View
70
Download
5
Category
Tags:
Preview:
DESCRIPTION
What is Risk, What is Uncertainty, nature of risk, Risk Spectrum, Risk Categories, Risk Cycle, Risk Assessment Matrix, Risk Ranking, Risk and opportunity, Risk Adverseness, Principles of UK Risk, 4 Ts of Risk, Gross and Residual risks
Citation preview
Principles of Risk
Risk means being exposed to the possibility of a bad outcome
Risk Management means taking deliberate action to shift the odds in your favour – increasing the odds of good outcomes and reducing the odds of bad outcomes
Borge D (2001) The Book of Risk
What is Risk?
What is ‘Risk’?• The exposure to
mischanceWhat is the difference
between a Risk and an Issue?
• A Risk is an Issue that hasn’t happened yet OR
• An Issue is a Risk that has happened
What is an Assumption?• An unknown, therefore, a
Risk
Source: HBOS internal training c. 2005
What is Uncertainty?
If you don’t know for sure what will happen, but you know the odds, that’s risk
If you don’t even know the odds, that’s uncertainty
Knight (1921) quoted in Adams (1995)
Nature of risk
• Speculative (dynamic) – a risk that (potentially) has profit and loss associated with it
• Hazard (static) – a risk that only has loss associated with it
Alberts & Dorofee (2006)
Key Definitions
• Hazard – a situation that could lead to harm• Risk – a combination of the probability and consequences of the
occurrence• Risk assessment – risk estimation (outcome or consequences)
and evaluation (significance for those affected)• Risk management – implementing decisions about accepting or
altering risk
DOE (1995) A guide to risk assessment and risk management for environmental protection
Defining Risk/Uncertainty
Risk - where we know the odds (probability or likelihood); Uncertainty - where we don’t know the odds but may know the main parameters; Ignorance - where we ‘don’t know what we don’t know’; and Indeterminacy - where causal chains or networks are open (spans uncertainty and ignorance).
From various papers – Brian Wynne c. 1990’s
O’Riordan, T, and Cox, P. 2001. Science, Risk, Uncertainty and Precaution. Senior Executive’s Seminar – HRH The Prince of Wales’s Business and the Environment Programme. University of Cambridge.
Risk Spectrum – ‘Incertitude’
‘Uncertainty’ applies where there is no firm basis for probabilities, but some reasonably clear idea as to outcomes. ‘Ambiguity’ applies where the outcomes are not clear. ‘Ignorance’ exists where there is no history of cause and effect that can be used to predict outcomes.
‘Thus science (by its own rules) cannot predict either likelihood or outcome. Examples of ignorance defined in this way occur when there is innovative technology, or a new product or substance.’ [from ERMA (2002) Approach to Risk: Positional Paper p.8]
Risk Spectrum – ‘Incertitude’
RISK - uncertainty of outcome, whether positive opportunity or negative threat, of action and events. It is the combination of likelihood and impact.
INHERENT RISK (or Gross Risk) - the exposure arising from a specific risk before any action has been taken to manage it
RESIDUAL RISK (or Net Risk) - the exposure arising from a specific risk after action has been taken to manage it and making the assumption that the action is effective
Risk: Some Further Definitions
Housing Corporation (2004) Risk Management Strategy
External – arising from the external environment, not wholly within the organisation’s control, but where action can be taken to mitigate the risk.
Operational – relating to the successful execution of existing operations – both current delivery and building and maintaining capacity and capability.
Change - risk created by decisions to pursue new endeavours beyond current capability
Example Risk Categories
HC (2004) Risk management strategy
The Risk Cycle
(HM Treasury, Management of Risk – A Strategic Overview)
Emergency Preparedness: 6 Stage Cycle
ContextualisationHazard review and allocation for assessment
Risk analysisRisk evaluation
Risk treatmentMonitoring
& review
Simple risk assessment matrix
Probability
Low
High
Hig
h
Contingency These risks have high impact but the probability of them happening are low. They are catastrophic events
Primary These risks have both high impact and high likelihood of happening: these require prime attention
Impa
ct
Lo
w
Negligible Housekeeping These risks have a high likelihood of happening, but do not have a high impact; they require routine but directed management
Simple Ranking Risk Matrix
Probability
Impa
ct
5 5 10 15 20 25
4 4 8 12 16 20
3 3 6 9 12 15
2 1 4 6 8 10
1 1 2 3 4 5
1 2 3 4 5
Risk & Opportunity
Generalised Impact or Consequences Descriptors
High Financial impact on the organisation is likely to exceed £x
Significant impact on the organisation’s strategy or operational activities
Significant stakeholder concern
Medium Financial impact on the organisation is likely to be between £x and £y
Moderate impact on the organisation’s strategy or operational activities
Moderate stakeholder concern
Low Financial impact on the organisation is likely to be less than £y
Low impact on the organisation’s strategy or operational activities
Low stakeholder concern
from Risk Management Standard
Generalised Threat Occurrence Descriptors
Estimation Description Indicators
High
(Probable)
Likely to occur each year or more than 25% chance of occurrence
Potential of it occurring several times within the time period (eg 10 years). Has occurred recently
Medium
(Possible)
Likely to occur in a 10 year time period of less than 25% chance of occurrence
Could occur more than once within the time period (eg - 10 years). Could be difficult to control due to some external influences. Is there a history of occurrence?
