This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Find out more here

Hide
Jump to navigation

Risk Management - Management of Risk (M_o_R®)

Through this webpage you can access information about M_o_R, the Cabinet Office's best practice guidance for the management of risk.

You can also access our extensive risk management bookshop and both classroom training and distance learning options for gaining M_o_R qualifications.

M_o_R is a route map for risk management, bringing together principles, interrelated processes and pointers to more detailed sources of advice on risk management techniques and specialisms.

What is on this page?

How M_o_R works

M_o_R is a route map for risk management, bringing together principles, a set of interrelated processes, and pointers to more detailed sources of advice on risk management techniques and specialisms. It also provides advice on how these principles and processes should be embedded, reviewed and applied differently depending on the nature of the objectives at risk.

The M_o_R framework is based on four core concepts:

  • M_o_R Principles. These are essential for the development of good risk management practice. All are derived from corporate governance principles in the recognition that risk management is a subset of any organisation's internal controls.

  • M_o_R Approach. These principles need to be adapted to suit each individual organisation. Accordingly, an organisation's approach to these principles need to be agreed and defined within a risk management policy, process guide and plans, and supported by the use of risk registers and issue logs.

  • M_o_R Processes. These six process steps describe the inputs, outputs and activities involved in ensuring that risk are identified, assessed and controlled.

  • Embedding and Reviewing M_o_R. Having put in place these principles, approaches and processes, for them to be effective, an organisation needs to ensure that they are consistently applied across the organisation and that their application undergoes continual improvement.

M_o_R shows how risks can be:

  • Identified
  • Assessed
  • Controlled

Only in recent years have organisations begun to recognise that risk management (in its broadest sense) can be applied to both negative threats and positive opportunities. In each case, a proactive approach is required that seeks to reduce the size of the possible threat or increase the size of the possible opportunity.

Whilst it may be tempting to consider these as separate activities, in practice opportunities and threats are seldom independent. M_o_R's flexibility ensures its approach applies to all levels of decision.

Strategic decisions are primarily concerned with long-term goals. These set the context for decisions at other levels of the organisation and the associated risks may not become apparent until well into the future.

Medium-term goals are usually addressed through programmes and projects to bring about business change. Decisions relating to medium-term goals are narrower in scope than strategic ones, particularly in terms of time frame and financial responsibilities.

At the operational level, the emphasis is on short-term goals to ensure ongoing continuity of business services. However, decisions about risk at this level must also support the achievement of long- and medium-term goals.

M_o_R will guide organisations through the systematic application of principles and processes towards the tasks of identifying, estimating and evaluating risks, and then planning and implementing risk responses. This provides a disciplined environment for proactive decision-making.

Who Uses M_o_R?

M_o_R has been adopted by hundreds of organisations worldwide. Equally applicable to large and small organisations in the public and private sectors, organisations employing M_o_R include:

  • Barclays
  • British Telecom
  • GlaxoSmithKline
  • UK Ministry of Defence

What Can M_o_R Deliver?

Effective risk management can bring far-reaching benefits to all organisations, whether large and small, public or private sector. These benefits include:

  • A better basis for strategy setting
  • Improved service delivery
  • Greater competitive advantage
  • Less time spent fire-fighting, with fewer unwelcome surprises
  • Increased likelihood of change initiatives being achieved
  • Closer internal focus on doing the right things properly
  • More efficient use of resources
  • Reduced waste and fraud, and better value for money
  • Improved innovation
  • Better management of contingent and maintenance activities.

An effective risk management structure supports better decision-making through a thorough understanding of risks and their likely impact. Ensuring that an organisation makes cost effective use of risk management first involves creating an approach built upon well-defined steps and then embedding them.

M_o_R Resources

The key resource for anyone using M_o_R is the new, 2010 edition of Management of Risk: Guidance for Practitioners, which is available in various different formats.

Even more useful, particularly for newcomers to the risk management arena, is our special M_o_R and Risk Management Starter Kit

M_o_R Training

You can book accredited Management of Risk Foundation and Practitioner qualification training courses here.

Book

Buy

BUY Information Security BOOKS

Information Security Risk Management for ISO27001/ISO27002

Buy now

+44 (0) 845 070 1750
live chat support software