2. What is risk management
Risk can be defined as the effect of uncertainty on objectives, whether positive or negative.
Risks, therefore, need to be managed in order to successfully deliver our objectives. Risks should be fully understood and their likelihood and consequences managed.
A risk matrix is used in the risk assessment process. It creates a risk score from the combination of the likelihood and the impact of the Risk. The risk becomes more severe as the likelihood and impact increase.
A strategic risk is generally managed by a director, head of service or corporate manager. It is something with the potential to cause harm (including ill health/injury, damage to assets, loss of reputation, environmental pollution, financial losses or increased liabilities). It can be an event or series of events that may impact on the high level vision and the council plan and other plans.
Operational risks are managed by heads of service, corporate managers and senior managers and are defined as risks that can affect the delivery of individual services but would not, in isolation, threaten the council’s overall objectives.
This is the risk in its raw state without any mitigating controls (action controls in SPAR.net) in place.
A residual risk is the remaining potential for harm to persons, property or the environment following all possible efforts to reduce predictable hazards. In other words, it is the risk that remains after a risk assessment has been carried out and mitigating controls have been put in place. This risk needs to be monitored to keep the mitigating controls up to date.