Back

M_o_R® Risk Management

M_o_R® - INTRODUCTION

M_o_R Overview

M_o_R - ATO Logo The Management of Risk (M_o_R) Guide is intended to help organisations put in place an effective framework for risk management, helping decision making based on risks that affect strategic, programme, project and operational objectives.

The M_o_R framework is based on the following four core concepts.

M_o_R Principles
M_o_R Approach
M_o_R Process
Embedding and reviewing M_o_R

I. M_o_R Principles

Principles are universally applicable statements that provide guidance to organisations as they design an appropriate approach to risk management as part of their internal controls. There are eight principles in the M_o_R guide. The first seven are enablers, and the final principle is a result of implementing risk management well.

Aligns with objectives
Fits the context
Engages stakeholders
Provides clear guidance
Informs decision-making
Facilitates continual improvement
Creates a supportive culture
Achieves measurable value

II. M_o_R approach

An organisation's approach to the principles needs to be agreed and defined. This approach should be defined within a set of documentation, including:

Risk management policy - to communicate why and how risk management will be implemented throughout the organisation
Risk management process guide - to describe how the M_o_R process steps (identify, assess, plan, implement) will be carried out in the organisation
Risk management strategies - A risk management strategy describes the specific risk management activities that will be undertaken for a particular organisational activity

In support of the above, the use of the following should be utilised to support the risk management approach:

Records - to capture information (Risk register; Issue register)
Plans - to plan risk response activity (Risk improvement plan; Risk communication plan; Risk response plan)
Reports - to communicate information on risk (Risk progress report)

III. M_o_R Process

The process is divided into four main steps.

Identify
Assess
Plan
Implement

1. Identify

This step consists of two main areas:

Identify context
Identify risks

Identify Context is to obtain information about the planned activity and how it fits into the wider organisation, understanding the activity objective, scope, assumptions, constraints, stakeholders, environment and approach to risk management.

Identify Risks is to identify the risks to the activity with the aim of minimising the threats while maximising the opportunities, and includes:

identifying threats and opportunities
preparing a risk register
preparing key performance indicators and early warning indicators
understanding the stakeholder's view of the risks

2. Assess

This step consists of two main areas:

Assess - estimate
Assess - evaluate

Assess - estimate is concerned with understanding the probability (likelihood) and the impact (consequence) of each risk. Proximity (i.e. when the risk will occur) will also be considered. A number of risk techniques are outlined in the M_o_R guide including:

probability assessment
impact assessment
proximity assessment
expected value assessment

Assess - evaluate is concerned with understanding the exposure faced by looking at the risks both individually, and as an aggregated threat to the activity. A number of techniques are outlined in the M_o_R guide, including:

summary risk profiles
summary expected value assessment
probability risk models
probability trees
sensitivity analysis

3. Plan

This step is to prepare specific management responses to the threats and opportunities identified. The actions in this step include

identifying and planning responses to each risk identified
identifying an owner for each risk identified
identifying risk actionees for each risk identified
maintaining information in the Risk Register
creating and maintaining Risk Response Plans

4. Implement

The Implement step is to ensure that the planned risk management actions are implemented and that the planned actions are having the desired effect. Corrective action should be taken to plans where the responses are meeting the expectations.

Throughout the process effective communication is essential to ensure that the process continues to be in line with the policy, strategies and plans.

IV. Embedding and reviewing M_o_R

Having put in place an approach and process that satisfy the principles, an organisation should ensure that they are consistently applied across the organisation and that their application undergoes continual improvement in order for them to be effective.

M_o_R®, MSP® & PRINCE2® are registered trademarks of the Cabinet Office (# erstwhile OGC - Office of Government Commerce).

More in this section

Back

M_o_R® Qualifications

Home

M_o_R® Qualifications & Certifications

I. M_o_R Foundation Certificate

The Foundation level is aiming to measure whether a candidate would be able to act as an informed member of a management team using the M_o_R method within an environment supporting M_o_R. more info >>

II. M_o_R Practitioner Certificate

The Practitioner level is aiming to measure whether a candidate could apply M_o_R within an environment supporting M_o_R. more info >>

III. M_o_R Re-Registration (Practitioner)

The Re-Registration exam should be taken by M_o_R Practitioners within 3-5 years of their original certification to demonstrate their recency of knowledge and commitment to Continuing Professional Development. more info >>

M_o_R®, MSP® & PRINCE2® are registered trademarks of the Cabinet Office (# erstwhile OGC - Office of Government Commerce).