Back

M_o_R® Risk Management

Home

SPOCE Mobile Learning Resource - www.spoce.comM_o_R® - INTRODUCTION


M_o_R Overview

M_o_R - ATO LogoThe Management of Risk (M_o_R) Guide is intended to help organisations put in place an effective framework for risk management, helping decision making based on risks that affect strategic, programme, project and operational objectives.

The M_o_R framework is based on the following four core concepts.

  1. M_o_R Principles
  2. M_o_R Approach
  3. M_o_R Process
  4. Embedding and reviewing M_o_R


I. M_o_R Principles

Principles are universally applicable statements that provide guidance to organisations as they design an appropriate approach to risk management as part of their internal controls. There are eight principles in the M_o_R guide. The first seven are enablers, and the final principle is a result of implementing risk management well.

  1. Aligns with objectives
  2. Fits the context
  3. Engages stakeholders
  4. Provides clear guidance
  5. Informs decision-making
  6. Facilitates continual improvement
  7. Creates a supportive culture
  8. Achieves measurable value


II. M_o_R approach

An organisation's approach to the principles needs to be agreed and defined. This approach should be defined within a set of documentation, including:

  • Risk management policy - to communicate why and how risk management will be implemented throughout the organisation
  • Risk management process guide - to describe how the M_o_R process steps (identify, assess, plan, implement) will be carried out in the organisation
  • Risk management strategies - A risk management strategy describes the specific risk management activities that will be undertaken for a particular organisational activity

In support of the above, the use of the following should be utilised to support the risk management approach:

  • Records - to capture information (Risk register; Issue register)
  • Plans - to plan risk response activity (Risk improvement plan; Risk communication plan; Risk response plan)
  • Reports - to communicate information on risk (Risk progress report)


III. M_o_R Process

The process is divided into four main steps.

  1. Identify
  2. Assess
  3. Plan
  4. Implement

1. Identify

This step consists of two main areas:
  • Identify context
  • Identify risks

Identify Context is to obtain information about the planned activity and how it fits into the wider organisation, understanding the activity objective, scope, assumptions, constraints, stakeholders, environment and approach to risk management.

Identify Risks is to identify the risks to the activity with the aim of minimising the threats while maximising the opportunities, and includes:

  • identifying threats and opportunities
  • preparing a risk register
  • preparing key performance indicators and early warning indicators
  • understanding the stakeholder's view of the risks

2. Assess

This step consists of two main areas:
  • Assess - estimate
  • Assess - evaluate

Assess - estimate is concerned with understanding the probability (likelihood) and the impact (consequence) of each risk. Proximity (i.e. when the risk will occur) will also be considered. A number of risk techniques are outlined in the M_o_R guide including:
  • probability assessment
  • impact assessment
  • proximity assessment
  • expected value assessment

Assess - evaluate is concerned with understanding the exposure faced by looking at the risks both individually, and as an aggregated threat to the activity. A number of techniques are outlined in the M_o_R guide, including:
  • summary risk profiles
  • summary expected value assessment
  • probability risk models
  • probability trees
  • sensitivity analysis

3. Plan

This step is to prepare specific management responses to the threats and opportunities identified. The actions in this step include
  • identifying and planning responses to each risk identified
  • identifying an owner for each risk identified
  • identifying risk actionees for each risk identified
  • maintaining information in the Risk Register
  • creating and maintaining Risk Response Plans

    4. Implement

    The Implement step is to ensure that the planned risk management actions are implemented and that the planned actions are having the desired effect. Corrective action should be taken to plans where the responses are meeting the expectations.


    Throughout the process effective communication is essential to ensure that the process continues to be in line with the policy, strategies and plans.


    IV. Embedding and reviewing M_o_R

    Having put in place an approach and process that satisfy the principles, an organisation should ensure that they are consistently applied across the organisation and that their application undergoes continual improvement in order for them to be effective.


    M_o_R®, MSP® & PRINCE2® are registered trademarks of the Cabinet Office (# erstwhile OGC - Office of Government Commerce).

    Back

    M_o_R® Qualifications

    Home

    SPOCE Mobile Learning Resource - www.spoce.comM_o_R® Qualifications & Certifications

    M_o_R - ATO Logo

    I. M_o_R Foundation Certificate

    The Foundation level is aiming to measure whether a candidate would be able to act as an informed member of a management team using the M_o_R method within an environment supporting M_o_R. more info >>

    II. M_o_R Practitioner Certificate

    The Practitioner level is aiming to measure whether a candidate could apply M_o_R within an environment supporting M_o_R. more info >>



    III. M_o_R Re-Registration (Practitioner)

    The Re-Registration exam should be taken by M_o_R Practitioners within 3-5 years of their original certification to demonstrate their recency of knowledge and commitment to Continuing Professional Development. more info >>


    M_o_R®, MSP® & PRINCE2® are registered trademarks of the Cabinet Office (# erstwhile OGC - Office of Government Commerce).