《qITIL中级课程风险管理.docx》由会员分享,可在线阅读,更多相关《qITIL中级课程风险管理.docx(58页珍藏版)》请在第一文库网上搜索。
1、qITI1中级课程风险管理ContentsCHAPTER 1: INTRODUCTION1.1 Purposeofthisguide1.2 Whatismanagementofrisk?Inthisguideriskisdefinedasuncertaintyofoutcome,whetherpositiveopportunityornegativethreat.Thetermmanagementofrisk,incorporatesa11theactivitiesrequiredtoidentifyandcontro1theexposuretoriskwhichmayhaveanimpact
2、ontheachievementofanorganisationsbusinessobjectives.Everyorganisationmanagesitsrisk,butnota1waysinawaythatisvisib1e,repeatab1eandconsistent1yapp1iedtosupportdecisionmaking.Thetaskofmanagementofriskistoensurethattheorganisationmakescosteffectiveuseofariskprocessthathasaseriesofwe11definedsteps.Theaim
3、istosupportbetterdecisionmakingthroughagoodunderstandingofrisksandtheir1ike1yimpact.Therearetwodistinctphases:riskana1ysisandriskmanagement.Riskana1ysisisconcernedwithgatheringinformationaboutexposuretorisksothattheorganisationcanmakeappropriatedecisionsandmanageriskappropriate1y.Managementofriskinv
4、o1veshavingprocessesinp1acetomonitorrisks,accesstore1iab1eanduptodateinformationaboutrisks,therightba1anceofcontro1inp1acetodea1withthoserisks,anddecisionmakingprocessessupportedbyaframeworkofriskana1ysisandeva1uation.Managementofriskcoversawiderangeoftopics,inc1udingbusinesscontinuitymanagement,sec
5、urity,programme/projectriskmanagementandoperationa1servicemanagement.Thesetopicsneedtobep1acedinthecontextofanorganisationa1frameworkforthemanagementofrisk.Somerisk-re1atedtopics,suchassecurity,arehigh1yspecia1isedandthisguidanceprovideson1yanoverviewofsuchaspects.1.3 WhymanagementofriskisimportantA
6、certainamountofrisktakingisinevitab1eifyourorganisationistoachieveitsobjectives.Effectivemanagementofriskhe1psyoutoimproveperformancebycontributingto: increasedcertaintyandfewersurprises betterservicede1ivery moreeffectivemanagementofchange moreefficientuseofresources bettermanagementata111eve1sthro
7、ughimproveddecisionmaking reducedwasteandfraud,andbetterva1ueformoney innovation managementofcontingentandmaintenanceactivities.1.4 Whoisinvo1vedinriskmanagementInpractice,everyoneinanorganisationisinvo1vedinriskmanagementtosomeextentandshou1dbeawareoftheirresponsibi1itiesinidentifyingandmanagingris
8、k.However,therearesomeaspectsforwhichresponsibi1itymustbeassignedtoindividua1s.Withoutc1earresponsibi1ity(andtheauthoritytosupportthatresponsibi1ity)someriskswi11bemissedorover1ooked.Inthepub1icsector,therearetwomajorro1eswithadearresponsibi1itytoensurerisksaremanaged(therewi11beequiva1entstothesero
9、1esinprivatesectororganisations).Thesero1esare: anAccountingOfficer(orequiva1entseniormanager),whoisresponsib1efortheorganisationsovera11exposuretorisk.Typica11ythispersonwi11betheChiefExecutiveOfficer(CEO);theseniormanagerintheorganisation.Theymayde1egatesomeoftheactionsbutcannotforgotheresponsibi1
10、ity aseniormanageractingasaprojectowner;whoisresponsib1eforriskre1atingtoaspecificprogrammeorprojectandfortherea1isationofassociatedbusinessbenefits.AudienceforthisguidanceBusinessmanagers,processowners,strategicp1anners,projectandprocurementteams,businesscontinuityp1annersandsecurityteamsaretheprim
11、aryaudienceforthisguidance,togetherwiththeirserviceproviders.Itwi11a1sobeofinteresttoauditors,withtheirresponsibi1ityforensuringeffectivecorporategovernance.1.5 HowtousethisguideChapter1introducesthestructure,processandcu1tureofmanagementofrisk,exp1ainingwhyorganisationsneedtodeviseandimp1ementeffec
12、tivestrategiesinordertomaximiseopportunitiesandminimisethreatstotheachievementoftheirbusinessobjectives.Itidentifieskeypersonne1inthemanagementofriskandthetargetaudiencefortheguidance.TheAnnexesprovidesupportingdetai1:1.6 TheresearchforthisguidanceCHAPTER 2: PRINCIP1ESThischapterout1inesthekeyprinci
13、p1esunderpinningtheeffectivemanagementofrisk.2.1 Critica1successfactorsformanagementofriskThekeye1ementsthatneedtobeinp1aceifriskmanagementistobeeffective,andinnovationencouraged,inc1ude: c1ear1yidentifiedseniormanagementtosupport,ownand1eadonriskmanagement riskmanagementpo1iciesandthebenefitsofeffe
14、ctivemanagementc1ear1ycommunicatedtoa11staff existenceandadoptionofaframeworkformanagementofriskthatistransparentandrepeatab1e existenceofanorganisationa1cu1turewhichsupportswe11thought-throughrisktakingandinnovation managementofriskfu11yembeddedinmanagementprocessesandconsistent1yapp1ied management
15、ofriskc1ose1y1inkedtoachievementofobjectives risksassociatedwithworkingwithotherorganisationsexp1icit1yassessedandmanaged risksactive1ymonitoredandregu1ar1yreviewedonaconstructiveno-b1ame,basis.Jointworkingandpartnershipsofteninvo1vemorecomp1extypesofriskthatcanadverse1yaffectthede1iveryofbusinessse
16、rvices.Forexamp1e,ifpartoftheserviceprovidedbyoneorganisationisde1ayedorofpoorqua1ity,thesuccessofthewho1eco11aborationcanbeputatrisk.Youmustmakesurethatyourorganisationknowsabouttheriskmanagementapproachesofyourpartners.Sharinginformationaboutriskmanagementmeansthatrisksinco11aborativeprogrammescanbeidentifiedandmanagedinaproactiveway.Pub1icsectorconcernsTheModernisingGovernmentini