Skip to main navigation
Skip to main content

 

Related links

 

Risk management strategy

Purpose:

Defines how risks will be managed during the lifecycle of the programme. Used to plan the way risks are handled within the programme.

The Risk Strategy and supporting Plan must acknowledge actual and potential threats to the successful delivery of a project and determines the activities required to minimise or eliminate them. The risk plan needs to be capable of integration into or co-ordination with the project plan.

A major concern is the appropriate communication of risk information, in particular where escalation is required. The 'summary risk profile'(SRP) is a simple mechanism to increase visibility of risks. It is a graphical representation of information normally found on a risk register. This graph should be updated in line with the risk register on a regular basis. The profile shows risks in terms of probability and severity of impact with the effects of mitigating action taken into account.

The SRP is often referred to as a probability/impact matrix. Each risk (indicated by * on the diagram) would normally have a number or other reference and supporting details. The position of the risk tolerance line would depend on the organisation and its project. See figure 2 for an example SRP.

Use the risk management healthcheck to assess your organisation's provision for managing risk. See the techniques section for further tools for managing risk.

Figure 2: Example of a Summary Risk Profile

Example of a Summary Risk Profile

Fitness for purpose checklist:

  • requires time and top-level commitment.
  • individual accountability, scrutiny and challenge.
  • risk judgements depend on sound information.
  • must be applied throughout delivery networks.
  • wider understanding of cross-departmental risks and joint working to manage them.
  • check the framework references the organisational appetite for risk and any delegated appetite in respect of specific programmes or projects.

Suggested content:

  • What risks are to be managed
  • How much risk is acceptable
  • Who is responsible for the risk management activities
  • What relative significance time, cost, benefits, quality, stakeholders have in the management of programme risks

Source information:

Programme Plan

Blueprint

Stakeholder Map

Notes:

Where partners and/or suppliers are involved, it is essential to have shared understanding of risks and agreed plans for managing them.

There are two parts to the strategy

1.       Analysis of risk, which involves the identification and definition of risks, plus the evaluation of impact and consequent action.

2.       Risk management, which covers the activities involved in the planning, monitoring and controlling of actions that will address the threats and problems identified, so as to improve the likelihood of the project achieving its stated objectives.

The risk analysis and risk management phases must be treated separately, to ensure that decisions are made objectively and based on all the relevant information.

Risk analysis and risk management are interrelated and undertaken iteratively. The formal recording of information is an important element in risk analysis and risk management. The documentation provides the foundation that supports the overall management of risk.

Further information:

See the briefing on business continuity; see also document outlines for risk management framework, risk register and contingency/reversion plans

Managing Successful Programmes

OGC Management of Risk Guidelines

OGC's Achieving Excellence Guides

Management of Risk : Practitioner guide

Print this page


OGC Gateway management reviews identify risks to programmes and projects and ensure that you deliver them on time and on budget. Government Relocation and Asset Management - streamlining the civil service and improving management of the civil estate. Centres of Excellence in programme and project delivery through your departments, agencies and non departmental public bodies. Programme & Project Management (PPM) Specialism helping developing careers. Key OGC products in the programme and project delivery chain include ITIL, PRINCE2, M_o_R and MSP.

Procurement policy supporting the implementation of European Union directives. Commodities, construction and facilities management procurement. Sustainable procurement. Efficiency Programme, eProcurement and eAuctions, improving supplier relationss and developing Best Practice, OGC works with the public sector to achieve efficiency, value for money and successful delivery of government projects. Expert advice, knowledge sharing by providing specialists, either as consultants or interim managers for your programme and project management.