【正文】 Without clear responsibility (and the authority to support that responsibility) some risks will be missed or overlooked.In the public sector, there are two major roles with a clear responsibility to ensure risks are managed (there will be equivalents to these roles in private sector organisations). These roles are: : Examples of of :, contractual and legal considerations : Lessons learned from others s published guidance on best practice in。 policies and the of effective management clearly municated to all staff closely linked to achievement of objectives the need for a ‘’ at senior level, for an activity (strategy, or). He or she is supported by at everyday working levels as appropriate for the activity and risk exposure managing in the wider context of of change and the business. The study of (Supporting Innovation: Managing Risk in Government Departments), the Cabinet Office’s report Successful : Modernising Government in Action, and HM Treasury’s Orange Book provide valuable messages that are incorporated in this guidance.Meeting the needs of corporate governanceCorporate governance is the ongoing activity of maintaining a sound system of internal control to safeguard shareholders’ investment and the pany’s.The states that:‘a(chǎn) pany’s objectives, its internal organisation and the environment which it operates in are continually evolving and as a result the risks it faces are continually changing. A sound system of control therefore depends on a thorough and regular evaluation of the nature and extent of the risks to which the pany is exposed. Since profits [or business results] are in part the reward for successful risk taking in business, the purpose of internal control is to help manage and control risk rather than eliminate it.’ frameworks must ensure that management is held accountable for a corporation’s performance and that owners are able to monitor and intervene in the operations of management.These principles apply equally to the public and private sectors. Whereas corporations focus mainly on shareholder returns and the preservation of shareholders’ value, the public sector’s role is to implement cost effectively in accordance with Government legislation and policies.The British Standards Institute () has produced a guidance note on Corporate Governance – PD 6668:2000 – relating to the management of. It outlines a management framework for identifying the, determining the risks, implementation and maintaining control measures and finally reporting annually on the organisation’s mitment to this process.Policy on management of risk to support corporate governanceTo support, there needs to be a policy in place. This policy should: ensure that processes, and the culture/infrastructure, to identify and manage risk are put in place。 Health and safety policy and practice is concerned with ensuring that the workplace is a safe environment. simpler to implement within the business environment able to offer more decision points, allowing greater control of the. Decisions about riskDecisions about risk need to be balanced so that the potential are worth more to the organisation than it costs to address the risk.For example, innovation is inherently risky but could achieve major in improving services. The ability of the organisation to limit its exposure to risk will also be of relevance.You should aim to make an accurate assessment of the risks in a given situation and analyse the potential. The risks and presented by each course of action should be defined in order to identify appropriate response.Scope of decisionsDecisions about risk will vary depending on whether the risk relates to long, medium or shortterm goals.Strategic decisions are primarily concerned with longterm goals。 the to part of the end user munity and then ‘rolling out’ to the rest of that munity – for example, introducing a new information service in the NorthEast and gradually making it available nationwide. This is a modular and/or incremental approach that is further discussed in Chapters and and in.When managing any it is essential to ensure major decisions are made appropriately. A will support some business change and so require something to be produced and then put into use.shows the main stages of the process and the decisions to be taken about breaking projects down into manageable ‘packages’. For major projects, there will be formal in addition to the normal decision points。 specific concerns include /, support for business processes and customer relations.Additional factorsAdditional factors may increase the plexity of assessing overall exposure to risk. These include: how information about their probability and potential impact is obtained how these decisions are implemented the setting policy and the organisation’s willingness to take risk interdependent risks that cross organisational boundaries, whether they are business processes, operational services or. For example, for a senior manager with responsibility for a, ownership of risk could be defined as follows:Senior managers responsible for projects must assure themselves that a number of types of risk are being tracked and dealt with as effectively as possible. The mechanisms in place for monitoring and reporting risk will vary according to the size and plexity of the or, ranging from the use of a simple to the appointment of a risk manager reporting directly to the senior manager. Clearly, the degree of delegation adopted by the senior manager will vary, but he or she must be sure that the critical issues are being addressed。 Do the individuals who have been allocated ownership actually have the authority and capability to fulfil their responsibilities? For example, suppliers may be tasked with risk ownership. and if necessary, can it be quickly and effectively reallocated? agreements and contracts continuous improvement an