Risk management
Risk management

Start this free course now. Just create an account and sign in. Enrol and complete the course for a free statement of participation or digital badge if available.

Free course

Risk management

Session 6: Monitoring and review


So you’ve identified your risks, assessed them and developed a treatment plan with actions and controls. But if that is where you leave it then you have only really covered the basics.

As discussed in Session 5, risk management is all about taking action. The actions may be specific one-off activities that reduce a risk (its impact and or probability) or they may be performing a control that keeps a risk at an agreed level.

But risk, like life, is continually changing. New root causes emerge for existing risks, new risks emerge and old risks become less material or disappear completely. Sometimes best-laid plans don’t deliver the expected results. Sometimes things that weren’t anticipated do happen.

Your approach to risk needs to respond to these changes. Regular risk reviews act as a feedback loop to all of the other parts of the risk process, making sure that you learn and continually improve. Reviews make sure action is taken to treat risks and ensure the treatments are effective. Risk reviews are the fundamental way in which risk changes are responded to.

Monitoring and reviewing look to answer the following key questions:

  • Is the organisation taking the right risks?
  • Is its risk management effective?
  • Is it delivering the desired results?
  • It is providing useful, timely information that helps improve the organisation’s decisions?
Download this video clip.Video player: Video 1 What does good risk management look like?
Skip transcript: Video 1 What does good risk management look like?

Transcript: Video 1 What does good risk management look like?

So good risk management is really about are we taking specific, timely action on the risks that we've identified to allow us to achieve the results that we set out to do.
It's always difficult to tell if you're doing good risk management, because a sign that you're doing it well is that you don't have incidents, and things don't happen.
Is there a regular review of those risks? So it's not about having, maybe on Friday afternoon- what are the risks this week? It's actually about trying to build it into the everyday conversations so that it becomes part of how we set out to manage businesses.
In certain organisations, you often hear the phrase "we weren't aware that that was happening" or "we didn't know about that." so part of good risk management is about making sure that there isn't anything that's going to catch you unawares.
Are the actions that are being taken actually helping to reduce the risks?
It isn't about ticking boxes, filling in forms, and having reports. There's a reason why we do that, but that isn't risk management. That's just risk reporting.
Less things will go wrong because I do cognisant decisions right at the front, so going, OK, this could happen, so I put countermeasures in place. Or I say this could happen, and I would be OK with that happening. So I actually say- I take that money aside or whatever because I can accept. I can live with it. So eventually, I will see less surprises, less incidents, things that hit me unprepared.
I would say good risk management is happening when issues that might affect an organisation are being raised comfortably, confidently, early as well.
If you hear, in conversation, people challenging assumptions, and conversing about risk, and asking probing questions, and trying to understand what could go wrong, what needs to go right, what are the things we've got in place- it's all around conversation. That gives me an indication that an organisation and people within the organisation kind of live and breathe and really understand what the purpose of risk management is.
End transcript: Video 1 What does good risk management look like?
Video 1 What does good risk management look like?
Interactive feature not available in single page view (see it in standard view).

By the end of this session, you should be able to:

  • understand the value of monitoring and reviewing risks
  • understand what a risk review is
  • understand what takes place during a risk review
  • understand the basics of risk assurance (including the three lines of defence concept).

Now begin Session 6.


Take your learning further

Making the decision to study can be a big step, which is why you'll want a trusted University. The Open University has 50 years’ experience delivering flexible learning and 170,000 students are studying with us right now. Take a look at all Open University courses.

If you are new to University-level study, we offer two introductory routes to our qualifications. You could either choose to start with an Access module, or a module which allows you to count your previous learning towards an Open University qualification. Read our guide on Where to take your learning next for more information.

Not ready for formal University study? Then browse over 1000 free courses on OpenLearn and sign up to our newsletter to hear about new free courses as they are released.

Every year, thousands of students decide to study with The Open University. With over 120 qualifications, we’ve got the right course for you.

Request an Open University prospectus371