1.1 Risk reviews
Risk reviews look for new risks and new root causes; they look to share learning, best practice and incidents to inform the other parts of the process.
Risk reviews follow the same basic pattern as other meetings. They should have an agenda and a terms of reference. Participants should be engaged in the subject matter and not continually distracted.
Like many other meetings, most of the real value happens before and after the meeting. Before the meeting risk owners should be clear on their risks, their assessment, what treatments are in place and whether these treatments are effective.
A good meeting is also clear on why the information is being provided – is it to inform or is it so a decision can be made? If so what decision is required, why and why now?
Risk owners should make sure that the treatments are working, that assurance is taking place and that they are learning lessons from incidents.
The paradox of risk management, which is particularly apparent in reviewing risk, is that if done well it is rarely visible, but if done poorly this becomes all too apparent to the wider organisation.
Activity 1 Examples of good and bad risk reviews
Look at the statements relating to risk reviews and decide which are ‘good’ and which are ‘bad’ for risk review quality. Select from the drop-down lists.