Q 1.

Describe the five phases of risk management process

Risk management is a 5 stage process. These processes go simultaneously. These steps are to be followed for having a good risk management. These steps are listed and explained below:-

1- Risk Identification:This is the first and the most important step of risk management. One cannot do anything with the risk unless and until that risk has been clearly identified. Risk identification starts from where the problem originates. Risk identification can be objective based, scenario based, taxonomy based and common risk checking. Walk around your workplace and look at what could reasonably be expected to cause harm. Ask your employees or their representatives what they think. They may have noticed things that are not immediately obvious to you. Visit the HSE website (www.hse.gov.uk). HSE publishes practical guidance on where hazards occur and how to control them. There is much information here on the hazards that might affect your business. If you are a member of a trade association, contact them. Many produce very helpful guidance. Check manufacturers instructions or data sheets for chemicals and equipment as they can be very helpful in spelling out the hazards and putting them in their true perspective. Have a look back at your accident and ill-health records these often help to identify the less obvious hazards. Remember to think about long-term hazards to health (eg high levels of noise or exposure to harmful substances) as well as safety hazards.

2- Risk Analysis:Risk analysis includes analyzing the risk and measuring its vulnerability or its impact. Frequency and severity of the risk will be analyzed as well. Risk management can be quantitative as well as qualitative. Numerically determining the probabilities of various adverse events and expected extent of losses if any unexpected event occurs is a Quantitative Analysis where as defining the various threats, devising countermeasures and determining the extent of vulnerabilities is referred to as Qualitative Risk Analysis. some workers have particular requirements, eg new and young workers, new or expectant mothers and people with disabilities may be at particular risk. Extra thought will be needed for some hazards; cleaners, visitors, contractors, maintenance workers etc, who may not be in the workplace all the time; members of the public, if they could be hurt by your activities; if you share your workplace, you will need to think about how your work affects others present, as well as how their work affects your staff talk to them; and ask your staff if they can think of anyone you may have missed.

3- Risk Control:After analyzing the risk then decided that how can the risk be controlled. If the risk can be controlled by in house then well and good, if not then decide on how to transfer that risk. Risk control is the entire process of procedures, systems, policies an organization needs to manage prudently for all the risks which are arising. Can I get rid of the hazard altogether? If not, how can I control the risks so that harm is unlikely? When controlling risks, apply the principles below, if possible in the following order: try a less risky option (eg switch to using a less hazardous chemical); prevent access to the hazard (eg by guarding); organise work to reduce exposure to the hazard (eg put barriers between pedestrians and traffic); issue personal protective equipment (eg clothing, footwear, goggles etc); and provide welfare facilities (eg first aid and washing facilities for removal of contamination).

4- Risk Transfer:If the risk is not manageable and one cannot retain that risk, then we have to transfer that risk to a third party. This is the stage where insurance comes in action. Insurance will be willing to take on those risks which the organization cant handle. a proper check was made; you asked who might be affected; you dealt with all the significant hazards, taking into account the number of people who could be involved; the precautions are reasonable, and the remaining risk is low; and

you involved your staff or their representatives in the process.

There is a template at the end of this leaflet that you can print off and use. If, like many businesses, you find that there are quite a lot of improvements that you could make, big and small, dont try to do everything at once. Make a plan of action to deal with the most important things first. Health and safety inspectors acknowledge the efforts of businesses that are clearly trying to make improvements. A good plan of action often includes a mixture of different things such as: a few cheap or easy improvements that can be done quickly, perhaps as a temporary solution until more reliable controls are in place; long-term solutions to those risks most likely to cause accidents or ill health; long-term solutions to those risks with the worst potential consequences; arrangements for training employees on the main risks that remain and how they are to be controlled; regular checks to make sure that the control measures stay in place; and clear responsibilities who will lead on what action, and by when.

Remember, priorities and tackle the most important things first. As you complete each action, tick it off your plan.

