Session 6: Monitoring and review
So you’ve identified your risks, assessed them and developed a treatment plan with actions and controls. But if that is where you leave it then you have only really covered the basics.
As discussed in Session 5, risk management is all about taking action. The actions may be specific one-off activities that reduce a risk (its impact and or probability) or they may be performing a control that keeps a risk at an agreed level.
But risk, like life, is continually changing. New root causes emerge for existing risks, new risks emerge and old risks become less material or disappear completely. Sometimes best-laid plans don’t deliver the expected results. Sometimes things that weren’t anticipated do happen.
Your approach to risk needs to respond to these changes. Regular risk reviews act as a feedback loop to all of the other parts of the risk process, making sure that you learn and continually improve. Reviews make sure action is taken to treat risks and ensure the treatments are effective. Risk reviews are the fundamental way in which risk changes are responded to.
Monitoring and reviewing look to answer the following key questions:
- Is the organisation taking the right risks?
- Is its risk management effective?
- Is it delivering the desired results?
- It is providing useful, timely information that helps improve the organisation’s decisions?
Transcript: Video 1 What does good risk management look like?
By the end of this session, you should be able to:
- understand the value of monitoring and reviewing risks
- understand what a risk review is
- understand what takes place during a risk review
- understand the basics of risk assurance (including the three lines of defence concept).
Now begin Session 6.