[Recommended] - DM 624 University of Alabama Risk Register for A Construction Project Discussion

07 establishing the context scope of the context ISO 31000 states that the first stage in the risk management process is to establish the context. The former Australian Standard AS 4360 referred to context as having three components, in addition to the risk management process. These components are the risk management context, internal context and external context. The relationship between the three contexts is illustrated in Figure 7.1. The three components of context may be considered as follows: ● Risk management context has already been described as the risk architecture, strategy and protocols or the risk management framework within the organization. This framework must fulfil two functions: 1) provide support for the risk management process within the organization; and 2) ensure that the outputs from the risk management process are communicated to internal and external stakeholders. ● Internal context refers to the organization itself, the activities it undertakes, the range of skills and capabilities available within the organization, and how it is structured. Internal stakeholders and their expectations are part of the internal context. This may be considered to be the strengths and weaknesses within the organization. ● External context is the environment within which the organization exists. This environment will include consideration of the business sector within which the organization operates, external stakeholders and their expectations and the external financial environment. This may be considered to be the opportunities and threats facing the organization. The nature and extent of the risk management process is a major consideration when establishing the context for risk management. The key question is what the risk management process is expected to achieve or the answer to the question of why the organization has risk management activities in place. The risk management context also includes consideration of who will be responsible and identifies the resources that will be required in order to fulfil risk management activities. Establishing the context FIg URE 7. 1 Three components of context Architecture Strategy RM process Protocols Another important consideration within the risk management context is the establishment of risk appetite or risk criteria. This will help the organization decide what controls should be put in place and whether the residual or current level of risk is acceptable. The risk management context should also provide a means of establishing the overall total risk exposure so that this can be compared with the risk appetite of the organization and the capacity of the organization to withstand risk. The internal context is about the culture of the organization, the resources that are available, receiving outputs from the risk management process and ensuring that these influence behaviours, and supporting and providing governance of risk and risk management. The internal context concerns objectives, the capacity and capabilities of the organization, as well as the business core processes that are in place. An important consideration regarding the internal context is how the organization makes decisions. 83 Establishing the context The external context is about stakeholder expectations, industry regulations and regulators, the behaviour of competitors and the general economic environment within which the organization operates. The external context also considers the drivers and trends that can affect the success of the organization and its ability to achieve objectives. external context Risk management standard ISO 31000 identifies ‘establish the context’ as the first stage in the risk management process. Establishing the context is a fundamentally important aspect of successful risk management, and it is also identified by other international standards as an essential early stage in implementing a management system standard. For example, quality standard ISO 9001:2015 also identifies context as being part of the strategic planning that an organization must undertake. There are three components to establishing the context for risk management activity, and these are related to the external context, internal context and the risk management context. Establishing the external context must take account of the expectations of external stakeholders. The critical importance of stakeholder expectations is considered in more detail in Chapter 29. For many organizations, the most important group of external stakeholders will be customers. The external context for an organization will be significantly influenced by the nature of the customers and the products or services that they are being offered. Consideration of customers and the customer offering form an important part of the business model for the organization and the relevance of the business model to risk management is considered in more detail in Chapter 20. Having identified the expectations of external stakeholders, including consideration of customers and the services and products offered to customers, an organization can then view in more detail the factors that influence the external context for the organization. The FIRM risk scorecard provides a structure for carrying out a detailed evaluation of the context of the organization. The reputational and marketplace components of the FIRM risk scorecard are primarily related to the external context and the finances and infrastructure components are primarily related to the internal context. Table 14.2 provides a detailed checklist of questions relating to the development of a riskiness index based on the structure of the FIRM risk scorecard. In summary, the reputational component of the external context for an organization defines the external perception of the organization and the desire of customers to trade with the organization and the level of customer retention. In particular, when evaluating the reputational component of the external context, the following issues should be addressed: ● public perception of the industry sector in which the organization operates; ● corporate social responsibility standards achieved by the organization; ● governance standards and whether the sector is highly regulated; ● quality of products or services and/or after-sales service standards. 