【正文】 shops o H2燫isk management workshops o H3燙auseandeffect diagrams o H4燚ecision trees o H5營nsurance premium approach o H6燙ritical path analysis (CPA) or critical path method (CPM) o H7燤onte Carlo simulation o H8燫isk map o H9燩robability and impact grid o H10燬catter diagram o H11燫adar chart o H12燫isk indicatorso K1營ssues to consider when selecting tools o K2燗ppraisal and evaluation in context o K3燝eneral appraisal procedure o K4燙ustomisation of criteria increased certainty and fewer surprises more effective management of change better management at all levels through improved decision making innovation an Accounting Officer (or equivalent senior manager), who is responsible for the organisation’s overall exposure to risk. Typically this person will be the Chief Executive Officer (CEO)。 a senior manager acting as a ‘owner’, who is responsible for risk relating to a specific or and for the realisation of associated business. Audience for this guidanceBusiness managers, process owners, strategic planners, and teams, business continuity planners and security teams are the primary audience for this guidance, together with their service providers.It will also be of interest to auditors, with their responsibility for ensuring effective. How to use this guideChapter 1 introduces the structure, process and culture of, explaining why organisations need to devise and implement effective strategies in order to maximise and minimise to the achievement of their business objectives. It identifies key personnel in the and the target audience for the guidance.outlines the key principles underpinning: establishing a framework, risk ownership, where risks occur, the decision making process, the importance of embedding the risk management culture, and allocating realistic budgets.describes the main activities of. It contains practical examples, pointers and checklists for identifying and responding to risk, and monitoring.–7 explain when and how should be applied throughout an organisation, at the strategic, , and operational levels.discusses the range of techniques available to support the process.The Annexes provide supporting detail: : Healthcheck: how well is your organisation managing risk? : Setting a standard for evaluation of risk : : Information on further techniques to support : Assessing the suitability of tools s Directorate, this guidance has been developed from extensive research into current thinking and practice in both the public and private sectors, drawing on published papers and interviews/studies with a number of leading organisations involved in major change and with specialist experts in the. It builds on the recent work of the National Audit Office (), HM Treasury and Cabinet Office, together with OGC39。 it also aims to address issues relating to.This guidance responds to lessons learned and the experiences of realworld practical issues, as reported by consultants in 39。 clearly identified senior management to support, own and lead on existence and adoption of a framework for that is transparent and repeatable fully embedded in management processes and consistently applied risks associated with working with other organisations explicitly assessed and managed the requirements of – including more focused and open ways of managing risk (see the section on below) the need for improved reporting and upward referral of major problems the need for shared understanding of at all levels in the organisation and with partners, bined with consistent treatment of risk be appropriate for the size and nature of your organisation, its business and operating environment be clear about escalation criteria in relation to (., when to refer decision making upwards) these processes must be repeatable ensure that internal control mechanisms are in place for independent assessment that the policy is implemented (and checked). What is at risk and why?There are many diverse factors that could place an organisation at risk. outlines the main reasons why there should be a robust process in place.Your organisation will have a set of key objectives. Risks should be identified against these objectives, ideally not more than 1015 at high level. These highlevel risks will then be considered and managed by senior management, increasing the organisation’s ability to meet its objectives. provides a ‘healthcheck’ to see if an organisation is adopting an effective framework for and risk management process.expands on possible categories of risk.Relating management of risk to safety, security and business continuityshould be carried out in the wider context of safety concerns, security and business continuity. Security is concerned with protecting the organisation’s, including information, buildings and so on. easier to manage easier to accept formally as, typically, the specification is easier to document and thus simpler to verify that it has been met more likely to acmodate fast moving changes in technology, or in the political or financial environment these set the context for decisions at other levels of the organisation. The risks associated with strategic decisions may not bee apparent until well into the future. Thus it is essential to review these decisions, and associated risks, on a regular basis.Mediumterm goals are usually addressed through and to bring about business change. Decisions relating to mediumterm goals are narrower in scope than strategic ones, particularly in terms of timeframe and financial responsibilities.At the operational level the emphasis is on shortterm goals to ensure ongoing continuity of business services。 a major to support/build towards the intended oute – for example, providing a telephone helpline first as part of a new information service and then adding website services to expand the facilities available to the pu