5- Risk Review:Risk review is the last step in which all the above mentioned steps are evaluated. Review must be regular as the conditions and the circumstances of the business and organizations changes continuously. It should be monitored that the desired results of the risk management are being achieved or not and if not then identifying that where the problem occurred and then reviewing all the steps and making the changed in the management according to scenario.

Q 2. Describe in brief the basic principles followed by the GMP principles

GMP is an acronym for Good Manufacturing Practice regulations put in place by the U.S. Food and Drug Administration (FDA). GMP is typically used in facilities where drugs or medication are manufactured. These regulations address a variety of areas, including cleanliness, personnel qualifications and record-keeping, all in an attempt to ensure safety in the manufacture and care of FDA-regulated products by minimizing the chance of contamination or human error. Written Procedures The first principle of GMP is to develop detailed step-by-step procedures, in writing, that provide a "road map" for consistency in performance. Written procedures allow for workplace standards to be clearly established, ensuring that a job or procedure is performed in the same way each time, with each step followed as set out in the written instructions. Following Procedures The written procedures will only be effective if they are followed to the letter, so it is important that no short cuts or modifications be permitted. Any deviation from the written instructions may adversely affect consistency in product quality. Documentation The third GMP principle calls for prompt and accurate documentation of work, thus allowing for compliance with regulations and the ability to trace any problems. Accurate records provide a way to evaluate what happened if there is ever a problem or complaint regarding a product. This record keeping also chronicles the precise steps taken relating to GMP regulations. Validating Work This GMP principle notes the importance of validating that all systems and processes are working as they are meant to. This is achieved through documentation and properly following the written procedures, thus ensuring that quality and consistency are carried out according to plan. Facilities and Equipment The fifth GMP principle outlines the importance of integrating productivity, product quality and employee safety into the design and construction of the company's facilities and equipment. This reinforces the goals of quality and consistency at all stages of the process. Maintenance Equipment and facilities must be properly maintained, with documented written records to back up any work done. This minimizes any safety concerns and avoids any potential issues relating to contamination and quality control. Job Competence Job competency must be clearly demonstrated by each employee relating to his job. GMP requires an employee to be completely competent in his role. However, the definition of competence may vary for different people, so it's important that clearly defined and developed job competencies are in place relating to each job. Avoiding Contamination The eighth GMP principle is to ensure a product is protected from contamination. The first step in achieving this is to make cleanliness in the workplace a daily habit. Since the degree of cleanliness needed depends on the type of product being manufactured, standards must be put in place to ensure the appropriate cleanliness guidelines are followed. Quality Control This principle involves building quality directly into products via the systematic control of components and processes relating to each product. Quality control includes such areas as manufacturing, packaging, labeling, distribution and marketing.

By placing clearly defined controls over all these areas and keeping accurate, timely records, quality is built into all stages of production. Audits Finally, the only way to determine how well GMP is being implemented is to conduct planned periodic audits to assess the success of compliance with GMP regulations.

Q 3. Write short note on the following risk categories: [52=10 marks]. a. Operational risks b. Schedule risks c. Budget risks d. Business risks e. Technical environment risk

There are a number of definitions used to describe benchmarking , all of which may have their place. The European Benchmarking Code of Conduct defines it as a technique which is about making comparisons with other organisations and then learning the lessons that those comparisons throw up. In practice benchmarking will involve comparing aspects of an organisation's performance with others ( if possible this will be with what are regarded as best in class ). Using this information areas are identified that require improvement. Sometimes the comparisons will just be with one other organisation or more frequently will be part of a group of organisations ( benchmarking group) who will agree to participate jointly in such an exercise. The rationale is that if you search for best practices in best in class organisations, then you too will become best in class, assuming you implement the findings of any benchmarking exercise.