84 Establishing the context The other component of the FIRM risk scorecard relevant to the external environment is the marketplace and the level of presence of the organization within the marketplace. This will impact the level of customer trade or expenditure. In particular, when evaluating the marketplace component of the external environment, the following issues should be addressed: ● level of revenue generation in the marketplace and return on investment; ● presence of aggressive competitors and/or high customer expectations; ● level of economic stability, including exposure to interest rates and foreign exchange rates; ● complexity of the supply chain and volatility of raw material costs; ● exposure to international disruption because of political risks, war and terrorism. The FIRM risk scorecard offers one mechanism for evaluating the external context of the organization, but other structures may be employed, such as a strengths, weaknesses, opportunities and threats (SWOT) analysis or the use of one of the risk classification systems discussed in Chapter 11. The overall purpose of evaluating the external context is to determine the level of riskiness associated with the external environment within which the organization operates. This will enable the organization to validate the existing business model and develop strategy for the future, together with the tactics for implementing that strategy. external stakeholders Good stewardship by the board should not inhibit sensible risk taking that is critical to should support better decision taking, ensure that the board and management respond well informed about the principal risks and prospects of the company. The board’s and addressed within the organization and with external stakeholders. Internal context Establishing the internal context of an organization must take account of the expectations of internal stakeholders. There will be a range of internal stakeholders, but the most important group will be the people on whom the organization directly 85 Establishing the context depends. This will include members of staff and people providing services on an outsourced, contracted and/or supplier basis. Having identified the expectations of internal stakeholders, including identification of the importance of these stakeholders to the operations and compliance activities of the organization, it will then be possible to view in more detail the factors that influence the internal context. The FIRM risk scorecard provides a structure for carrying out a detailed evaluation of the context of the organization. The financial and infrastructure components of the FIRM risk scorecard are primarily related to the internal context and the reputational and marketplace components are primarily related to the external context. Table 14.2 provides a detailed checklist of questions related to the development of a riskiness index based on the structure of the FIRM risk scorecard. In summary, the financial component of the internal context of an organization defines the financial procedures and the means by which money is managed and profitability is achieved. In particular, when evaluating the financial component of the internal context, the following issues should be addressed: ● availability of adequate funds to fulfil strategic plans; ● existence of robust procedures for correct allocation of funds for investment; ● nature of internal financial control environment to prevent fraud; ● availability of funds to meet historical and anticipated future liabilities. The other component of the FIRM risk scorecard relevant to the internal context is infrastructure, as this influences the nature of the processes undertaken within the organization. Infrastructure risks define the level of inefficiency and dysfunction that may arise during internal processes. In particular, when evaluating the infrastructure component of the internal context, the following issues should be addressed: ● senior management structure and the nature of the risk culture; ● availability of adequate people resources and people skills, including intellectual property; availability of adequate physical assets to support operational activities; ● ● information technology infrastructure sufficient to achieve resilience and protect data; ● business continuity plans in place to ensure continuity of activities following major disruption; ● arrangements for service delivery and/or transportation and reliable communication infrastructure. The FIRM risk scorecard offers one mechanism for evaluating the internal context of an organization, but other approaches may be employed, including a SWOT analysis. Many organizations use the political, economic, social, technological, legal and environmental/ethical (PESTLE) risk classification system. The PESTLE risk classification system is considered in more detail in Chapter 11. Some components of the PESTLE risk classification system are related to the external context, some are related to the internal context and other components are relevant to both external and internal contexts. 86 Establishing the context There are many checklists available that will enable an organization to identify the nature of the external and internal context within which it operates. Which classification system or checklist of questions is used is less important than the need to identify the full range of risk issues f by the organization. This will enable the organization to validate the existing business model, the resources required to deliver the business model, as well as the level of resilience within the existing business model. Risk management context Chapter 21 considers the risk management context in detail, in terms of the risk architecture, strategy and protocols (RASP) developed by the organization. The RASP of an organization defines the structure of the risk management context and how the components of that context are implemented to achieve the desired benefits from the enterprise risk management initiative. It is important that the risk management context of an organization is capable of delivering the required risk management strategy and develop the necessary risk-aware culture. The components of a satisfactory risk-aware culture are leadership, involvement, learning, accountability and communication (LILAC), as considered in more detail in Chapter 24. An important component of the risk management context is the mandate provided by senior management that provides the scope and