Foundation | Practitioner | Expert |
Aware of the process for the identification and management of risks and issues, including roles and responsibilities and creation of a risk register. | Identifies and manages risks and issues, confirming roles and responsibilities including ownership of risk register. | Designs and develops processes for the identification and registration of risks and issues, including roles and responsibilities. |
Inputs into the creation of contingency plans with proposed remedies. | Ensures contingency plans with proposed remedies are in place, using knowledge to inform approach. | Oversees the development of contingency plans with proposed remedies; uses expertise to devise solutions and provide advice to colleagues. |
Supports visibility and mitigation of risk through maintaining risk register, sharing relevant risks with stakeholders. | Ensures visibility and mitigation of risk through reviewing and maintaining risk register, sharing relevant risks and mitigation strategies with stakeholders. | Provides expert advice on mitigation strategies for risks identified in the risk register. |
Supports the development of business continuity plans and supplier disaster recovery plans. | Leads in developing business continuity plans. Informs the development of supplier disaster recovery plans through evaluation. | Provides insight into the development of business continuity plans and supplier disaster recovery plans through evaluation and challenge. |
Inputs into the monitoring of service-level agreements, considering and managing risks posed by data capture, processing and reporting. | Monitors service-level agreements, considering and managing risks posed by data capture, processing and reporting. | Provides oversight and advice in the monitoring of service- level agreements, considering and managing risks posed by data capture, processing and reporting. Identifies impacts outside of individual contract and resolution options. |
Identifies and documents operational key risk indicators; supports the implementation of appropriate mitigation, contingency and recovery measures. | Manages identification and documentation of operational key risk indicators; develops, challenges and implements appropriate mitigation, contingency and recovery measures. | Oversees the identification and documentation of operational key risk indicators; draws on expertise to review proposed mitigation, contingency and recovery measures. |
Understands process and key factors to consider when assessing and evaluating strategic risks. | Assesses and proposes responses to strategic risks considering organisational objectives and risk appetite, supplier relationships and political landscape. | Evaluates and provides guidance on managing strategic risks considering organisational objectives and risk appetite, supplier relationships and political landscape. |
Recognises opportunities to derive benefits from recorded risks. | Identifies opportunities to derive benefits from recorded risks; takes calculated risks to achieve benefits based on evaluation and advice. | Takes an organisational view across contracts to identify and derive benefits based on recorded risks; provides advice and proposes solutions to achieve identified benefits. |
Ensures internal compliance with requirements e.g. data security, anti-fraud measures and supply chain sustainability. | Ensures internal and external compliance with requirements e.g. data security, anti-fraud measures and supply chain sustainability; challenges in instances of non- compliance. | Ensures internal and external compliance with requirements e.g. data security, anti-fraud measures and supply chain sustainability; leads reviews and responses to non-compliance. |