Talk:Risk Register

From Wikimedia UK
Revision as of 13:33, 21 February 2013 by Tango (talk | contribs) (→‎Risk not to be monitored quarterly: looks like two risks have been incorrectly position on the register)
Jump to navigation Jump to search

Managing risk

This is a document that has emerged from a slow gestation. The board is keen for the community to have access to our risk register and statements. It will be reviewed by staff quarterly with a report to the board on the top five risks, or more should I consider there to be more.

It fits alongside the annual programme and work plan which is also going to be reported quarterly.

Any comments that will help this process welcome. Jon Davies WMUK (talk) 09:35, 19 February 2013 (UTC)

Can you clarify, is this a proposal from the staff to the board, or is this the final approved policy? The introduction only mentioned the board's request for the staff to prepare a first draft, it doesn't mention the board discussing it. It was in your report for the recent board meeting, but doesn't seem to have been on the agenda (the minutes aren't up yet). --Tango (talk) 12:50, 19 February 2013 (UTC)
It is a long document and it is possible that I did not fully update it to reflect the board decision - can you point to where this is please if you remember - many thanks in advance. Jon Davies (WMUK) (talk) 14:21, 19 February 2013 (UTC)
I just meant the introduction. It talks about the board requesting it and the staff preparing it, but then the story abruptly finishes. It just needs another sentence saying the board discussed it at their meeting on whatever date it was, amended it as they saw fit and then adopted it as formal policy. I have no idea is the changes they agreed to make were made, since I wasn't at the meeting. --Tango (talk) 17:31, 19 February 2013 (UTC)
Will do - we missed you - where were you? Jon Davies (WMUK) (talk) 17:50, 19 February 2013 (UTC)
I was doing coursework, unfortunately... The bit you've changed was right the first time! You're getting confused between the November 2012 meeting, where the board asked the staff to prepare something, and the February 2013 meeting where the board approved what the staff had prepared. --Tango (talk) 18:58, 19 February 2013 (UTC)
Hi Tom, it was discussed and agreed at the Board meeting (though you're right the document isn't updated to reflect this). The Land (talk) 14:13, 19 February 2013 (UTC)
Again, Myself and a volunteer went through it but if there are places that it is not updated please let me know. Thanks Jon Davies (WMUK) (talk) 14:21, 19 February 2013 (UTC)
Hi Tom, I would like to see slightly more precision here that will align with the board minutes when you see them published. The board did vote on the 9th February with respect to the Risk Register, however the draft minutes tell me that the board of trustees did not just agree, we actually voted on a more complex statement than just approving this Register, and during the vote 3 trustees supported the statement, 1 voted against and 1 abstained. I'm afraid I cannot advise you as to when the draft minutes will be moved from the office wiki to a public view. Thanks -- (talk) 18:43, 19 February 2013 (UTC)

Visualisation

I have often found that a 5 x 5 grid, with red to show high values and green to show low values is helpful. This does appear in the document, but perhaps should be applied to tables such as "RISKS TO BE MONITORED QUARTERLY" Gordo (talk) 09:47, 19 February 2013 (UTC)

I agree. This has been prepared using a grid approach, so it might as well be presented that way. I would also suggest expanding the current 3x3 grid to a 5x5 grid when this is reviewed next year - that allows for a little more subtlety. Having all low probability events in lowest category regardless of potential impact is obviously not ideal - if "low" means "once in a century", then that may be fine, but when you only have three categories of probability "low" must mean quite a bit more likely that that (see my comments on quantification below). --Tango (talk) 13:00, 19 February 2013 (UTC)
I LOVE grids and use them on the original document. Thanks to Rexx the document s as lovely as it is. At annual revision will share the original document all being well.

Jon Davies (WMUK) (talk) 14:23, 19 February 2013 (UTC)

Quantification

I haven't had time to read through all the individual risks, but the general structure and approach looks good. My suggestion for when this is reviewed in a year's time is that you try and incorporate more quantification in terms of impact, probability and time horizons (more emphasis on time horizons is needed too - they are mentioned, but only in passing). Quantifying things can be very difficult (especially when your goals aren't profit based - most of your risks can't be quantified simply in money terms like they can for a for-profit business) so I don't think you should delay implementing this policy for it, but it will need to be introduced over time as you get used to thinking about risks and start taking more sophisticated approaches towards them. --Tango (talk) 12:55, 19 February 2013 (UTC)

FOI

I'm aware that we are subject to the Data Protection Act and therefore might receive Subject Access requests, but does the Freedom of Information Act actually cover charities like us or are we voluntarily being this open? WereSpielChequers (talk) 18:52, 19 February 2013 (UTC)

It fits our Values to be this open. The FOI does not apply as we are not a public authority, I have made this point in the past by email, but it has not been picked up to change this document, I suggest it is to avoid any confusion. Thanks -- (talk) 18:56, 19 February 2013 (UTC)
I'm very happy that we have opted in to the Freedom of Information Act, but yes it would make sense to say that this was our choice. WereSpielChequers (talk) 19:08, 19 February 2013 (UTC)

