Business Process Mapping
To ensure a standardised approach across SAR is applied – with shared definitions and common practices for identifying, recording and treating risk – we prepared an Enterprise Risk Management Framework that was bespoke to the organisation and fully aligned with ISO 31000. This meant that as the Ricardo teams met with different functions across SAR, the process of capturing current procedures was conducted efficiently and without ambiguity.
Risk Assessment
Between February and June 2021, more than 190 consultation workshops were held with 57 functional departments. For each department, a risk register was updated setting risks out across ten core categories – including safety, reputational, legal – with each risk scored for impact/likelihood and for current mitigation measures.
By cross-analysing the risk registers from across the organisation the Ricardo experts were able to map any connections and relationships and compile a full list of priority risks as determined by SAR's own teams. For the first time, the organisation has the ability to link maintenance and infrastructure concerns alongside those of recruitment and revenue collection.
Risk Management Software solution
To help SAR track the progress of mitigation preparations, we helped introduce a unified risk monitoring software solution.
The cloud-based tool is where the risk registers are stored and can be updated by staff, with the information immediately available to approved management teams across each network.
The tool will play a key role in ensuring consistency and shared goals throughout the business, with management teams benefiting from common data tools, methodologies and reporting metrics.
Outputs
In addition to the installation of the software tool, and following more than six months of workshops, assessments and cross analysis, Ricardo provided SAR with:
- Gap Analysis Report
- ERM Maturity Model
- Mitigation Plans
- Final Report with observations and recommendations for long-term improvement.