The Risk Guide Risk Guide RSS Feed


Risk Management Knowledgebase

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 


RACI chart RACI is a model for assigning roles and responsibilities. RACI (pronounced ray-see), stands for:
Responsibility - People who are expected to actively participate in the activity and contribute to the best of their abilities.
Accountability - The person who is ultimately responsible for the results.
Consultation - People who have a particular expertise can contribute to specific decisions.
Inform - People who are affected by the activity/decision and therefore need to be kept informed, but do not participate in the effort.
RAG status Traffic lights for status (Red - major problems, Amber - little or no progress, Green - on target). Some extended models also have a white (not started) and blue (completed).
RFP Request For Proposal. A bid document used to solicit proposals from prospective sellers of products or services.
RFQ Request For Quotation. Equivalent to a Request for Proposal but with more specific application areas.
ROI Return On Investment is how much profit or cost saving is realised. An ROI calculation is sometimes used along with other approaches to develop a business case for a given proposal.
Rationale The motivation behind a given principle.
Recurring Costs Expenditures which occur on a repetitive basis.
Residual Risk The exposure arising from a specific risk after action has been taken to manage it and making the assumption that the action is effective.
This is the target risk rating after control measures have been implemented.
Resource An item required to accomplish an activity. Resources can be people, equipment, facilities, funding or anything else needed to perform a task.
Review Processes should be put in place to review existing risks, consider potential new risks and deliver assurance on the effectiveness of control.
Review of risks and review of the risk management process are distinct from each other and neither is a substitute for the other. The review processes should:
• ensure that all aspects of the risk management process are reviewed regulary;
• ensure that risks themselves are subjected to review with appropriate frequency;
• make provision for alerting the appropriate level of management to new risks or to changes in already identified risks so that the change can be appropriately addressed.
Risk Risk is most commonly held to mean something to be avoided. Uncertainty of outcome, whether positive opportunity or negative threat, of actions and events.
Risk is the chance, great or small, that damage or an adverse outcome will occur from a particular hazard. It is the combi-nation of likelihood and impact, including perceived importance.
A Risk is an event which has not happened but if it does come to fruition it would adversely affect the outcome of the project, a deliverable, funding or timescales of the project.
Risk Analysis Risk analysis is the systematic use of information to establish valid scenarios for how a hazard could lead to harm and determine the probability of the associated adverse events and the magnitude of their consequences.
Risk Assessment The evaluation of risk with regard to the impact if the risk is realised and the likelihood of the risk being realised.
Some types of risk lend themselves to a numerical diagnosis - particularly financial risk. For other risks - for example reputational risk - a much more subjective view is all that is possible.
Risk Avoidance Planning activities to avoid risks that have been identified.
Risk Management Risk management is the process by which an organisation reaches decisions on the steps it needs to take to adequately control the risks which it generates or to which it is exposed.
Risk management covers all the processes involved in identifying, assessing and judging risks, assigning ownership, taking actions to mitigate or anticipate them, and monitoring and reviewing progress.
The management of risk is not a linear process; rather it is the balancing of a number of interwoven elements which interact with each other and which have to be in balance with each other.
The management of one risk may have an impact on another. Management actions which are effective in controlling more than one risk simultaneously may be achievable.
Risk Matrix Assessment needs to be done by evaluating both the likelihood of the risk being realised, and of the impact (or severity) if the risk is realised.
A categorisation of high, medium, low in respect of each may be sufficient, and should be the minimum level of categorisation this results in a 3x3 risk matrix.
A more detailed analytical scale may be appropriate, especially if clear quantitative evaluation can be applied to the particular risk.
5x5 matrices are often used, with impact on a scale of insignificant minor, moderate, major, catastrophic and likelihood on a scale of rare, unlikely, possible, likely, almost certain.
There is no absolute standard for the scale of risk matrices - the organisation should reach a judgement about the level of analysis that it finds most practicable for its circumstances.
Colour (Traffic Lights) can be used to further clarify the significance of risks.
Risk Modeling Models can help organisations control their complex risk management tasks.
A model is a simplified representation, usually visual, of some aspects of a system.
Risk Owner All risks, once identified, should be assigned to an owner who has responsibility for ensuring that the risk is managed and monitored over time.
A risk owner, in line with their accountability for managing the risk, should have sufficient authority to ensure that the risk is effectively managed.
The risk owner is not usually the person who actually takes the action to address the risk.
Risk Profile The documented and prioritised overall assessment of the range of specific risks faced by the organisation.
Risk Ranking Allocating a classification to the impact and likelihood of a risk.
Risk Rating The results from the estimations of likelihood and Impact are combined into a risk rating.
Likelihood X Impact = Risk Rating
Risk Reduction Action taken to reduce the likelihood and impact of a risk.
Risk Register A file that holds all information on identifying and managing a risk.
Risk Response Responding to changes in risk during a project.
Developing a plan of action to enhance opportunities and decrease threats.
Risk Review A designated team is established (either inhouse or contracted in) to consider all the operations and activities of the organisation in relation to its objectives and to identify the associated risks.
The team should work by conducting a series of interviews with key staff at all levels of the organisation to build a risk profile for the whole range of activities.
Risk Strategy The overall organisational approach to risk management. This should be documented and easily available throughout the organisation.
Risk Transfer A contractual arrangement between two parties for delivery and acceptance of a product where the liability for the costs of a risk is be transferred from one party to the other.

© RuleWorks - All Rights Reserved - Policy - - Sitemap