skip to navigation skip to content skip to footer

Defence Estate Quality Management System (DEQMS) Davis Langdon Certification Services

ID Risk Management - 2.0 Assess Project Risk

2.1 Risk Owner

Risk & Compliance Elements Data Element Data

SAP Image

  • 2.1 - Assess Rick Record
    • Risk owner opens SAP and accesses the risk record.
  • 2.2 - Conduct Risk Shell Quality Review
    • The Risk owner reviews the risk shell for completeness and accuracy.
    • The Risk Owner should check that:
      • An appropriate Risk Owner has been assigned to the risk
      • Risk Name is appropriate and conforms to Business Unit naming conventions
      • The correct organisation unit has been selected (noting that non project risks should be raised to the Branch Risk Register)
      • An appropriate Risk Category has been selected
      • Identified Drivers and Impacts are comprehensive and correctly articulated
  • Does Risk Shell pass review? SAP Image
    • if YES, continue to Step 2.11
    • if NO, continue to Step 2.3
  • 2.3 - Notify BURM by email
    • The Risk owner notifies the BURM by email that the Risk Shell did not pass Quality Review.
    • The Risk Owner should note the reason and if the risk should be resubmitted or closed.

Business Unit Risk Manager

BURM decides if Risk is to be ResubmittedSAP Image

  • If NO, continue to step 2.8
  • If YES, is input required from Risk Originator SAP Image
    • if YES, continue to step 2.4
    • if NO, continute to step 2.6

Off System

  • 2.4 -Request Additional Information from Risk Originator
    • BURM takes corrective action as per instructions from the Risk Owner.
      • continue to step 2.5 (Risk Originator)

SAP Image

  • 2.6 - Update Risk Shell
    • BURM takes corrective action as per instructions from the Risk Owner and/or Risk Originator.
  • 2.7 - Notify Risk Owner (Risk Planner Function and Email)
    • BURM uses the planner function to advise Risk Owner of action required. Follows up with DRN email.
    • NOTE: This step triggers a system workflow.
      • contniue to step 2.1
  • 2.8 - Document Reason for Rejection
    • BURM adds notes to the risk record on SAP and attached any relevant documentation (including the email received from the Risk Owner requesting the risk be closed).
  • 2.9 - Close Risk
    • Risk is closed on SAP. To close a Risk Record on SAP the "Valid to" date should be changed to the correct date

Off System

  • 2.10 - Notify Risk Originator by Email
    • The Risk Originator is notified that the risk has been closed and rationale behind closure.
      • Process Ends

Risk Originator

Risk & Compliance Elements Data Element Data

Off System

  • 2.5 - Provide Additional Information by Email
    • Risk Originator provides clarification where required.
    • continue to step 2.6

Risk Owner

Risk & Compliance Elements Data Element Data

SAP Image

  • 2.11 - The risk owner undertakes an inherent risk assessment.
    • NOTE: When assessing likelihood and consequence of the risk event the Risk Owner must use the  likelihood and consequence definitions contained in the E&IG Risk Management Process.
  • 2.12 - Identify Risk Response Actions
    • Once the inherent risk assessment is completed the Response plan is initiated in SAP to include any existing controls and planned treatments.
    • NOTE: Existing controls and planned treatments are all referred to as 'Responses' in SAP.
  • 2.13 - The risk owner undertakes a Residual Risk Assessment.
    • NOTE: When conducting the residual risk assessment the "Qualitative" Analysis Method should be used and the residual risk rating should be overwritten to reflect a rating consistent with the Risk Matrix in the E&IG Risk Management Process. The "Qualitative" Analysis method is also appropriate for the "Financial" Impact category.
  • Is escalation required for the risk SAP Image
    • if YES, contniue to step 2.14
    • if NO, continue to step 2.15

Off System

  • 2.14 - Risk Owner prepares brief to the appropriate level.
    • continue to step 2.15

SAP Image

  • 2.15 - Risk Owner assigns owner(s) to the Response Plan(s)
    • NOTE: The Risk Owner must consult with the Response Owner(s) prior to assigning them the risk response.
  • 2.16 -Risk Owner uses the planner function to advise Response Owner(s) of action required. Follows up with DRN email.
    • NOTE: This step triggers a system workflow.

Continue to 3.0 Monitor and Review Risk