【正文】 ensuring that continuity plan。 prioritising areas to address/actions to instigate. This requires understanding the implications of the options available make a clear mitment to a particular course of action. For planning, the major areas to consider are: collect appropriate and meaningful information to assess risk and the options, and then to monitor the risk identify and assess the risk resource management, including equal opportunities and delegation. Although managers tend to work in specific areas of the organisation, either based on technical specialism or business function, they all need to identify and manage risk. To do this they need to be able to: continuous improvement and/or analytical techniques staff matters, including how staff can be motivated and involved agreements and contracts strategic planning and if necessary, can it be quickly and effectively reallocated? Are the nominated owners appropriate and aware of their nomination? Do the individuals who have been allocated ownership actually have the authority and capability to fulfil their responsibilities? For example, suppliers may be tasked with risk ownership. Have owners been allocated for all the various parts of the plete process? interdependent risks that cross organisational boundaries, whether they are business processes, operational services or. For example, for a senior manager with responsibility for a, ownership of risk could be defined as follows:Senior managers responsible for projects must assure themselves that a number of types of risk are being tracked and dealt with as effectively as possible. The mechanisms in place for monitoring and reporting risk will vary according to the size and plexity of the or, ranging from the use of a simple to the appointment of a risk manager reporting directly to the senior manager. Clearly, the degree of delegation adopted by the senior manager will vary, but he or she must be sure that the critical issues are being addressed。 different elements of the process, such as identifying, through to producing and reporting on decisions the setting policy and the organisation’s willingness to take risk how appropriate munication mechanisms are set up and supported how these decisions are implemented how options to deal with them are identified how information about their probability and potential impact is obtained the relationship between business and risks to delivery, where achievement of is dependent on successful delivery of a. You should continually check whether changing plans affect the achievement of. A framework for managing riskA framework for sets the context in which risks will be identified, analysed, controlled, monitored and reviewed. It must be consistent with processes that are embedded in everyday management and operational practices. It addresses: specific concerns include /, support for business processes and customer relations.Additional factorsAdditional factors may increase the plexity of assessing overall exposure to risk. These include: however, it is helpful to clarify the occurrence of risks at these levels to inform the kind of decisions you are likely to make.Figure 3: Organisational management hierarchyIt is important to note that a risk may materialise initially at one level but subsequently have a major impact at a different level. A recent example is a High Street bank facing technical faults at the operational level。 strategic or corporate the to part of the end user munity and then ‘rolling out’ to the rest of that munity – for example, introducing a new information service in the NorthEast and gradually making it available nationwide. This is a modular and/or incremental approach that is further discussed in Chapters and and in.When managing any it is essential to ensure major decisions are made appropriately. A will support some business change and so require something to be produced and then put into use.shows the main stages of the process and the decisions to be taken about breaking projects down into manageable ‘packages’. For major projects, there will be formal in addition to the normal decision points。 however, decisions about risk at this level must also support the achievement of long and mediumterm goals. These organisational levels are discussed in more detail in Chapters, , and.There are also considerations about what can realistically be achieved in one change initiative. Delivery of each of the of a change initiative (whether a, or stage) must provide some direct benefit to the organisation as a result of its delivery. This could be by delivering: able to offer more decision points, allowing greater control of the. Decisions about riskDecisions about risk need to be balanced so that the potential are worth more to the organisation than it costs to address the risk.For example, innovation is inherently risky but could achieve major in improving services. The ability of the organisation to limit its exposure to risk will also be of relevance.You should aim to make an accurate assessment of the risks in a given situation and analyse the potential. The risks and presented by each course of action should be defined in order to identify appropriate response.Scope of decisionsDecisions about risk will vary depending on whether the risk relates to long, medium or shortterm goals.Strategic decisions are primarily concerned with longterm goals。 able to offer more options for contingency simpler to implement within the business environment Business continuity is concerned with ensuring that the organisation could continue to operate in the event of a disaster, such as loss of a service, flood or fire damage. Figure 1: Reasons for a processReducing risk in large scale projectsExperience has shown that and attempting a large scale, prehensive business change are less likely to be su