Benchmarking is the practice of identifying, understanding, and adapting the successful business practices and processes used by other companies (or even other departments within the same company) to increase your own business success. It is a business strategy that is used by manufacturers and service-oriented companies alike. While it may involve learning from one's competitors, benchmarking is more focused and narrowly defined than competitive analysis. Competitive analysis can be used in conjunction with benchmarking to identify gaps and provide strategic direction; however, benchmarking itself measures specific performance gaps between a company and its competitors. When used effectively, benchmarking can be a valuable tool in increasing the health of any business. "It is not an unnecssary cost to be avoided," wrote James Dodd and Mark Turner in National Public Accountant, "but rather, a tool that when used properly can produce quantum leaps in company performance." Benchmarking relies on the study of general business practices that are not industry specific (generic benchmarking), specific business or manufacturing functions (functional benchmarking), general industry characteristics (industry benchmarking), strategies in general (tactical benchmarking), or the numerical characteristics of specific products or processes (performance benchmarking). Benchmarking is most often implemented by examining other organizations within the same industry. "Most [small businesses] regard their businesses as too unique to warrant detailed comparison across industries, " stated Dodd and Turner. "They see no valid comparisons and, therefore, do not recognize any meaningful benefit from examining practices outside their own industries." But many analysts believe that companies can learn from the experiences of enterprises from a wide range of industries. After all, new lessons in business efficiency, innovation, and financial success can be found every day in all types of businesses. In recent years, the benchmarking concept has also made an impact on the burgeoning world of ecommerce. Uncertainties still surround the utility, significance, and dimensions of benchmarking in the electronic business world. For example, some observers contend that the dot-com emphasis on speed to marketwhile an essential component of overall business success has led many businesses to give too little attention to examining revenue streams, site traffic, and other web site activity data that might anable them to improve their practices and processes. But analysts believe that as more dot-coms establish a presence on the Internet, benchmarking will grow in importance as a productive tool to measure web site activity as well as core business processes such as customer service and marketing. "Once those core processes have been determined," wrote Tamara Wieder in Computer world, companies need to figure out how much those processes are costing them. Then, based on that information, businesses can compare their cost structures to those of other companies and evaluate their own performance over time."

How can it be used?

Best practice or process benchmarking enables an organisation to compare any of its tasks, activities or functions to those of another organisation. As stated above, often the most rewarding comparisons are done on a group basis. Sometimes organisations will agree and administer this or more commonly an external company, with some expertise in the technique, will set up and administer the process. In the UK benchmarking has been used widely in financial services in recent times. For example, in the home loans' market lenders have been keen to check that their loan application processing is in line with competitors. A third party company has carried out this exercise providing valuable information on processing capability to all those participating organisations.

Another example of UK benchmarking has seen some government departments comparing themselves to the some financial services organisations in the private sector. A driver for this has been the government's desire to cut out waste and reduce the costs of providing its services.

Advantages & Disadvantages

Why benchmark?
The argument is that if you don't know what the standard is you cannot compare yourself against it. By benchmarking it is possible to ensure that your processes and business practices are in line or are better than the competition. Without benchmarking, how do you know where you are ? There are a number of downsides to benchmarking. These include:

can be time consuming and costly to collect the information obtaining agreement and commitment from other organisations to participate in such an exercise how do you know that you are comparing like with like ? For example in process benchmarking extremely precise definitions of the process and its boundaries have to be made before any data can be collected and compared.

Barriers to Successful Benchmarking Business experts point to several factors that can hinder a company's efforts to institute meaningful benchmarking practices. These include: Unexamined core business processes. The ultimate quality, price, or reliability of the end product or service that is made available to customers is predicated on many aspects of a company's operations, and these facets need to be taken into consideration when examining internal processes.. Inadequate people or technology resources. A business should make sure that it has the resources (in terms of workforce, technology, or funding) to both launch a thorough benchmarking program and implement its findings. Unwillingness or inability to accept the legitimacy of business ideas or practices from outside sources. Many employees and organizations are resistant to change, because of general contentedness, fear of the unknown, perceived challenges to their abilities, etc. Resistance can be minimized, however, if owners and managers make it clear that benchmarking is not a faultfinding exercise but rather an established program to help the company grow and prosper in a fast-changing business world. Speed of in-house benchmarking processes. Effective benchmarking programs are given mandates to conduct their investigates in a timely manner, so that improvements can be implemented quickly. Inadequate follow-up training. Benchmarking programs can uncover many areas in which companies can improve their performance. But if the company does not provide its work force with sufficient training to implement needed changes in a timely and effective fashion, then the initiative becomes a waste of time and resources.

