risk Statements. </li></ul></ul><ul><ul><li>Updated Risk Register. </li></ul></ul><ul><ul><li>Updated Risk Profile. </li></ul></ul>