level of authority for undertaking risk management activities in the organization. The mandate provided to the risk manager, head of internal audit and others involved in the risk management initiative should be defined in the risk management policy for the organization. The risk attitude and risk appetite of the organization, as defined by the risk criteria for different types of risks, helps to define the risk management context of the organization and to provide the basis for undertaking risk assessments and recording the results in the risk register. The nature and extent of communication of the information contained in the risk register throughout the risk architecture of the organization also helps define the risk management context. Perhaps the most important feature of the risk management context that will determine the success of the enterprise risk management initiative relates to how the initiative is implemented. Appendix C provides an outline of an implementation guide for an enterprise risk management initiative in terms of planning, implementing, measuring and learning (PIML). The risk management context must contribute to the success of the organization and be supportive of the delivery of stakeholder expectations, both external and internal. A requirement of the risk management context is that it should identify emerging risks and support the response to changes in the external and internal context of the organization. The nature of emerging risks can be complex and, by definition, highly unpredictable. In helping the organization identify the nature of emerging risks, the risk management context should provide the mechanism for providing early warning. This has been described as the ‘risk radar’ of the organization and it must include timely 87 Establishing the context review and evaluation of information relating to emerging risks. In order to comprehensively determine the specific impact and consequences for the organization, the mechanism for identifying emerging risks should also include provision for identifying opportunities that may be exploited in the future. In summary, the organization is required to identify each specific external, internal and risk management context issue that could impact the organization, acquire and evaluate timely knowledge and information about them, evaluate the risks and opportunities that these context factors present and take appropriate actions to mitigate the risks and embrace the opportunities. All of this must be documented within the scope of the risk architecture, strategy and protocols (RASP). Designing a risk register The use of risk registers has become established practice for many risk managers. There are disadvantages associated with the use of risk registers, including the danger that the information recorded in the risk register will not be used in a dynamic way. The risk register could become a static record of risk status, rather than the risk action plan for the organization. A risk register is defined in the ISO Guide 73 as the ‘document used for recording risk management process for identified risks’. The guide adds that the purpose of the risk register is to facilitate ownership and management of each risk. Typically, the risk register will cover the significant risks facing the organization or the project. It will record the results of the risk assessment related to the process, operation, location, business unit or project under consideration. When a risk assessment is undertaken of strategic options, it is more usual for the risk assessment to be used as part of decision-making activities. Typically, this information will not be recorded in the format of a risk register, but will be presented to the decision maker as part of the full range of information available for making that strategic decision. The purpose of the risk register is to form an agreed record of the significant risks that have been identified. Also, the risk register will serve as a record of the control activities that are currently undertaken. It will also be a record of the additional actions that are proposed to improve the control of the particular risk. Other information about risks will also be included in the risk register. Although there is no fixed format for this document, Table 7.1 provides an outline of a basic format for a risk register. It may not be necessary to include all of the risk description information set out in the table in the risk register, as this could make it a complex and clumsy document. Risk registers can be compiled in a number of formats, depending on the type of risk assessment that is being recorded. Table 7.2 provides an example of a partially completed risk register for a sports club and Table 7.3 provides an example of a risk register for a hospital. At its most simple, the risk register can be stored as a document held on a computer. However, there are many more sophisticated forms of risk registers, including 88 Establishing the context TAb LE 7. 1 risk index 1 2 89 89 Format for a basic risk register risk description Current level of risk likelihood Magnitude Overall rating Serious traffic accident involving the transport of fuel/explosives. Anticipate fatalities and evacuation of 1 km radius, depending on substances involved. Potential for release of up to 30 tonnes of liquid fuel into local environment. Low High Medium Storm-force winds affecting transport routes for up to six hours. Anticipate that most roads in the vicinity will be closed or restricted. Journey times will be extended and late deliveries probable. Medium Controls in place Police emergency plans Highway Agency plans Local authority emergency plan Company emergency response Liaison with the families of staff Notification to customers Medium Medium Police emergency plans Highway Agency plans Investigate weather forecast Liaison with the families of staff Notification to customers Establishing the context TAb LE 7. 2 risk index Risk register for a sports club risk description existing control measures Current level Further actions planned Owner Financial risks 1.1 Insufficient funds for suitable new players. High 1.2 Pension fund inadequate to meet liabilities. Medium infrastructure risks 2.1 Loss of highly respected young manager. High 2.2 Building of the new stadium is delayed. Low reputational risks 3.1 Complaints that merchandise is too expensive. Low 3.2 Club supporters riot at an away game. Medium Marketplace risks 4.1 New range of merchandise is unattractive. 