Q 4. Describe Risk assessment cycle.

Follow the five steps in our leaflet: Five steps to risk assessment . 1. Identify the hazards

First you need to work out how people could be harmed. When you work in a place everyday it is easy to overlook some hazards, so here are some tips to help you identify the ones that matter:

Walk around your workplace and look at what could reasonably be expected to cause harm. Ask your employees or their representatives what they think. They may have noticed things that are not immediately obvious to you. For information on how you can do this please visit our worker involvement pages. Visit the HSE website. HSE publishes practical guidance on where hazards occur and how to control them. There is much information on the hazards that might affect your business. Alternatively, contact Workplace Health Connect (Tel: 0845 609 6006), a free service for managers and staff of small and medium-sized enterprises providing practical advice on workplace health and safety. If you are a member of a trade association, contact them. Many produce very helpful guidance. Check manufacturers instructions or data sheets for chemicals and equipment as they can be very helpful in spelling out the hazards and putting them in their true perspective. Have a look back at your accident and ill-health records these often help to identify the less obvious hazards. Remember to think about long-term hazards to health (eg high levels of noise or exposure to harmful substances) as well as safety hazards.

2. Decide who might be harmed and how

Step 2: Decide who might be harmed and how

For each hazard you need to be clear about who might be harmed; it will help you identify the best way of managing the risk. That doesnt mean listing everyone by name, but rather identifying groups of people (eg people working in the storeroom or passers-by). Remember:

some workers have particular requirements, eg new and young workers , migrant workers , new or expectant mothers and people with disabilities may be at particular risk. Extra thought will be needed for some hazards; cleaners, visitors, contractors, maintenance workers etc, who may not be in the workplace all the time; members of the public, if they could be hurt by your activities; if you share your workplace, you will need to think about how your work affects others present, as well as how their work affects your staff talk to them; and ask your staff if they can think of anyone you may have missed.

In each case, identify how they might be harmed, i.e. what type of injury or ill health might occur. For example, shelf stackers may suffer back injury from repeated lifting of boxes.

3. Evaluate the risks and decide on precaution

Step 3: Evaluate the risks and decide on precautions

Having spotted the hazards, you then have to decide what to do about them. The law requires you to do everything reasonably practicable to protect people from harm. You can work this out for yourself, but the easiest way is to compare what you are doing with good practice. There are many sources of good practice - Notify HSE and Workplace Health Connect (Tel: 0845 609 6006) will all help. So first, look at what youre already doing, think about what controls you have in place and how the work is organised. Then compare this with the good practice and see if theres more you should be doing to bring yourself up to standard. In asking yourself this, consider:

Can I get rid of the hazard altogether? If not, how can I control the risks so that harm is unlikely?

When controlling risks, apply the principles below, if possible in the following order:

try a less risky option (eg switch to using a less hazardous chemical); prevent access to the hazard (eg by guarding); organise work to reduce exposure to the hazard (eg put barriers between pedestrians and traffic); issue personal protective equipment (eg clothing, footwear, goggles etc); and provide welfare facilities (eg first aid and washing facilities for removal of contamination).

Improving health and safety need not cost a lot. For instance, placing a mirror on a dangerous blind corner to help prevent vehicle accidents is a low-cost precaution considering the risks. Failure to take simple precautions can cost you a lot more if an accident does happen. Involve staff, so that you can be sure that what you propose to do will work in practice and wont introduce any new hazards.

