With years of experience in both developing and reviewing client risk management programs, QRMC has been able to distil the essence of a successful risk management program to provide the following check list.

These tips can provide a series of prompts during the risk management process, or be used as an internal audit tool to see where your risk management program or processes can be improved.

  1. Identify the context correctly
    Have you defined the applicable business objectives? Are you considering corporate, operational or activity/project level risks?
  1. Pay attention to business objectives
    What is the impact of risks and opportunities on the business objectives – if it doesn’t affect the business objectives, is it a risk?
  1. Get the risk statement right
    Ensure risks are tightly defined without mixing up causes and symptoms – if it’s ambiguous and badly stated it will be hard to effectively manage
  1. Tailor consequence and likelihood tables
    Make sure the consequence and likelihood options are focused on the business objectives – if the consequence and likelihood tables don’t reflect your business, you can’t you accurately measure the impact of the risk
  1. Plan for implementation and checking
    Plan for implementation and monitoring activities, not just risk identification – risk management doesn’t end with the production of a Risk Register!
  1. Honestly assess current treatments or controls
    Truthfully evaluate the effectiveness of current treatments and mitigation strategies – if it’s not really working, admit it and devise something better
  1. Really do something, don’t just document
    Strongly emphasise the actual treatment of risks and document treatment plans properly – identify who will do what and when
  1. Scrutinise new treatments
    Monitor the implementation and effectiveness of new treatments – identify and check performance measures within the planned timeframe
  1. Monitoring and reporting
    Ensure the monitoring process actually reviews the implementation and effectiveness of the program – just generating regular reports is not enough
  1. Communication and consultation
    Communication and consultation must underlie the whole process – the program can’t provide full value to the organisation unless personnel from ‘coalface’ workers all the way up to the Board understand and are committed to the risk management process

Please contact QRMC for more information.