4.2 Fans favour other activities rather than High club attendance. 90 Establishing the context Low 91 Establishing the context TAb LE 7. 3 risk index 1 2 92 91 Risk register for a hospital risk description Current level of risk likelihood Magnitude Overall rating The roofs on operating theatres 3 and 4 are leaking because of poor condition, resulting in disruption to the surgery lists and non-achievement of waiting times. High High High Progress towards achievement of standards in children’s care will remain unsatisfactory due to failure to implement action plan for improved facilities, resulting in children receiving care below the national standards. Medium risk rating Ingress of water can lead to loss of theatre facility, with cancelled operations, loss of key activity and threat to waiting time targets. With high incidence of rain, it is likely that between one and seven days’ surgery time will be lost. Problems in the last two years suggest that the failure will occur twice per year. Medium Medium The perception of patients of the current environment is good and the level of care provided is good. Robust action needs to be taken to ensure that standards do not become unsatisfactory. Establishing the context records of significant risks held on databases. Where quantification of exposure is required, then a simple risk register held as a document is unlikely to be sufficient. This is true of systems for recording operational risks, where quantification of risk exposure is required. Using a risk register A well-constructed and dynamic risk register is at the heart of a successful risk management initiative. However, there is a danger that the risk register may become a static document that records the status of risk management activities at a moment in time. The practical implications of this are that senior management may consider that attending a risk assessment workshop and producing a risk register fulfils their risk management obligations and no ongoing actions are required. It is better to think of the risk register as a risk action plan that records the status of the organization with respect to risk management, but also provides a record of the critical controls that are in place, together with the details of any additional controls that need to be introduced. In producing such a risk action plan, the responsibility for undertaking the actions identified will be clearly established. Chapter 26 considers the options for the use of a risk management information system (RMIS) to record the information held in the risk register. Also, the information held in the risk register may be available on the intranet of the organization, and this will help with risk understanding and communication. In some organizations, the risk register is given the status of a controlled document to be used by internal audit as one of the key reference documents for undertaking an audit of risk management activities. Even if this is not the case, the information set out in the risk register should be very carefully considered and constructed. For example, the risks set out in the register need to be precisely defined so that the cause, source, event, magnitude and impact of any risk event can be clearly identified. Also, the existing control activities, together with any additional controls that are proposed, must be described in precise terms and accurately recorded. Risk control activities should be described in sufficient detail for the controls to be auditable. This is especially important when the risk register relates to the routine operations undertaken by the organization. Risk registers should also be produced for projects and to support strategic decisions. A project risk register has to be a very dynamic document. An example of a project risk register is provided in Table 7.4. Details of the risks f by the project, as recorded in the risk register, should be discussed at every project review meeting. As well as risk registers being relevant to projects, they should also support business decisions. In this case, the precise format of a risk register may be less formal. When a strategic decision has to be taken at board level, the risk assessment of that strategy should be attached to the proposal. This risk assessment could include both the risks of undertaking the strategy and an analysis of the risks associated with not undertaking the proposed strategy. Finally, a risk register should be attached to a business plan as a record of the risks that could impact the achievement of that plan. Table 7.5 shows a partially completed 92 Establishing the context TAb LE 7. 4 93 Project risk register 93 risk index 1 risk description Project management arrangements unable to deliver project. Current level of risk likelihood Magnitude Overall rating High High High action to be taken Clear project management structure in place, with executive team established to oversee project. Smaller project team runs project on day-to-day basis with expert support, as required. Clear links between various management functions to ensure co-ordinated approach. 2 Project resources inadequate with insufficient staff to support project. Medium Medium Medium Project management team established with support from other staff departments, including HR and Finance. 3 Project resources has insufficient funds for the necessary external professional technical advice. Low High Medium Sufficient budget identified to fund external advice. 4 Project not co-ordinated with other developments in organization. Low Low Low Project management team also oversees related projects with cross-representation on other groups. 94 TAb LE 7. 5 risk index Risk register attached to a business plan Circumstance assessment and controls Current level of risk likelihood High Magnitude action and assurance Overall risk 1.1 Loss of grant funding Negotiations are in hand and final settlement figure should soon be notified. 1.2 Job upgrade costs Provision has been made in reserves and any additional costs will be met from existing budgets. 1.3 Overtime claims Heads of department should enforce the rules concerning overtime payments as a result of job upgrades. 1.4 Mileage claims Heads of department should ensure that only essential journeys are undertaken. 