You will need to:
Establish the context of the risk.
Identify the risk/s.
Analyse the risks.
Select and plan risk management treatments.
Describe the processes followed to address all of the settings:
any current risk management policies, procedures and processes and their strengths and weaknesses
the risk management scope
the impact that each of the following has on the organisation’s approach to risk management:
tools and techniques that can be used to identify, measure (quantify) and analyse (assess) risks
critical success factors, goals or objectives
relevant legislation, regulations or codes of practice
internal and external stakeholder groups and their issues
communication with each stakeholder groups
support that will be needed in order for the risk management plan to be effective
procedures for prioritising risk treatments
Address all of the following questions:
What is the situation?
What are the risks associated with the situation?
How were the risks identified and assessed?
What controls currently exist?
What is the desired situation?
What are the risks associated with the desired situation?
How have they been identified and assessed?
How does the risk management plan act to reduce the impact or consequences of the risk/s?
Does it introduce any new risks?
Who will the plan benefit and how will it be of benefit?
Why should the organisation support it? (consider qualitative and quantitative benefits, costs, PR, safety etc)
What resources and what personnel would be involved in developing, implementing and monitoring the planned risk controls?
What are the cost factors involved?
How would you ensure that the risk treatment was sponsored and supported by the organisation?
Whose authorisation would you need in order to go ahead with your plan?
How would you determine performance expectations?
How will you monitor the operation of the plan?
Who would be responsible for monitoring the risk controls and why would this person (people) be most suited to the task?
How will you measure its success? (ie what measurement processes will you use and what will you measure its success against?)
Format your risk identification, analysis and improvement plan/ proposal (or action plan) in a manner that would be accepted by senior management. Ensure that all risk scenarios are addressed and catered for.
answers to the questions
the plan rationale
tools used in the assessment process and in the plan design process
any relevant support information, charts, graphs etc
The plan must clearly describe the risk, proposed actions, resource needs, responsible persons, time frames, deadlines, expected outcomes and success metrics.
Plans should be accompanied by relevant statistics, evidence of the analysis of data/ information, graphs, charts and tables and any relevant background information.