RISK
What has been managed & NEW RISKS
Business strateg
%usiness, sales' No suiable and deailed enoug0, poorly communicaed and implemened, poorly adaped o c0anges
Compeon
Aggressive competton, argetng argetng AAA on purpose
Costs o* #onsumables and re#hargeables
ncrease by a"es, driven up by competor Ne& c0emicals re)uired *ie ecological+
Customer segments at risk
(0anges in mare - s&ic0ing over o F# companies, going in 0ouse, leaving premises, reducton of cusomers business
Impa#t on "S! business
(robabilit o* happening
Control rang
Residual risk rang Measures taken
3
1
1
3
3
2
2
12
2
2
1
4
2
1
2
4
1
2
6
!raud !unding
Financial losses, cour proceedings
3
For sar-up, oo long paymen period
2
2
1
4
"eographi#al #o$erage
No provided for successful bid
2
1
1
2
3
3
2
1
I%
/pgrading cosly, curren programmes no up o sandard 5 mare needs, no compatble &i0 e"istng sysems Available or no in 0ouse, contnually improved *or no+, can be safely ousourced for large proecs, ec
2
3
2
12
Knoledge base 'egislaon
!a", N#$, ec
2
2
2
2
2
2
(artnerships
ie 777 - AAA don8 0ave 0e freedom in pricing, resriced business &i0 o0er cliens, forced use of suppliers
9oss of ey sa: *;ead 0uned, leave for o0er reasons+ and no
3
2
2
12
(eople (ri#es dri$en don
%y F#, cliens, competors, for cerain services 5 all services
3
3
2
1
(rodu#t risks
=elying on one main service, no innovatve enoug0, no capaciy
3
2
2
12
2
3
2
12
3
3
2
1
)ualit o* internal sstems and rocedures no up o dae, no rig0, no cummunicaed o all, no being follo&ed pro#esses ervice )ualiy dropping belo& 9A due o sa: urnover, urnover, poor m anagemen, clien inerfering &i0 sa:, sa:, if ousourced - can be a:eced by )ualiy of services delivered by suppliers
)ualit o* ser$i#es Reputaon damage
%y o&n actons or by 3rd pary, deliberaely
2
1
2
4
S#hedules o* authorit
omeone &i0 lesser au0oriy signs conrac 0a is no bene.cial o AAA
1
2
3
6
u AAA a ris due o poor performance, lac of capabiliy o deliver services, approac0ing clien direcly, driving up prices
2
3
1
6
Suppliers
AAA don8 use laes ec0nologies, clien < si>e< is no enoug0 o pay for ec0nologies by clien pus pressure on AAA
2
3
2
12
%e#hnologi#al #hanges Weather
(leaners canno ge o &or ame &i0 ?#, also oo dangerous o &or on sies
2
2
2
3' (ritcal
3' Fre)uenly *1 " pa+
3' oor conrols
2' erious
2' robable *min 1 " every 3 years+
2' @ucome no guaraeed
1' igni.can
1' =emoe *1 " in more 0an 3 years+
1' /nder conrol
Deadlines
Responsibilies
12 and over
31121B
?F 9 =is mari", curren
=ef
RISK
Comments
Impa#t on "S! business
(robabilit o* happening
Control rang
Residual risk rang
=1 =2
=3 =4 =C =6 =B = =D = 1 = 11 = 12 = 13 = 14 = 1C
= 16
= 1B
= 1
= 1D
= 2
= 21
3' (ritcal
3' Fre)uenly *1 " pa+
3' oor c onrols
31121B
?F 9 =is mari", curren
=ef
RISK
Impa#t on "S! business
Comments
(robabilit o* happening
Control rang
Residual risk rang
=1 =2
=3 =4 =C =6 =B = =D = 1 = 11 = 12 = 13 = 14 = 1C
= 16
= 1B
= 1
= 1D
= 2
= 21
3' (ritcal
3' Fre)uenly *1 " pa+
3' oor c onrols
2' erious
2' robable *min 1 " every 3 years+
2' @ucome no guaraeed
1' igni.can
1' =emoe *1 " in more 0an 3 years+
1' /nder conrol
?F 9 =is mari", curren
Measures taken
12 and over
Deadlines
Responsibilies
31121B
?F 9 =is mari", curren
Measures taken
12 and over
Deadlines
Responsibilies
31121B
RISK +o has been managed +&S manager not aare about risk,s e-isng on a par#ular site thus risk,s not addressed .ps managers not aare o* risks/ there*ore #annot in*orm +&S Manager and re0uest to address 1ne risks due to on site a#$ies/ poor knoledge o* site2
+&S Manager has no knoledge to per#ei$e something as risk and address a##ordingl
Risks not addressed #ompletel or parall b .ps as per instru#ons *rom +&S Manager Risk,s #aused b sta3 beha$iour 1human
Impa#t on "S! business
RISK +o has been managed +&S manager not aare about risk,s e-isng on a par#ular site thus risk,s not addressed
Impa#t on "S! business
.ps managers not aare o* risks/ there*ore #annot in*orm +&S Manager and re0uest to address 1ne risks due to on site a#$ies/ poor knoledge o* site2
+&S Manager has no knoledge to per#ei$e something as risk and address a##ordingl
Risks not addressed #ompletel or parall b .ps as per instru#ons *rom +&S Manager Risk,s #aused b sta3 beha$iour 1human *a#tor2 4##idents/ in#idents/ near misses reported late or not reported +igher +&S risk might need to be taken due to #ommer#ial reasons Non5#omplian#e ith re0uirements o* .+S4S 67886 standard 1eakness o* sstem/ issues ith re5a##reditaon o* .+SMS/ issues ith #ompling ith sa*et s#hemes/ issues ith #ompling ith #lients9 re0uirements2 Non5#omplian#e ith re0uirements o* IS. :886 standard 1eakness o* sstem/ issues ith re5a##reditaon o* )MS/ issues ith #ompling ith on pro#edures2
Non5#omplian#e ith re0uirements o* IS. 6;886 standard 1eakness o* sstem/ issues ith re5a##reditaon o* EMS/ issues ith #ompling ith on pro#edures and #lients9 re0uirements2 NEW RISK 3' (ritcal
2' erious 1' igni.can
(robabilit o* happening
3' Fre)uenly *1 " pa+
Control rang
3' oor conrols
Residual risk rang Measures taken
12 and over
Deadlines
2' robable *min 1 " every 3 years+
2' @ucome no guaraeed
1' =emoe *1 " in more 0an 3 years+
1' /nder conrol
Responsibilies