Low
(Remote)
Not likely to occur in a 10 year period of less than 2% chance of occurrence
Has not occurred.
Unlikely to occur.
Generalised Opportunity Probability Descriptors
Estimation Description Indicators
High
(Probable)
Favourable outcome which can be relied on with reasonable certainty, to be achieved in the short term based on current management practices
Clear opportunity which can be relied on with reasonable certainty, to be achieved in the short term based on current management practices
Medium
(Possible)
Reasonable prospects of favourable results in one year of 25% to 75% chance of occurrence.
Opportunities which may be achievable but which require careful management. Opportunities which may arise over and above the plan.
Low
(Remote)
Some chance of favourable outcome in the medium term or less than 25% chance of occurrence
Possible opportunity which has yet to be fully investigated by management. Opportunity for which the likelihood of success is low on the basis of management resouces being currently applied.
Example Impact Scalar – Warwick University [Health & Safety]
Consequence PersonalDamage
DamageCost
ProcessInterruption
Environ-mental
Major Extensiveinjury ordeath
>£250K > 6 weeks Nationalimpact
Severe Hospitalisation £100K – 250K
1 week – 6 weeks
Regionalimpact
Minor Medicaltreatment
£25K –100K
1 day- 1 week Off siteimpact
Low First aidtreatment
£ 2K – 25K 1 hour – 1 day On siteimpact
V. Low No treatment <£2K <1 hour Potentialimpact
Example Impact Scalar – South Central NHS [UK] (Part A)
Level/ Score
Descriptor Description
1 Negligible •Negligible, if any, disruption to any function of the SHA business
•Very low financial impact (>£10k)
•No threat to stakeholders
•Clinical impact – no impact on patients
•Public confidence & SHA reputation not affected
2 Minor •Minor disruption but function of SHA still maintained
•Low financial impact (>£100k)
•Some minor threat to stakeholders
•Clinical impact – minor reduction in quality of care and temporary affect on health status of patient
•Minor public confidence & SHA reputation issue
Level/ Score
Descriptor Description
3 Major •Major disruption to organisation and major threat to stakeholders
•Severe financial loss (>£1m) and loss of confidence in the organisation
•Reputation damaged
•Clinical impact – serious reduction in quality of care with permanent affect on health status of one or more patients
•Some breach of legislative and/or statutory regulation
•Exposure to risk of litigation
4 Disaster •Organisational collapse, fatality, financial disaster, public confidence in the organisation lost
•Financial impact >£10m
•Reputation loss
•Clinical impact – serious reduction in quality of care leading to avoidable deaths of one or more patients
•Loss of assets
•Litigation faced
(Part B)
Documenting RiskAssessment
HM Treasury (2004) The Orange Book: Management of risk - principles and concepts
5 5 10 15 20 25
4 4 8 12 16 20
3 3 6 9 12 15
2 1 4 6 8 10
1 1 2 3 4 5
1 2 3 4 5
Impa
ct
Risk appetite Accept
Action?
Issue
Action now
Treat or transfer risk
Probability
Risk Management and Risk Appetite
Risk Adverseness
ERMA (2002) Approach to Risk: Positional Paper
Principles of UK Risk: Statute & Policy
ALARA as low as reasonably achievable
ALARP as low as reasonably practicable
BATNEEC best available technique not entailing excessive cost
BPEO best practicable environmental option
BPM best practicable means
Tolerability region – where action is
based on risk ‘as low as is reasonably
practicable’ (ALARP)
Broadly acceptable region (no need for
detailed work to show ALARP)
Unacceptable regionRisk justified only in exceptional circumstances
Tolerable only if risk reduction is impracticable or excessively costly
Tolerable if cost of reduction would exceed the improvement gained
Necessary to maintain assurance that risk remains at this levelHester & Harrison (Eds) (1998)
Major transport accidents
Major industrial accidents
Attacks on critical infrastructure
Coastal flooding
Inland flooding
Pandemic influenza
Non-conventional attacks
Attacks on crowded places
Attacks on transport
Electronic attacks
Severe weather
Animal diseases
Recent high-consequence UK
risks
Likelihood
Imp
act
A Richter scale for risk?
Scientists are good at putting a number on anything, but so far they have failed to find a simple measure for the risks of normal life. Is living in Cornwall, where radon levels are high, more dangerous than eating British beef? How do both of these compare with the risks of smoking cigarettes or driving a car?
We need a number to express these risks. Coming up with a Richter scale for risk isn’t easy. It must provide a comparison between the risks of purely voluntary activities (smoking, rock climbing) and those that are voluntary but unavoidable (travel, eating different foods, coalmining) while also incorporating risks imposed by society (living near a nuclear power station), or passive smoking and acts of God such as floods or lightning strikes.
The Times 9 December 1996, page 14
Examples for working on
A simple issue: my purchasing risks
Cost £29.99 – 3 yr warranty = £9.99
Cost £84.95 – 3 yr warranty = £39.99
I’m buying a new microwave and wondering about whether to take an extended warranty. How do I view the options available ……?
1. Identify risk
2. Apply 4 T’s: tolerate; treat; transfer; terminate
3. Incorporate risk monitoring into assurance reporting.
Managing Risk: the 4 T’s
My travel risks
I’m travelling to a training event some 200 km away:
what are my risks? how do I manage these risks?
Gross risk
Net risk
Gross risk = inherent risk
Net risk = residual risk
Probability
Impa
ctGross vs Residual Risk
Recommended