4. Record your findings and implement them

Step 4: Record your findings and implement them

Putting the results of your risk assessment into practice will make a difference when looking after people and your business. Writing down the results of your risk assessment, and sharing them with your staff, encourages you to do this. If you have fewer than five employees you do not have to write anything down, though it is useful so that you can review it at a later date if, for example, if something changes. When writing down your results, keep it simple, for example Tripping over rubbish: bins provided, staff instructed, weekly housekeeping checks, or Fume from welding: local exhaust ventilation used and regularly checked. We do not expect a risk assessment to be perfect, but it must be suitable and sufficient. As illustrated by our example risk assessments, you need to be able to show that:

a proper check was made; you asked who might be affected; you dealt with all the obvious significant hazards, taking into account the number of people who could be involved; the precautions are reasonable, and the remaining risk is low; and you involved your staff or their representatives in the process.

Download the Risk Assessment and Policy Template. This template brings together your risk assessment, health and safety policy and record of health and safety arrangements into one document to help get you started and save you time. If you already

have a health and safety policy, you may choose to simply complete the risk assessment part of the template. Use the example risk assessments as a guide for completing the template, adapting it for your own workplace. If, like many businesses, you find that there are quite a lot of improvements that you could make, big and small, dont try to do everything at once. Make a plan of action to deal with the most important things first. Health and safety inspectors acknowledge the efforts of businesses that are clearly trying to make improvements. A good plan of action often includes a mixture of different things such as:

a few cheap or easy improvements that can be done quickly, perhaps as a temporary solution until more reliable controls are in place; long-term solutions to those risks most likely to cause accidents or ill health; long-term solutions to those risks with the worst potential consequences; arrangements for training employees on the main risks that remain and how they are to be controlled; regular checks to make sure that the control measures stay in place; and clear responsibilities who will lead on what action and by when.

Remember, prioritise and tackle the most important things first. As you complete each action, tick it off your plan.

5. Review your assessment and update if necessary

Step 5: Review your risk assessment and update if necessary

Few workplaces stay the same. Sooner or later, you will bring in new equipment, substances and procedures that could lead to new hazards. It makes sense therefore, to review what you are doing on an ongoing basis. Every year or so formally review where you are to make sure you are still improving, or at least not sliding back. Look at your risk assessment again. Have there been any changes? Are there improvements you still need to make? Have your workers spotted a problem? Have you learnt anything from accidents or near misses? Make sure your risk assessment stays up to date. When you are running a business its all too easy to forget about reviewing your risk assessment until something has gone wrong and its too late. Why not set a review date for this risk assessment now? Write it down and note it in your diary as an annual event. During the year, if there is a significant change, dont wait: check your risk assessment and where necessary, amend it. If possible, it is best to think about the risk assessment when youre planning your change that way you leave yourself more flexibility.

Q.5. Describe in brief the major risk handling strategies

Dont overcomplicate the process. In many organisations, the risks are well known and the necessary control measures are easy to apply. You probably already know whether, for example, you have employees who move heavy loads and so could harm their backs, or where people are most likely to slip or trip. If so, check that you have taken reasonable precautions to avoid injury. If you run a small organisation and you are confident you understand whats involved, you can do the assessment yourself. You dont have to be a health and safety expert. Download the Risk Assessment and Policy Template. This template brings together your risk assessment, health and safety policy, and record of health and safety arrangements into one document to help you get started and save time. If you already have a health and safety policy, you may choose to simply complete the risk assessment part of the template. We also have a number of example risk assessments to show you what a risk assessment might look like. Choose the example closest to your own business and use it as a guide for completing the template, adapting it to meet the needs of your own business. If you work in a larger organisation, you could ask a health and safety adviser to help you. If you are not confident, get help from someone who is competent. In all cases, you should make sure that you involve your staff or their representatives in the process. They will have useful information about how the work is done that will make your assessment of the risk more thorough and effective. But remember, you are responsible for seeing that the assessment is carried out properly. When thinking about your risk assessment, remember:

a hazard is anything that may cause harm, such as chemicals, electricity, working from ladders, an open drawer, etc; and the risk is the chance, high or low, that somebody could be harmed by these and other hazards, together with an indication of how serious the harm could be.

