A deconstruction of the UK Governments guide about the concepts of Risk Management – Commonly known as the Orange Book
The full version is available here
Initially identify risks, then review them frequently
Risks are assigned to owners who manage them
Risks are identified to the point where specific actions can be identified to treat the risk
A Risk assessment is more Art than Science
Process to identify likelihood and impact for specific risks
Risks must be considered both as the likelihood and the impact
Tolerance levels
Inherent risk
Risk profile
Highest priority risks should be regularly monitored
Risk Appetite
Cost, not just financial costs Vs risk reduction
Contingency plan for unavoidable risks
Addressing Risks – See this page for a Risk Assessment Flow Chart
Tolerate – Live with it
Treat – Do something to reduce it
Transfer – Pass the Risk onto someone else
Terminate – Stop doing it
Preventative Controls – Majority of actions, aimed to limit the possibility of Risk realization
Corrective Controls – What to do if Risk is realized
Directive Controls – Rules put in place to stop Risk from being realized. Hot oven? Wear oven gloves.
Detective Controls – “After the event” actions. Proportional to the Risk
Reviewing Risks
Monitor to see if Risk level has changed
Check that Risk strategy is still effective
Does the Risk still exist?
Communication is the key to identifying Risk changes or new Risks
No Man is an Island
External Risks – Can’t reduce them, Contingency plan required
Laws and regulations have an effect
Economy both local and international has an effect
Terms
Summary
Article Name
What is the Orange Book for Risk Assessments
Description
A deconstruction of the UK Governments guide about the concepts of Risk Management - Commonly known as the Orange Book
Author
Mark WH
Publisher Name
OIC Solutions