TheFour Steps to Building an Inclusive Risk Register
ฝัง
- เผยแพร่เมื่อ 4 ต.ค. 2024
- Brett Knowles, from RiskScorecard.net, takes you through an easy four step process to build a better Risk Register using frameworks like ISO 31000, COSO, etc. This methodology is available through excel spreadsheets etc.
excellent video. Your entire series brings value add.
Wonderful
How can I download the excels being shown in video?
Impressive result and useful bar line risk indicators. But how practical is this 'We've got to assemble a multi page risk register!' Too complex, too busy and too abstract (I can imagine the reaction to asking people to sit down and pull risks or concerns out of the air) Risks are only risks if they are part of what we do (or intend to do)
In my company - simply list the basic operational processes, add KEY sub steps in those processes and assign an extra column or two for importance and risk. The SAME sheet can also include stakeholders, customers as well as a note if any legislation or regulations. One spreadsheet = Operational flow, stake holders, importance to the company, legislation, action required Y/N?. If anything else comes up for addition- just throw in a new column to the single spreadsheet. Add in a quarterly review to 'bolt on' any new company plans, products, markets etc
That's exactly what the author recommends here if you listened to his video, he suggests not interviewing people to avoid them pulling things out of the air. If you also listened his spreadsheet is used to initially identify the risks and then use that to populate a risk registry. The spreadsheet used here is effective and does exactly what you imply - an objective, an associated risk, a likelihood and resultant impact. In your org you say "basic operational processes" - how do you determine what's "important"? Without scoping and identifying the key risks in a top down approach (which is why he says strategy drives risk) you would be wasting resources, time and money. An adhoc approach might work in your org but his methodology here is a consistent way to approach risk mgmt.