General Risk management Plan (1000) words
Appendix 1 (100) words
- Introduce your example threat from assessment 1
- Include your CTR entry as Appendix 2 for reference
- Define the risk treatment strategy for the threat
- Explain how the steps in your RMP support the development of a treatment strategy for your threat
- Use frameworks/models/theories/research to explain how and why the treatment is appropriate
2020Semester 1 MGB341 Task Overview Assessment 2 – Risk Management Plan Description The purpose of the second assessment item is for students to gain an understanding of the challenges of applying risk models and standards to a real world context. Building on the risk analysis created in Assessment 1, your task is to propose and justify a range of recommendations for the organisation to improve their preparedness for managing disturbances to operations and/or corporate management. To do this, you are required to write a Risk Management Plan that builds upon your recommendations from your initial Risk Assessment (Assessment 1). Your analysis needs to apply the Business Continuity Management Standard (AS/NZS:5050) to guide your analysis and argue the validity of the recommendations posed in the report. Why is this task important for risk management? Once an organisation understands its risk for a particular project, objective or initiative, it’s prudent for the organisation to develop a structured plan to treat the risk. Your risk assessment from Assessment 1 has already provided some recommendations for the organisation – be it to avoid, reduce or accept the risk. Now, imagine your manager has accepted your risk analysis (with some feedback) and now wants to know what the organisation should do to manage the risk you discussed in your risk analysis. This task provides you with experience in using risk management theories and concepts to develop clear recommendations for an organisation. How does the unit support your learning of core content and aid completing the task? The business continuity standard provides a range of principles and focus areas to help organisations understand how a particular disturbance can impact on their critical processes and resources. By using your developed knowledge of the risk for the organisation, the feedback provided by your tutor, and the readings and cases discussed in the unit, you will identify vulnerabilities to the case organisation’s objectives, and identify specific interventions and changes that should be implemented to improve their ability to avoid, reduce or accept the risk you’ve identified. For the analysis, students can readily apply the risk management concepts and theories discussed in class and readings to unpack and interpret information to develop critical insights for the risk posed by a new technology or practice. What are you required to do? Risk Management Plan (2000 words, graders stop reading at 2200 words) This task requires you to create a risk management plan for the ‘project’ defined for the case organisation. In the real world, a risk management plan requires that a Threat Register / Risk Register exists for the project, and would be far greater in scope and detail than what is being asked of you in this assessment task. For this assessment task, you need to provide a report that generates: · A general risk management plan (1000 words) for the project, including… · The objectives of the ‘project’ and a description of the benefits, hazards and unknown factors for the technology · The process which will be used to identify, analyse, evaluate and treat threats (initially and throughout the project) · The process for identifying an appropriate level of response from the organisation’s management so that threats can be treated · How often the Threat Register will be reviewed, the process for review, and who should be involved in the review · How risk status will be reported and to whom · A specific action plan (1000 words) for treating the project’s current risk rating, including… · The current risk status for the organisation (a quick summary based on your risk assessment from Assessment 1) · The proposed risk treatment(s) that should now be applied to the ‘project’ (using your suggested recommendations from Assessment 1, taking into account the feedback provided by your tutor provided at the end of Week 9) · Identified vulnerabilities to the organisation and/or its objectives · A detailed series of prioritised steps that explain the processes/changes required to treat the evaluated risk for the project · Mechanisms for seeking and acting on feedback from key stakeholders should also be included · Justifications that explain (using risk theory, concepts and standards) why each step and priority is appropriate and how these steps appreciate the vulnerabilities of the organisation and/or its objectives What will be assessed? Assessment 2 covers four assurance of learning (AOL) goals in MGB341: 1. Knowledge Skills (KS1.2), focusing on your ability to use the AS/NZS:5050 to support your plan. a. To do this well, your risk management plan should provide a well-structured report that provides a clear process for managing, reporting and learning from a clearly defined risk management process. 2. Higher Order Thinking (HO2.1), focusing on how you use evidence to justify your assertions and recommendations. a. To do this well, your report should be well-supported by reliable sources of information to inform your assertions for vulnerabilities and recommended changes to organisational processes and/or objectives. Use of Wikipedia and blog posts as information sources will limit the ability of graders to award marks for this criterion. 3. Professional Communication (PC3.1, focusing on your ability to communicate ideas through written formats). a. To do this well, your report should be logically structured with a clearly defined headings structure, be grammatically correct and free of spelling errors, and accurately apply the APA referencing style for in-text and end of report references (please note that bibliographies and footnotes will limit the marks awarded for this criterion). 