Skip to main content

Risk Review Meeting Process

This runbook outlines the process for conducting a risk review meeting for the Operations Engineering team. The risk review meeting is a recurring meeting where the team reviews the risk register and discusses any changes or updates.

Frequency

  • Suggested Frequency: Monthly.

Pre-Meeting Preparation

  1. Ensure the risk register is updated with the latest information.
  2. Assign team members to review specific risks or sections of the risk register in advance.
  3. Create an agenda based on the updated risk register and any new risks identified since the last meeting.

Participants

  • Operations Engineering Team Members
  • Any Stakeholder or Subject Matter Expert relevant to specific risks

Using the Risk Register

  • Access and Familiarity: Ensure all participants have access to and are familiar with the risk register.
  • Structure: The risk register includes columns for Risk ID, Description, Likelihood, Impact, Risk Score, Mitigation Strategy, Owner, and Review Date.
  • Updating Information: During the meeting, update the risk register in real time to reflect discussions, decisions, and changes.
  • Risk Scoring: Use the Likelihood and Impact scores to calculate the Risk Score, which helps prioritise risks.
  • Review Dates: Pay special attention to risks with overdue review dates, as highlighted by the conditional formatting in the register.
  • Actionable Insights: Discuss actionable insights and decisions affecting risk register entries.

Measuring Likelihood and Impact of Risks

To effectively assess and prioritise risks, we use a systematic approach to measure both the likelihood and impact of each identified risk. This approach involves assigning scores on a scale of 1 to 5 for both likelihood and impact, and then calculating a risk score to determine the overall severity of the risk.

Likelihood Scale:

  1. Very Low (1): The risk is unlikely to occur.
  2. Low (2): There is a small chance that the risk will occur.
  3. Moderate (3): There is a moderate chance of the risk occurring.
  4. High (4): The risk is likely to occur.
  5. Very High (5): The risk is almost certain to occur.

Impact Scale:

  1. Very Low (1): Impact is negligible or minimal.
  2. Low (2): Impact is minor and can be managed with ease.
  3. Moderate (3): Impact is noticeable and requires management attention.
  4. High (4): Impact is significant and may require substantial resources to manage.
  5. Very High (5): Impact is severe and critical to address.

Risk Score Calculation:

The risk score is calculated by multiplying the Likelihood score by the Impact score.

Risk Score = Likelihood Score × Impact Score

Risk Level Determination:

  • Low Risk: Scores 1-10
  • Moderate Risk: Scores 11-15
  • High Risk: Scores above 15

A risk with a score above 15 should be highlighted as a high risk, warranting immediate attention and action.

Example:

If a risk has a likelihood of 4 (High) and an impact of 4 (High), its risk score would be:

Risk Score = 4 (Likelihood) × 4 (Impact) = 16

Since the score is above 15, this risk would be categorised as high and highlighted for priority action.

Meeting Structure

1. Opening Remarks (5 min)

Brief overview of the meeting’s objectives and confirmation of the agenda.

2. Review of Risk Register (30-45 min)

  • High-Risk Items: Start with the most critical risks. Discuss mitigation strategies and progress.

  • Newly Identified Risks: Introduce and assess any new risks.

  • Ongoing and Medium/Low-Risk Items: Review for any changes in status or required actions.

  • Closed Risks: Acknowledge any resolved risks.

3. Discussion and Analysis (15-20 min)

Discuss emerging trends or patterns in the risk register and analyse the effectiveness of current mitigation strategies.

4. Action Items and Assignments (10 min)

Assign responsibility for each risk’s mitigation strategy and follow-up actions.

5. Review and Update of Review Dates (5 min)

Update the review dates for each risk and discuss any risks nearing the review period.

6. Next Steps and Closing (5 min)

Summarise the meeting outcomes and next steps.

Tracking and Actioning Risk Review Items

To ensure that all actions identified in the risk review meetings are captured and followed through effectively, a dedicated tab called ‘Actions’ has been added to our risk review spreadsheet. This tab is designed to improve the tracking, accountability, and completion of action items.

Benefits:

  • Improved accountability and visibility of action items.
  • Ensures that risk-related actions are not overlooked.
  • Provides a historical record of actions taken in response to identified risks.

Post-Meeting Actions

  1. Update the risk register with any changes or new information.
  2. Share the meeting minutes with all participants and relevant stakeholders, including action items and deadlines.
  3. Ensure follow-up on assigned actions and prepare for interim reviews if needed.
This page was last reviewed on 22 October 2024. It needs to be reviewed again on 22 January 2025 by the page owner #operations-engineering-alerts .