Risk log (risk register)

Purpose:

The Risk log, in relation to a specific activity or plan (e.g. project), lists all the identified risks and the results of their analysis and evaluation. Information on the status of the risk is also included. Risk log is the PRINCE2 term but this may also be known as a risk register. These details can then be used to track and monitor their successful management as part of the activity to deliver the required, anticipated benefits. Fitness for purpose checklist:

Is the Risk log part of a framework for managing risk? Does the status indicate whether action has been taken or is in a contingency plan? Are the risks uniquely identified (including to which project they refer if the risk relates to a programme)? Has each risk been allocated an owner? Is access to the Risk log controlled? Are activities to review the Risk log in the stage plans? Have costs been identified for each risk as a 'risk allowance'?

Suggested content:

Risk identification number (unique within the log) Risk type (where indication helps in planning responses) Risk Owner Raised by (person) Date identified Date last updated Description Cost if it materialises Probability Impact Proximity Possible response actions Chosen action Target date Action owner/custodian (if differs from risk owner) Closure date Cross references to plans and associated risks and may also include Risk status and Risk Action Status

Source information:

Issues and risks can be raised by anyone involved in the project or its stakeholders throughout its lifecycle.

Notes: Where suppliers and/or partners are involved, it is essential to have a shared understanding of risks and agreed plans for managing them. The risk log is set up during the start up of the project, ready to record project risks, including any noted in the Project Brief. It is an important component of the organisation's risk management framework. This is a management tool whereby a review and updating process identifies, assesses and manages down the risk to acceptable levels. It provides a framework in which problems that may arise and adversely affect the delivery of the anticipated benefits are captured and actions instigated to reduce the probability and the impact of that particular risk.

Q 6. Define change and the various types of changes

Management consultants are regularly involved in supporting clients through periods of complex change and consequently clarity on the basic definitions of a project and a program, and the difference between a project and a program are important. It is also important that management consultants use consistent terms and language when describing work to be undertaken in order that the client can understand the nature and scale of the consulting intervention that will be required. Although many of the change management considerations are common between a program and a project, the nature of the consulting work required to support each type of initiative is quite distinct. Definition of a Project A project is a temporary entity established to deliver specific (often tangible) outputs in line with predefined time, cost and quality constraints. A project should always be defined and executed and evaluated relative to an (Executive) approved business case which balances the costs, benefits and risks of the project. The project business case should be managed under change control. Definition of a Program A program is a portfolio comprised of multiple projects that are managed and coordinated as one unit with the objective of achieving (often intangible) outcomes and benefits for the organization. Difference between a Project and a Program The following table summarizes the main areas of difference between a project and a program. Project Outputs tangible; relatively easy to Program Outcomes often intangible; difficult to quantify;

Objectives

describe, define and measure; tending towards objective. Strictly limited; tightly defined; not subject to change during the life of the project. Relatively short term; typically three to six months.

benefits often based on changes to organizational culture and behaviors; introducing new capabilities into the organization; tending towards subjective. Not tightly defined or bounded; likely to change during the life cycle of the program.

Scope Duration

Relatively long term typically eighteen months to three years. Program risk is more complex and potentially the Project risk is relatively easy to identify impact on the organization if a risk materializes and manage. The project failure would Risk profile will be greater relative to project risk. Programme result in relatively limited impact on the failure could result in material financial, organization relative to program risk. reputational or operational loss. Ill-defined; often disagreement between key Nature of the problem Clearly defined. stakeholders on the nature and definition of the problem. A significant number of potential solutions with A relatively limited number of potential Nature of the solution disagreement between stakeholders as to the solutions. preferred solution. A significant number of potential solutions with A relatively limited number of potential Stakeholders disagreement between stakeholders as to the solutions. preferred solution. Environment is dynamic; and programme Environment within which the project objectives need to be managed in the context of Relationship to environment takes place is understood and relatively the changing environment within which the stable. organization operates. Resources to deliver the project can be Resources are constrained and limited; there is Resources reasonably estimated in advance. competition for resources between projects.

Change Portfolio A change portfolio is comprised of multiple and interdependent change programs. An organization will manage a change portfolio with a strategic perspective often over a rolling three to five year period.