Hi All - yes, quite right, we're not subject to FOI as a charity per say (for those of you with time to spare, the act lists the organisations by name and type it does apply to: http://www.legislation.gov.uk/ukpga/2000/36/schedule/1) However, it's worth nothing that through partnership work with local and parish councils, schools, or statutorily funded bodies/institutions this would apply to documentation regarding, for example, negotiations around WiRs, discussions about project work, funding agreements (whether them donating to us, or us granting to them) etc etc. So, as WSC says, its a good thing we're happy to uphold the same principles to the same standards as a matter of course :-) Katherine Bavage (WMUK) (talk) 12:08, 21 February 2013 (UTC)

Incidents at Events

We hold a number of events each year, some public, some invitation only, some limited to people who signup and some open to all. Some of the attendees have been legally minors, some of our critics and at least one banned editor have attended events or signed up to attend them. Wikipedia gets a steady stream of controversial editors and the UK probably has its fair share of the millions of editors who have been blocked or had their work deleted. So I suggest that one risk which should be on the list is the risk of an incident occurring at one of our events. WereSpielChequers (talk) 18:52, 19 February 2013 (UTC)

We've got a banned editor who keeps turning up to board meetings! ;) --Tango (talk) 19:01, 19 February 2013 (UTC)
Oh I wasn't thinking of that case, I was thinking of people whose bans were justified. WereSpielChequers (talk) 19:23, 19 February 2013 (UTC)
Risk at events is something that is a day-to-day operational activity. We do need, however, to develop a more consistent risk assessment system and this has been under discussion. They need to be proportionate and shared so that we do not keep re-inventing wheels. We made sure we had public liability insurance as soon as I started but obviously we need to show that we take our responsibilities seriously. With new staff starting and a gear change in our programme we need to formalise this process and I know it is in Daria's agenda. As to banned editors - very much a matter for the community to take a view on. Jon Davies (WMUK) (talk) 12:05, 21 February 2013 (UTC)

Different versions?

This page seems to be different from that presented at the board meeting. In particular, the factual corrections I made to the introduction seem to have been lost. Please could the differences be reconciled here? Thanks. Mike Peel (talk) 19:11, 19 February 2013 (UTC)

Office

We have an office, therefore we are at risk of burglary, fire etc there (though hopefully we have insurance). I'm assuming that we got a pretty good deal because the place is full of charities and not for profits. So we presumably have a risk that any subsidy we get might end if the landlord decides to be more commercial or to cease supporting our sort of charity. We can mitigate that sort of risk by agreeing long lease terms, but that then builds in an inflexibility if the office ceases to meet our needs. We could variously outgrow it, shrink to need less space or have a board that decided to relocate outside London and found any lease a bit of a millstone; Any of those eventualities would become more expensive if we minimised our risk of rent rises by agreeing a longer lease. We also have a risk that someone incompatible with us could move in to the secure area that we have, as currently we only have part of an open plan floor and other organisations are in the same office. WereSpielChequers (talk) 19:23, 19 February 2013 (UTC)

Thanks WSC - good points. We do have fire insurance, as does - I believe - the building. We're going to get a fireproof safe to help prevent any key data loss from fire or theft. As to the lease, our landlord is Ethical Property, who design their business model around our sort of charity, so I think the risk of them changing that is very low. We're also one of their larger tenants, so we're much-loved by them, and have already done things like offer us reduced rent. The risk of outgrowing the office is already covered in the register - the risk of shrinking or relocating is balanced by the fact that it would take some time for those things to come into effect, and they'd need consultation with staff - but they are risks. As to the area we have, we're actually in the process of having the floor redesigned... see Media:Possible_office_plan.jpg for a possible plan. In a few months, they may move us to our own space on the same floor, depending on what happens with the other tenants in the building. Richard Symonds (WMUK) (talk) 16:46, 20 February 2013 (UTC)

Risk not to be monitored quarterly

Any reason that these risks, at the bottom of the page, aren't being monitored quarterly? I'm sure there is a good reason, I was just wondering what it is. Yaris678 (talk) 17:59, 20 February 2013 (UTC)

Because they are either low impact or low probability, therefore aren't worth monitoring quarterly. --Tango (talk) 19:59, 20 February 2013 (UTC)
A cursory inspection of the table gives several exceptions to that statement. 'Negative media' and 'scandal on sites' are the biggest exceptions. Yaris678 (talk) 20:20, 20 February 2013 (UTC)
Hmmm... that looks like an error to me. Those should be "medium" risks, so should be monitored quarterly according to the "Assessing and analysing the risks" section. (Those are the only two exceptions - there are a couple of medium/medium risks, but that is categorised as a low score as well, which I missed in my explanation.) --Tango (talk) 12:33, 21 February 2013 (UTC)
Retrieved from "https://dev.wikimedia.org.uk/w/index.php?title=Talk:Risk_Register&oldid=35973"