【正文】 ContentsCHAPTER 1: INTRODUCTION o of this guide o is management of risk? o management of risk is important o is involved in risk management o to use this guide o research for this guidance CHAPTER 2: PRINCIPLESo success factors for management of risk o is at risk and why? o about risk o risks occur o framework for managing risk o ownership o the risk management culture o CHAPTER 3: HOW RISKS ARE MANAGED o a framework for management of risk o identification o probable risk owners o evaluation o risk tolerances o to risk o risk responses o responses o and review o to improve CHAPTER 4: MANAGING RISK AT THE STRATEGIC LEVEL o of risk o to apply risk management o to do it o is involved o level policy for management of risk CHAPTER 5: MANAGING RISK AT THE PROGRAMME LEVEL o of risk o of risk o to apply risk management o to do it o is involved o level policy for management of risk CHAPTER 6: MANAGING RISKS AT THE PROJECT LEVEL o down a project o of risk o to apply risk management o to do it o is involved o level policy for management of risk CHAPTER 7: MANAGING RISK AT THE OPERATIONAL LEVEL o of risk o to apply risk management o to do it o is involved o level policy for management of risk CHAPTER 8: TECHNIQUES o identification approaches o management approaches o techniques o review of activities o the risk management processes ANNEX A: EXAMPLES OF BENEFITS OF RISK MANAGEMENT o A1燬trategic benefits o A2燜inancial benefits o A3燩rogramme benefits o A4燘usiness process benefits o A5燨verall management benefits ANNEX B: HEALTHCHECK: HOW WELL IS YOUR ORGANISATION MANAGING RISK? o B1燢ey elements o B2燫eview of overall effectiveness o B3燙hecklist: risk ownership o B4燙hecklist: on risk identification o B5燙hecklist: risk evaluation and assessment of the organisation39。s willingness to take on risk o B6燙hecklist: risk response o B7燙hecklist: monitoring and control mechanisms ANNEX C: CATEGORISING RISK o C1燭hreats and impacts o C2燬trategic risk major threats o C3燭hreats to projects or programmes o C4燨perational risks ANNEX D: SETTING A STANDARD FOR EVALUATION OF RISK o D1燯sing the summary risk profile o D2燣ooking at probability o D3燣ooking at impact ANNEX E: PROCUREMENT, CONTRACTUAL AND LEGAL CONSIDERATIONS o E1燤odular and incremental approaches o E2燙ontract risk management o E3燨utsourcing to support business needs o E4燣egal aspects of procurement ANNEX F: BUSINESS CONTINUITY MANAGEMENT o F1燱hy is business continuity management important? o F2燱hat is business continuity management? o F3燞ow to implement business continuity management o F4燬tructuring business continuity plans o F5燘usiness continuity supported by a risk management process o F6燱ho to involve in business continuity management o F7營ssues to consider in a BCP o F8燗ssuring your BCP is viable o F9燱here to store BCPs o F10燙ommunications o F11燘CM summary ANNEX G: MANAGING ORGANISATIONAL SAFETY AND SECURITY o G1燞ow are safety and security related? o G2燤andate for ensuring safety and security o G3燬ecuring assets o G4燬ecuring incidents o G5燗dopting good practice in information security management ANNEX H: INFORMATION ON FURTHER TECHNIQUES TO SUPPORT MANAGEMENT OF RISK o H1燫isk identification workshops o H2燫isk management workshops o H3燙auseandeffect diagrams o H4燚ecision trees o H5營nsurance premium approach o H6燙ritical path analysis (CPA) or critical path method (CPM) o H7燤onte Carlo simulation o H8燫isk map o H9燩robability and impact grid o H10燬catter diagram o H11燫adar chart o H12燫isk indicators ANNEX J: LESSONS LEARNED FROM OTHERS o J1燗ssessing success o J2燱hy projects fail o J3燬topping a project o J4燘arriers ANNEX K: ASSESSING THE SUITABILITY OF TOOLS o K1營ssues to consider when selecting tools o K2燗ppraisal and evaluation in context o K3燝eneral appraisal procedure o K4燙ustomisation of criteria ANNEX L: DOCUMENTATION OUTLINES o L1燘usiness Case o L2燘usiness Continuity Plan (BCP) o L3燙ommunications Plan o L4燙ontingency plan o L5燤anagement of Risk Policy o L6?Activity) plans for programme and/or project o L7燫isk Register o L8燬ecurity policy o L9燬takeholder map o L10燬ummary Risk ProfileCHAPTER 1: INTRODUCTION Purpose of this guide What is management of risk? Why management of risk is important Who is involved in risk management How to use this guide The research for this guidance Purpose of this guideThis guide is intended to help organisations to put in place effective frameworks for taking informed decisions about risk. The guidance provides a route map for risk management, bringing together remended approaches, checklists and pointers to more detailed sources of advice on tools and techniques. It expands on the OGC Guidelines for Managing Risk.The process of investment appraisal, in which assessments are made of costs, benefits and risks, is outside the scope of this guide. However, many of the principles and techniques described here can be used when developing the business case. The approach described in this guide plements OGC’s guidance on programme and project management and is continually updated to reflect current thinking. This approach, branded by OGC as M_o_R (Management of Risk), is supported by training and qualifications. What is management of risk?In this guide risk is defined as uncertainty of oute, whether positive opportunity or negative threat. The term ‘management of risk’ incorporates all the activities required to identify and control the exposure to risk which may have an impact on the achievement of an organisation’s business objectives.Every organisation manages its risk, but not always in a way that is visible, repeatable and consistently applied to support de