Risk Management Process and Qualitative Analysis

Question 1

Define Risk (AS ISO)

Answer 1

the effect of uncertainty on objectives

Question 2

Two parts of risk

Answer 2

probability of something going wrong, consequences

Question 3

Why we manage risks

Answer 3

commercial reasons: statutory, legal, cost, reputation, business
Personal reasons: statutory, legal, financial, career & reputation

Question 4

Different people involved in Risk Management

Answer 4

Employees: planner, designer, project engineer, auditor
Manager: responsible for safety, project
Business owner: responsible for statutory and legal, commercial success, customer satisfaction

Question 5

typical engineering risks (10)

Answer 5

Human, operational, reputational, procedural, project, financial, technical, natural, political, structural

Question 6

Business Risk vs Corporate Risk

Answer 6

terms are general interchangeable
business risk sometimes limited to commercial matters
corporate risk refers to all aspects of establishing and operating business - risks that threaten reputation matter more than commercial risks

Question 7

Types of business/corporate risks (20)

Answer 7

competitive, economic, operational, legal, compliance, strategy, reputational, program, project, innovation, country, quality, credit, exchange, interest, taxation, process, political, seasonal

Question 8

Four quadrants of Business Risk

Answer 8

Operational (construction), financial (market), strategic (competition), hazard (injury)

Question 9

ownership of risks

Answer 9

• allocated to manager best able to understand and manage risk
• when delegated to external entity, they become owner of risk

Question 10

Risk Appetite definition

Answer 10

the amount and type of risk that an organisation is prepared to pursue, retain or take

Question 11

Typical Risk Management Process (5+2)

Answer 11

1) Establish context: corporate information to understand risk profile
2) identify risks use workshop methodology to identify hazards, risks, likelihood, consequences
3) risk analysis: use workshops to analyse controls, estimate likelihood and frequency
4) risk evaluation: value consequences of risk occurring, and develop action plan for management of residual risk
5) Risk treatment: use risk registers to track ongoing implementations
ongoing:
- monitoring and review
- communication and consultation

Question 12

Hazard definition

Answer 12

an event or situation that may give risk to risk

Question 13

Risk Analysis Process (5 steps)

Answer 13

1) Understand context pf project risks
2) identify hazards and risks
3_) estimate likelihood of risk
4) value consequences of risk occurring
5) determine ranking of risk
6) control measuers
7) review control measures - update and monitor

Question 14

Determine risk Ranking (main method)

Answer 14

Risk score calculation - using risk rating matrix

Question 15

Risk treatment: Hierarchy of control measures

Answer 15

1) avoid/eliminate risk
2) control/mitigate risk
3) transfer risk
4) accept risk manage closely

Question 16

ALARP

Answer 16

as low as reasonably practicable
- effectiveness of risk control

Question 17

Final Assessment of residual risks: control effectiveness (x) vs untreated risk rating (y) (four sections)

Answer 17

Top left: active management
Top right: control critical
Bottom left: periodic monitoring
Bottom right: no major concern

Question 18

Risk Register

Answer 18

a common tool in corporate risk management
used to filter risks, track progress, document action plans
classify risks, consequences, control measures
useful for risk owners, managers, directors
supported by report with workshops notes, analysis files, photos

Question 19

Benefit of Risk Analysis Workshop

Answer 19

no one in project team knows all possible implementation, opreational, third party nazards, risks, likelihoods, consequences

Question 20

Phases of Workshop

Answer 20

10-15 people
1) pre risk workshop: develop relationships, understand key objectives, brief on risk policy and register
2) during workshop: risk identify & analysis, assign owner
3) post workshops: follow up sessions, further develop risk register and share results

Question 21

Trade-off

Answer 21

a situation in which you accept something you do not want to have something you do want
complex and high intensity risk mitigation measures to achieve low likelihood risk vs benefit of accepting residual risk

Question 22

Risk owner will make trade-off on behalf of

Answer 22

Project owner (private)
Delegated project owner (public)
will consult stakeholders: regulator (environmental), finance insurer (commercial)

Question 23

Tolerable risks

Answer 23

• risks society is willing to live with
• risks society does not regard as neglible or something it might ignore
• risks society is confident is being managed by owners
  risks that owner keeps under review and reduces if possible

Question 24

Link between qualitative risk analysis and quantitative risk anlaysis

Answer 24

qualitative risk analysis - quantitative input
subjective assessment - numerical input

Question 25

Qualitative analysis pros and cons

Answer 25

pros:
- quick and easy
- rich information
- well understand

cons:
- limited differences
- imprecise
- cannot numerically integrate and address risks

Question 26

Quantitative analysis pros and cons

Answer 26

pros
- provides clear differences
- precise
- can numercially integrate

cons:
- time-consuming
- assumptions
- may overlook qualitative impacts

Question 27

Principles of Risk Management (8)

Answer 27

• Integrated: integral part of organisational activites
• Structured and comprehensive: contributes to comparable results
• Customised: proportionate to external and internal context related to objectives
• Inclusive: invovlement of stakeholders
• Dynamic: risks can appear, change and disappear
• Best available information: past and current information
• Human and cultural factors:
• Continual improvement: through learning and experience

Question 28

Framework of risk management (6)

Answer 28

• Leadership and comitment: customise framework and consider risks faced
• Integration: understanding context, guides external and internal relationships,
• Design: assign rules, responsibilities, resources
• Implementation: develop plan considering time and resources
• Evaluation: determine whether framework remains suitable for supporting objectives
  Improvement: adapt, monitor , improve

Question 29

Process of Risk Management (AS ISO) (6)

Answer 29

• Communication and consultation: help stakeholders understand risk, during all steps, bring knowledge together
• Scope, context, criteria: customise, define scope, external and internal context
• Risk Assessment: Risk identification, analysis, evaluation
• Risk treatment: select and implement action plans and control measures
• Monitoring and review: improve quality - throughout
• Recording and reporting: communicate across organisation

Question 30

Residual risk

Answer 30

risk that remains after implementing controls

Question 31

Describe internal context:

Answer 31

obtain corporate information to understand risk profile
covers factors within entity that are relevant to risk assessment:
- organisation structure, risk policy, governance and leadership, financial situation, human behaviour, information and data from previous risk assessments

Question 32

Describe external context of risk analysis

Answer 32

factors and conditions outside of organisation that impact risk - broader environment
- industry and market conditions
- legan and statutory
- political and social factors
- natural/environmental factors

Question 33

Scope and risk criteria

Answer 33

scope: consider objectives, time, location, resources
risk criteria: consider nature, time, consequence, level of risk, capacity, cost

Question 34

Discuss monitoring and review process

Answer 34

• ongoing, throughout framework
• adapting and improving risk management
• how controls and used to mitigate risk
• consequences of risks are assessed, and control measures put in place - review, update risk treatments to ensure they are appropriate and effective

Question 35

Machine (supervised) learning

Answer 35

• used to create AI based on labelled training
• can be used to predict outcomes

Question 36

Two approaches to supervised learning

Answer 36

ANN - activation function
FNN - fuzzy neural networks

Question 37

Support Vector Machine (SVM)

Answer 37

analyse data for classification and regression analysis

Question 38

Recurrent Neutral Network (RNN)

Answer 38

-sequential characteristic of data
- linked to time

Question 39

advantages of Long short-term memory (LSTM) networks

Answer 39

• more efficient for longer term
• sequence to sequence tasks
• filter out irrelevant information and noise