95 context Establishing the simple risk register in a format that could be attached to a business plan. Simple examples of the risks that could result in the business plan not being achieved are set out in this illustration. For example, a sports club may wish to record risks to reputation in the risk register. There could be particular concerns regarding the reputation of the club, so that the board will require a detailed evaluation of the reputational risks related to: ● success on the pitch; ● legal compliance; ● supply of ethical goods at a fair price. When considering reputational issues, the level of control that is required will be evaluated, together with responsibility for managing the brand. The club will also make sure that existing controls and any additional controls are described in a way that will ensure that implementation of the controls can be fully audited. The board will probably wish to see the risk register on at least a quarterly basis, and more frequently if significant changes occur. This will ensure that the risk register remains a dynamic document and is kept fully up to date. It will also ensure the necessary actions are taken and reported to the board. Risk register for the Thomas Jefferson University-East Falls closed Point of Dispensing (POD) Project. Current level of risk Risk Index Risk Description 1 Likelihood Medium Magnitude High Overall Rating Medium Medium High Medium Medium High Medium Lack of adequate number of staff to provide logistic services (e.g., line management, forms distribution) 2 Lack of adequate number of staff to provide medical services (e.g., checking the individual’s medical history, giving vaccine) 3 Ineffectiveness of the automated system for booking appointments and filling out the vaccine forms. 4 Medium Staff get confused about tasks, especially those who may join as back up members. Medium Medium Actions to Be Taken Contact the Gallagher center staff to help manage logistics. Contac Jefferson hospital to support the POD’s operations. Send emails to TJU community to direct them to make appointments in person at specific times. Provide hard copies of the vaccine forms. Print out the closed POD operation plan and hand it out to all staff members. Assign a specific staff member as a reference. The Risk register can be considered as a risk action plan that consists of the organization’s situation in terms of the anticipated risks and the possible actions/solutions (Hopkin, 2017). The risk register is helpful to assess the organization’s current situation based on the likelihood of the risk occurrence and its impact level. Having a clear dynamic risk register will enable the team project members to undertake the correct response in a timely manner. However, currently, I am working with the public safety department at the East Falls campus on planning for establishing a closed Point of Distribution center at the East Falls campus to deliver medical services at emergency times. The closed POD goal is to deliver the COVID-19 vaccine to the TJU East Falls community when the vaccine becomes available. To ensure people’s safety during such time, several safety measures related to the COVID-19 protection guidelines must be taken which require detailed planning and having enough staff members to implement the plan. Therefore, I started thinking of the possible risks that could face the team and hinder the success of the operations. For example, because most of the team members are either volunteers or members who are not always present at the campus, the lack of enough team members may cause operation failure. Additionally, lack of logistics support may result in an ‘uncontrolled scene’ and non-compliance with the COVDI-19 safety guidelines such as social distancing. Finally, attached is a risk register for the POD operations. Reference Hopkin, P. (2017.) Fundamentals of risk management: Understanding, evaluating and implementing effective risk management. NY, NY. Risk Register for Saudi Red Daily Field Operations in Riyadh: Current level of risk Risk Index 1 2 3 Risk Description Inadequate staff during weekdays morning shifts due to staff absence Dispatch center overwhelmed with emergency calls higher than the normal rate during weekends nights Shortage in ALS unites due to vehicles mechanical issues 4 Radio system failing due to mobile signal or network overwhelming issues Likelihood Low High Medium Medium Magnitude Overall Rating High Medium Low Medium Medium Medium Low Medium Actions to approach the Risks Relocate existing staff to stations with higher calls volume without affecting other areas. Open the backup dispatch channels and if necessary, assigned some of the field employees to work as an acting dispatcher until the situation resolved. Use the combined method where one ALS unite staff works with one BLS unite staff to form ALS trucks and provide the remaining staff with the spare BLS trucks which located in the logistics warehouse. Relocate as needed. Open the backup radio channels to release the load on the network. If this does not work contact all older vehicles on the field via the old radio system and report the issue to the shift supervisor. One method to anticipate and manage risks in the organizational environment is to develop a risks register (Hopkin, 2017). Risks register is a written instrument organization uses to identify possible risks and defines their approach to these risks (Hopkin, 2017). According to Hopkin there is no single or official way to develop such an instrument. Developing risks register depends on what the organization wants to gain from the instrument. Based on my previous experience in Saudi Red Crescent, I developed risks register for the field daily operations in Riyadh city, Saudi Arabia. Saudi Red Crescent is the exclusive provider for all out of hospital medical emergencies within the country. They respond to more than 15k calls a month within the Riyadh area alone, according to January 2019 statistics (SARCA, 2019). This enormous call volume puts them at significant risks regarding staffing, logistics, and technical issues. I focused on four frequent risks I used to see daily, which notably affects the service. I used the likelihood and magnitude approach in my risks register. References Mediasarca. (2019, February 03). #‫م‬2019 ‫احصائيات | البالغات لشهر يناير‬. Retrieved from https://twitter.com/mediasrca/status/1092034789849382912 Hopkin, P. (2017.) Fundamentals of risk management: Understanding, evaluating and implementing effective risk management. NY, NY.

