【正文】 Do the individuals who have been allocated ownership actually have the authority and capability to fulfil their responsibilities? For example, suppliers may be tasked with risk ownership. the setting policy and the organisation’s willingness to take risk how information about their probability and potential impact is obtained project able to offer more decision points, allowing greater control of the project. Decisions about riskDecisions about risk need to be balanced so that the potential benefits are worth more to the organisation than it costs to address the risk.For example, innovation is inherently risky but could achieve major benefits in improving services. The ability of the organisation to limit its exposure to risk will also be of relevance.You should aim to make an accurate assessment of the risks in a given situation and analyse the potential benefits. The risks and opportunities presented by each course of action should be defined in order to identify appropriate response.Scope of decisionsDecisions about risk will vary depending on whether the risk relates to long, medium or shortterm goals.Strategic decisions are primarily concerned with longterm goals。 Health and safety policy and practice is concerned with ensuring that the workplace is a safe environment. managing project risk in the wider context of programmes of change and the business. The NAO study of risk management (Supporting Innovation: Managing Risk in Government Departments), the Cabinet Office’s report Successful IT : Modernising Government in Action, and HM Treasury’s Orange Book provide valuable messages that are incorporated in this guidance.Meeting the needs of corporate governanceCorporate governance is the ongoing activity of maintaining a sound system of internal control to safeguard shareholders’ investment and the pany’s assets.The Turnbull Report states that:‘a(chǎn) pany’s objectives, its internal organisation and the environment which it operates in are continually evolving and as a result the risks it faces are continually changing. A sound system of control therefore depends on a thorough and regular evaluation of the nature and extent of the risks to which the pany is exposed. Since profits [or business results] are in part the reward for successful risk taking in business, the purpose of internal control is to help manage and control risk rather than eliminate it.’ Corporate governance frameworks must ensure that management is held accountable for a corporation’s performance and that owners are able to monitor and intervene in the operations of management.These principles apply equally to the public and private sectors. Whereas corporations focus mainly on shareholder returns and the preservation of shareholders’ value, the public sector’s role is to implement programmes cost effectively in accordance with Government legislation and policies.The British Standards Institute (BSI) has produced a guidance note on Corporate Governance – PD 6668:2000 – relating to the management of strategic risks. It outlines a management framework for identifying the threats, determining the risks, implementation and maintaining control measures and finally reporting annually on the organisation’s mitment to this process.Policy on management of risk to support corporate governanceTo support corporate governance, there needs to be a risk management policy in place. This policy should: management of risk closely linked to achievement of objectives s published guidance on best practice in risk management。 E: Procurement, contractual and legal considerations management of contingent and maintenance activities. See Annex A for examples of the benefits of more effective management of risk. Who is involved in risk managementIn practice, everyone in an organisation is involved in risk management to some extent and should be aware of their responsibilities in identifying and managing risk. However, there are some aspects for which responsibility must be assigned to individuals. Without clear responsibility (and the authority to support that responsibility) some risks will be missed or overlooked.In the public sector, there are two major roles with a clear responsibility to ensure risks are managed (there will be equivalents to these roles in private sector organisations). These roles are: ANNEX L: DOCUMENTATION OUTLINES o L1燘usiness Case o L2燘usiness Continuity Plan (BCP) o L3燙ommunications Plan o L4燙ontingency plan o L5燤anagement of Risk Policy o L6?Activity) plans for programme and/or project o L7燫isk Register o L8燬ecurity policy o L9燬takeholder map o L10燬ummary Risk ProfileCHAPTER 1: INTRODUCTION Purpose of this guide What is management of risk? Why management of risk is important Who is involved in risk management How to use this guide The research for this guidance Purpose of this guideThis guide is intended to help organisations to put in place effective frameworks for taking informed decisions about risk. The guidance provides a route map for risk management, bringing together remended approaches, checklists and pointers to more detailed sources of advice on tools and techniques. It expands on the OGC Guidelines for Managing Risk.The process of investment appraisal, in which assessments are made of costs, benefits and risks, is outside the scope of this guide. However, many of the principles and techniques described here can be used when developing the business case. The approach described in this guide plements OGC’s guidance on programme and project management and is continually updated to reflect current thinking. This approach, branded by OGC as M_o_R (Management of Risk), is supported by training and qualifications. What is management of risk?In this guide risk is defined as uncertainty of oute, whether positive opportunity or negative threat. The term ‘management of risk’ incorporat