Risk management Flashcards
(12 cards)
What is the definition of risk?
Any potential future, uncertain event
That may affect the achievement of our objectives
What are the four types of risk?
What does each one mean?
Strategic risk
Risks that are strategically important to achieving police’s intent
Organizationalrisk
Risks that relate to people, legal compliance, capability and finance, information management, etc.
Operational risk
Risks that affect day-to-day operations. Sometimes managed by TENR
Portfolio risk
Risk specific to a particular program from being achieved
Outline the six step risk management process.
Established the context
Identify the risk
Analyze risk
Evaluate
Take action
Monitor and review
When describing a risk we need to be clear on what it actually is.
What can be identified as the risk?
What are the things that can be confused with a risk?
The future uncertain event is the risk
The cause of that event is not the risk
The consequences of that risk occurring also, is not the risk
What is the distinction between a threat and a hazard?
A threat is a human element
Expressed as intent X capability
A hazard is a non-human element
Such as and obstacle or substance
Threats and hazards contribute to what?
The risk.
In a police operation, there might be a risk of: “a motivated, violent offender attacking police“
In identifying the risk we consider the threat of the people involved in the operation as well as any hazards that might be present
A tropical cyclone approaching New Zealand is a what?
And why?
How would we describe the risk?
It is a hazard because it is nonhuman.
The risk would be described as
The risk of a cyclone hitting New Zealand and causing harm and damage.
There are many key pieces of information that will determine what that risk looks like, and how resources would be deployed such as severity, location, etc.
In step 3 – analyze risk
What do we aim to develop an understanding of?
The level of risk
And any existing controls - and how effective these are at changing the likelihood or consequence of the risk
Step 4 is EVALUATE
Once we have considered how comfortable we are after analyzing the risk and control measures
We may decide to do what:
Act
Monitor
Accept
Achieved
Step 5 is TAKE ACTION
When would a governance group need to take action?
If they find that the existing controls are not managing risk to an acceptable level
When we monitor and review
This is the same process as evaluation.
What are the four outcomes?
Act
Take active steps to manage the risk
Monitor
When we monitor, we must do it as often as is appropriate to manage the risk
Accept
If we accept the risk because we can’t do anything about it we need to review this to make sure the risk doesn’t become more serious
Achieved
if a risk mitigation has been achieved, then it might be worth having a look at it again in the future
What are some of the ways that we can incorporate risk management into what we do every day?
Incorporate into SPT
So that the team can manage it
New initiatives
Could help manage the risk
Change the way we do things
Monitor our operating environment
Just to see if anything has changed
Record near misses/lessons learnt
Helps people learn and improve
