Chap 9: Organisational risk management

Question 1

Risk defined

Answer 1

Risk is defined as the ‘effect of uncertainty on objectives.

Question 2

Risk expanded

Answer 2

• To understand risk, we need to understand what our objectives are - what do we want?

For example, our objective could be to carry out an operation effectively, to deliver an initiative, or for everyone to be safe and feel safe.

• There will always be uncertainty about whether we will achieve our objectives.
  When managing risk, we need to think about, what could prevent or delay us from achieving these?

What could happen that could increase our chances? Uncertainty also creates opportunity and we should always consider risks alongside opportunities.

Question 3

Incorporate risk management

Answer 3

• We need to regularly and consistently review our risks and the actions to mitigate them. Risk should be a consistent agenda item with discussion taking place at all District, Service Centre, PNHQ work group or project leadership team meetings, review meetings or governance meetings.

Question 4

Health and Safety
cost

Answer 4

As a final step, what are the cost of the control measure and are the cost grossly disproportionate to the risk?

• Cost can only be used as a reason to not do something when it is grossly disproportionate to the risk

Question 5

Risk Management Policy: Categories of risk
Types of risk and how we manage them

Answer 5

• Strategic risks may affect the achievement of strategic objects spelt out in Our Business. The Executive Leadership Team oversees strategic risks.
• Portfolio risk oversee risks related to the delivery of portfolios, programmes, and projects – once these are delivered or become BAU, any associated risks will pass to the other parts of the business to manage.
• Corporate risks may affect the achievement of cross-organisational objectives (such as those related to legislative and regulatory compliance, information management, asset management, people, and capability [recruitment, capacity, capability, pipeline, and staffing mix] and the external environment). Police governance groups oversee these risks.
• Operational risks Operational risks may affect the achievement of day-to-day operations. These may relate to planned objectives and deliverables at an operational level. The national Operations Steering Group oversees operational risks and the application of TENR.

Question 6

The Risk Management Policy

Steps

Answer 6

Communicate and Consult

Step 1: Establish context
* Internal Context
* External Context

Step 2: Identify Risk
* Select an approach
* Consider the potential risks
* Record the risk

Step 3: Analyse Risk
* The Level of risk; Here we use Police’s risk matrix and supporting criteria.
* Controls in place; Here we need to identify any existing controls in place and determine how effective these are. Controls include policies, SOPs, training, supervision, IT systems and more.

Step 4: Evaluate
* Act
* Monitor
* Accept or
* Acknowledge the effective management in Achieved.

Step 5: Take Action
* Each District, Group, sub-group/team, portfolio, programme, or project/product is responsible for managing its own risks or escalating those it cannot manage on its own.
* If you need to act you will treat and take action to respond to a risk. Act should reduce the likelihood or consequences pre- (prevents) or post- (responds to) the uncertain event.

Monitor and review
Whatever we have decided after a risk evaluation – Act, Monitor, Accept, or Achieved – the risk owner must monitor and review this decision as often as is appropriate for the level of risk and assurance we have.