4. Social, Ethical and Global Understanding (SE5.2, demonstrating and applying knowledge of socially responsible behaviour by accurately justifying your recommendations using international and national standards) a. To do this well, your report should apply the principles and frameworks discussed in the national and international standards discussed in MGB341 (i.e. ISO:31000 and AS/NZS:5050) to support your proposed risk management processes and explain why your recommendations are appropriate. 10 marks will be available for each of the three AOLs in Assessment 2, making a total of 40 marks. What should you do to get started? The tutorial program (weeks 7, 8, 9 and 10) is designed to support your development of the risk management plan. Attending tutorials, while not mandatory, is strongly recommended for those who are working towards passing the unit. Use the above advice in “What you are required to do” to create a draft structure of your report – using the dot points to guide your development of a headings structure for the report task. Bring this with you to each tutorial so that you can actively make notes and revise the structure of your report as you develop your understanding of the task. Please note this is a single document that begins with defining a broad, systematic approach that the project should use for managing risk, that then narrows in scope to focus on the reality of the currently evaluated risk for the project (i.e. the findings of your Assessment 1 risk assessment), and generate clear step-by-step recommendations for the project to deploy your treatments strategy(ies) in a way that is tailored to the vulnerabilities of the organisation and/or its objectives. PowerPoint Presentation Managing Risk Tutorial: 21st April Assessment 2 Briefing www.companyname.com © 2016 Jetfabrik Multipurpose Theme. All Rights Reserved. ‹#› 1 Key inclusions Pro-tips SUMBISSION REQUIREMENTS Reflections on process General feedback (so far) ASSESSMENT 1 DEBRIEF Intent & focus The topic The workflow THE TASK 2 3 1 Tutorial Workflow www.companyname.com © 2016 Jetfabrik Multipurpose Theme. All Rights Reserved. ‹#› 2 Assessment 1 Debrief www.companyname.com © 2016 Jetfabrik Multipurpose Theme. All Rights Reserved. ‹#› 3 How do you feel after completing assessment 1? What questions remain? Do you have more to learn about the organization in focus? What was a sticking point in completing the task? What worked well (or will next time) in your workflow? Assessment 1 Reflections and moving forward www.companyname.com © 2016 Jetfabrik Multipurpose Theme. All Rights Reserved. ‹#› This is a quick discussion based activity to get students talking and thinking critically about their individual assessment processes. Good risk management is about instilling programmatic and continual reflection and learning into organisations. This exercise puts this principle into practice by encouraging students to think critically about their processes that promote and/or get in the way of good practice, with an eye to doing better next time. 4 CTR entries Room for improvement What’s being done well? Videos Room for improvement What’s being done well? Assessment 1 Reflections and moving forward www.companyname.com © 2016 Jetfabrik Multipurpose Theme. All Rights Reserved. ‹#› 5 The Task www.companyname.com © 2016 Jetfabrik Multipurpose Theme. All Rights Reserved. ‹#› 6 Capture and communicate a clear understanding of risk for a particular organization, project, or event Define organizational priorities and processes relevant to managing risk Foster a culture of learning by creating a “living document” for capturing knowledge developed over time for risk Demonstrate to stakeholders that risk has been considered for a particular event, project, context Fulfil due diligence obligations for managing risk The intent of Risk Management Plans Defining management processes for a project or organisation www.companyname.com © 2016 Jetfabrik Multipurpose Theme. All Rights Reserved. ‹#› 7 Identify threats to the project Develop realistic, cost-effective treatment strategies Identify critical resources, activities, inputs and outputs Define ways of identifying threats Attending to the Prevention aspect of the PPRR model The focus of Risk Management Plans Defining management processes for a project or organisation www.companyname.com © 2016 Jetfabrik Multipurpose Theme. All Rights Reserved. ‹#› This slide provides a more granular view of the goals of developing risk management plans. 8 Prevention Reduce or eliminate likelihood and/or consequence Risk management plans Preparedness Resource and train effective response and recovery routines Business impact analysis Response Contain, control, and/or minimize impacts of a disturbance Incident response plans Recovery Reduce disruption to operations and reduce recovery times Recovery plans Reminder: PPRR Prevention; Preparedness; Response; Recovery www.companyname.com © 2016 Jetfabrik Multipurpose Theme. All Rights Reserved. ‹#› The dot points above illustrate how different risk management mechanisms/documents help an organisation think critically and develop different types of plans to cover organisational disturbances. While it would be great to cover all four types of mechanisms/documents mentioned above in detail in this unit, we simply don’t have enough time, and a Masters in risk management would extend into this space. For our unit, we focus on developing a risk management plan template, as this is an exercise often tasked to new members of risk management teams (in larger organisations) and to project managers (in smaller organisations). Developing risk management plans allows students to show off their understanding of the principal risk management theories, standards, and approaches in the workplace, so Assessment 2 is a good primer for the workplace. 9 Context QUT is forging ahead with delivering its higher education programs. Taking your advice (from the CTR) to heart, your manager has asked that you create an initial Risk Management Plan for its undergraduate courses. The initial Risk Management Plan (RMP) needs to focus on creating clear processes for managing and treating risk (general risk management plan) – a template that could be