Orange Book Risks.pdf
In recent years all sectors of the economy have focused on management of risk as the key to making organisations successful in delivering their objectives whilst protecting the interests of their stakeholders. Risk is uncertainty of outcome, and good risk management allows an organisation to: - have increased confidence in achieving its desired outcomes; - effectively constrain threats to acceptable levels; and - take informed decisions about exploiting opportunities. Good risk management also allows stakeholders to have increased confidence in the organisation’s corporate governance and ability to deliver. In central government a number of reports, particularly the National Audit Office’s 2000 report “Supporting innovation – managing risk in government departments” and the Strategy Unit 2002 report “Risk – improving government’s capacity to handle risk and uncertainty”, have driven forward the risk management agenda and the development of Statements on Internal Control. In 2001 Treasury produced “Management of Risk – A Strategic Overview” which rapidly became known as the Orange Book. That publication provided a basic introduction to the concepts of risk management that proved very popular as a resource for developing and implementing risk management processes in government organisations. This publication is the successor to the 2001 “Orange Book”. It continues to provide broad based general guidance on the principles of risk management, but has been enhanced to reflect the lessons we have all been learning about risk management through the experience of the last few years. It should be read and used in conjunction with other relevant advice such as the “Green Book” which contains specific advice on “Appraisal and Evaluation in Central Government”, the Office of Government Commerce’s “Management of Risk” which provides more detailed guidance on the practical application of the principles and concepts contained in this publication, and guidance provided by the Treasury’s Risk Support Team as part of “The Risk Programme”. Wherever possible links and references have been provided to additional resources which explore the Orange Book concepts in more detail. Perhaps the most significant shift since the publication of the 2001 “Orange Book” is that all government organisations now have basic risk management processes in place. This means that the main risk management challenge does not now lie in the initial identification and analysis of risk and the development of the risk management process, but rather in the ongoing review and improvement of risk management. This guidance aims to reflect that – for instance, it now includes guidance on issues such as “horizon scanning” for changes affecting the organisation’s risk profile. It also focuses on both internal processes for risk management and consideration of the organisation’s risk management in relation to the wider environment in which it functions.