UKGI00004687
UKGI00004687
OFFICIAL SENSITIVE
The Shareholder Executive Risk Register
What is the Heat Map?
This will be used as a graphical representation of the TOP RISKS each team faces and also allows for different assets'/projects’ risks to be compared easily.
risks ONLY and their mitigating actions should be allocated bubbles (e.g. putting R8 in the two bubbles for Risk #8, and so on). These should be positioned
Using ratings as coordinates - for instance a risk with probability 4 and impact 3 would be positioned 4 places along the x-axis and 3 places up the y-axis.
PLEASE ONLY INCLUDE YOUR TOP RISKS.
Completing the Risk Register
Please only include top risks on the heat map, to avoid overcomplicating the graphic (e.g. top 3 or top 5, but number selected isto be decided at each
team's discretion). Risk "bubbles" are BLUE while mitigating action “bubbles” are GREEN. The positioning of each "bubble" should reflect the coordinates,
defined by the CURRENT probability and impact ratings.
In the top left hand corner of the Risk Register box 1 asks you for a brief description of the overall project. Box 2 asks you to set a RAG rating that reflects
your overall view of the different risks faced by your asset or project alongside a simple and brief rationale. Box 3 asks you to provide a HML rating of the
reputational risk of your project to ShEx alongside a simple and brief rationale. The ratings in boxes 2 and 3 will be used as a high-level indentifier on the
‘ShEx Summary Risk Register which will be approved by ExCo.
The “[Current Status}” box should provide a summary of today's state-of-play;it might well overlap with the general description of the risk. This should also
ilude a comment on any external review (e.g. internal ShEx quarterly or annual review, or risk committee internal or external) assessments)
Under each risk for “[date of entry (Le. the third row under the summary column forall risks) please input theDATE THE RISK WAS INPUTTED NOT THE
DATE THE RISK WAS AMENDED. This allows the risk team to monitor the ageing of various tasks.
Please populate all RELEVANT UNSHADED cells in this document. To ensure consistency between months only add new risks below existing risks andDO
NOT REPLACE EXISTING RISKS WITH NEW RISKS If a risk is no longer relevant please DO NOT DELETE IT and instead add CLOSED in the current status
column (last column). You only need to include AS FEW OR AS MANY risks as you feel should be reported.
For clarity the ratings on the mitigating actions should relate to the effect of the action on the underlying risk,NOT the effect of the mitigating action itself -
eg. if a risk has probability 4 and impact 3, a mitigating action might change the profile of the risk to probability 2 and impact 2. Please also move the old
rating values to the “[Prev]” column and input the new rating values to the “[curr]" column. This allows the risk team to monitor month on month changes,
Definition of Risk Types
Finance: Related to financial performance (e.g. r stones or of underperformance, or I parameters) of BIS, ShEx or ShEx's
assets or partners / projects.
Strategic: Related to business and strategy planning of BIS, ShEx or ShEx’s assets or partners / projects.
Operational: Related to business-as-usual performance of ShEx or ShEx's assets or partners / projects.
People: Related to employees of ShEx’s assets or partners / projects. Likely to focus on management issues (e.g. capability, remuneration, succession, etc),
Reputational: Related to reputational considerations for Government. Ministers, BIS, ShEx, ShEx’s assets or partners / projects. Also includes other possible
external communications or handling risks.
Legal: Related to legal, compliance, regulatory or equivalent risks faced by Government, BIS, ShEX, ShEx's assets or partners / projects or other third partes.
Information: Related to situations in which data or information is or could be at risk, including in respect of information held by Government, ShEx or SE»
assets or partners / projects. Also relates to information held by third parties that could impact Government, ShEx or ShEx's assets or partners / projects.
Other: Related to any category not defined above.
UKGI00004687
UKGI00004687
OFFICIAL SENSITIVE
The Shareholder Executive Risk Register - Post Office Limited 30-Jun-2015]
De I
a
roe I Prtstin I 00 I e8 rromtnn I 0 I 00
2 fat evodsnperrace = oe Ptiat oat
amma [tenors mason I tig 08 08 nn
saan cose I tg sa a8 sai 00 8
saan ines tame oe
Seana — Pn Fonsi I 20 I 2
coer I ty 08 08 mang naan + frccanttoen neo
> rman crmmsreateratt [eager pe
02/4 sles ao twig 08 an = prowecmone pM
cimaraie
toot I mane 00 oe ame a0 an «fis
Aempen2/0272015 new ee os) I ing 88 ae fang 8
sana a ne eer a
UKGI00004687
UKG100004687
OFFICIAL SENSITIVE
UKGI00004687
UKG100004687
OFFICIAL SENSITIVE
Fainentinnurety tepese
Letiaecteecete, ator ery
=I
Ixs0triger sievtican sakeholder/ r oF as eww haste
eres: Eaxtacnseaieent
tne oaAnancaegede [emmaetekeeiter I Seng fencrtargme toc)
fevwonrctcomnatocu
eee
attested [cast soon
[escort n bw it
[ssl anencolsmpse
rams Iaeenetowen si
OFFICIAL SENSITIVE
UKGI00004687
UKG100004687
[omen twnser ines
eran nehresem
[newiewotegeny were
ihedouin —_ ttorgemsoesanse 20
Jiseetnsone brane
arms feewane
—— [eset t
ane ‘ante nios
ect
TramannanPttentendmerten seost _ foLnsineeand at the tnt
ms [arasengntcecoy scl enn panera dene
arms
eset
Laanined foes nan
over (ee
evar