WE OFFER THE BEST CUSTOM PAPER WRITING SERVICES. WE HAVE DONE THIS QUESTION BEFORE, WE CAN ALSO DO IT FOR YOU.
Assignment status: Already Solved By Our Experts
(USA, AUS, UK & CA PhD. Writers)
CLICK HERE TO GET A PROFESSIONAL WRITER TO WORK ON THIS PAPER AND OTHER SIMILAR PAPERS, GET A NON PLAGIARIZED PAPER FROM OUR EXPERTS

Order from Academic Writers Bay — Best Custom Essay Writing Services

QUALITY: 100% ORIGINAL PAPER – NO PLAGIARISM – CUSTOM PAPER

Why Choose Us?

100% non-plagiarized Papers
24/7 /365 Service Available
Affordable Prices
Any Paper, Urgency, and Subject
Will complete your papers in 6 hours
On-time Delivery
Money-back and Privacy guarantees
Unlimited Amendments upon request
Satisfaction guarantee

How It Works

Click on the “Place Your Order” tab at the top menu or “Order Now” icon at the bottom and a new page will appear with an order form to be filled.
Fill in your paper’s requirements in the “PAPER DETAILS” section.
Fill in your paper’s academic level, deadline, and the required number of pages from the drop-down menus.
Click “CREATE ACCOUNT & SIGN IN” to enter your registration details and get an account with us for record-keeping and then, click on “PROCEED TO CHECKOUT” at the bottom of the page.
From there, the payment sections will show, follow the guided payment process and your order will be available for our writing team to work on it.

About AcademicWritersBay.com

AcademicWritersBay.com is an easy-to-use and reliable service that is ready to assist you with your papers 24/7/ 365days a year. 99% of our customers are happy with their papers. Our team is efficient and will always tackle your essay needs comprehensively assuring you of excellent results. Feel free to ask them anything concerning your essay demands or Order.

AcademicWritersBay.com is a private company that offers academic support and assistance to students at all levels. Our mission is to provide proficient and high quality academic services to our highly esteemed clients. AcademicWritersBay.com is equipped with competent and proficient writers to tackle all types of your academic needs, and provide you with excellent results. Most of our writers are holders of master’s degrees or PhDs, which is an surety of excellent results to our clients. We provide assistance to students all over the world.
We provide high quality term papers, research papers, essays, proposals, theses and many others. At AcademicWritersBay.com, you can be sure of excellent grades in your assignments and final exams.