Date post: | 08-May-2015 |
Category: |
Business |
Upload: | derek-hendrikz |
View: | 265 times |
Download: | 2 times |
Copyright © 2014
Derek Hendrikz Consulting
www.derekhendrikz.com
BEFORE DEVELOPING THE RISK REGISTER, ONE HAS TO ANALYSE THE RISK:
• EVENT: WHAT COULD HAPPEN?
• PROBABILITY: HOW LIKELY IS IT TO HAPPEN?
• IMPACT: HOW BAD WILL IT BE IF IT
HAPPENS?
• MITIGATION: HOW CAN WE REDUCE THE
PROBABILITY?
• CONTINGENCY: HOW CAN WE REDUCE THE
IMPACT?
www.derekhendrikz.com
CODING PROBABILITY:HIGH (H): EXHIBITS THE HIGH RISK CUE(S), HAS HAPPENED
FREQUENTLY, HAS VERY SIGNIFICANT CHANCE OF
HAPPENING IN THE FUTURE.
MEDIUM (M): HAS HAPPENED OCCASIONALLY OR HAS REASONABLE
BUT NOT COMPLETELY EXPECTED CHANCE OF
HAPPENING IN FUTURE.
LOW (L): HAS HAPPENED VERY INFREQUENTLY OR IS EXPECTED
NOT TO HAPPEN EXCEPT INFREQUENTLY.
NOT APPLICABLE (NA): THIS RISK IS IRRELEVANT TO THE PROJECT OR
OPERATION.
NEED INFORMATION (NI): IMPOSSIBLE TO DETERMINE PROBABILITY WITH
CURRENT AVAILABLE INFORMATION.
TO BE DETERMINED (TBD): ADDITIONAL STUDY IS REQUIRED.www.derekhendrikz.com
CODING IMPACT:
HIGH (H): MAJOR IMPACT ON THE SYSTEM AND LIKELY TO CAUSE SIGNIFICANT DISRUPTION IN SERVICE, A VERY VISIBLE EVENT.
MEDIUM (M): SOME IMPACT ON THE SYSTEM AND WILL BE VISIBLE TO A NUMBER OF USERS. A POSSIBLE DISRUPTION IN SERVICE FOR SOME NON-CRITICAL USERS IS EXPECTED.
LOW (L): NON-SERVICE DISRUPTION OR NEGATIVE EFFECTS ARE EXPECTED. ANY NEGATIVE IMPACT CAN BE CORRECTED WITHOUT SIGNIFICANT EFFORT VISIBLY.
NOT APPLICABLE (NA): THIS RISK IS IRRELEVANT TO THE PROJECT OR OPERATION.
NEED INFORMATION (NI): IMPOSSIBLE TO DETERMINE PROBABILITY WITH CURRENT AVAILABLE INFORMATION.
TO BE DETERMINED (TBD): ADDITIONAL STUDY IS REQUIRED.
www.derekhendrikz.com
DEVELOPING THE RISK MANAGEMENT PLANwww.derekhendrikz.com
1. UNDERSTAND THE RISK
www.derekhendrikz.com
2. DEFINE THE RISK
www.derekhendrikz.com
4. UNDERSTAND CONSEQUENCES
www.derekhendrikz.com
5. ELIMINATE ISSUES
www.derekhendrikz.com
6. ASSIGN PROBABILITY
www.derekhendrikz.com
8. COMPUTE TOTAL RISK
www.derekhendrikz.com
9. DEVELOP MITIGATION
www.derekhendrikz.com
10. DEVELOP CONTINGENCY
www.derekhendrikz.com
TIPS IN DEVELOPING THE RISK MANAGEMENT PLAN:
PLAN FOR CHANGE.
ALWAYS INVESTIGATE.
USE SPREADSHEET TO KEEP TRACK
OF THE RISK PLAN ON A ONGOING
BASIS.
DEVELOP RISK TRIGGERS (EARLY
WARNING SIGNALS).www.derekhendrikz.com
WARNINGS WHEN DEVELOPING THE RISK MANAGEMENT PLAN…
RISK MANAGEMENT MUST NOT
OVERSHADOW THE WORK THAT MUST BE
DONE (NO RISK = NO RETURN).
DO NOT IGNORE LOW RISK ITEMS
COMPLETELY, BUT ALSO DO NOT SPEND TO
MUCH TIME ON THEM.
DO NOT ASSUME THAT YOU HAVE ALL THE
RISKS IDENTIFIED.
DO NOT LET POLITICS INTERFERE WITH YOUR
ASSESSMENT.
CONSIDER WHAT MIGHT HAPPEN IF MORE
THAN ONE THING GOES WRONG AT THE SAME
TIME.
www.derekhendrikz.com
FAILURE MODE AND EFFECTS ANALYSIS (FMEA):
IMPACT X PROBABILITY X DETECTION
= RISK VALUE
www.derekhendrikz.com
3 basic formulas for risk analysis…
• RISK = PROBABILITY X IMPACT
(SCALE OF THE THREAT)
• REDUCTION = MITIGATION X CONTINGENCY
(ABILITY TO MANAGE THE THREAT)
• EXPOSURE = RISK – REDUCTION
(THE AMOUNT OF RISK THAT YOU SIMPLY CANNOT AVOID)
www.derekhendrikz.com