O9.2.6

=Risk assessments undertaken as part of institutional strategic planning address e-learning.=

Evidence
Merna and Al-Thani (2008, p2) define risk management as "a formal process that enables that enables the identification, assessment, planning and management of risks." There must be a formal structure and framework in place if the risk management system is to be successful. The approach used to manage risks must be transparent and the identification and priotisation of risks must be shared across all key stakeholders. They cite the Turnbull Report (1999) and list (p61) the following activities as necessary for risk management to be embedded in the organisation:


 * Risk identification
 * Risk assessment/measurement
 * Risk management profiling
 * Risk reporting
 * Risk monitoring
 * Maintainance of the risk profile

Resources
Policies, strategies and an overall plan ensure that these risk management activities are undertaken continuously rather than sporadically and in response to significant organisational failures. Merna and Al-Thani suggest (2008, p61-62) that a risk management plan should formally address:


 * assignment of risk management responsibility
 * the corporate risk management policy
 * risk identification documentation - risk register, initial response options
 * risk analysis outputs - risk exposure distribution within the project, most significant risks, variation of project outcome values with risk occurrences, probability distributions of project outcome values
 * selected risk response options - risk allocation among project parties, provisions, procurement and contractural arrangements concerning risk, contingency plans, insurance and other transfer arrangements
 * monitoring and controlling - comparison of actual with anticipated risk occurrences, control of the project with regard to the RMP
 * maintenance of the risk management system - measures to update and maintain the RMP continuously and refine it *evaluation - recording risk information for further RMP cycles within the project and for future projects.

Kowszun & Struijve (2005) report on guidance for risk assessment in e-learning projects. Using research from IT projects and pilot e-learning studies they discuss the main project risks in e-learning. These include general IT risks such as insufficient human resources, unrealistic schedules and budget, unrealistic expectations, incomplete requirements, and late delivery of software among several others specific to e-learning. They provide an extensive table of sources of guidance for each risk identified and conclude with a literature review of recent and current literature on risk management.

Coen et al. (2004) describe a Risk Management framework for E-learning, the MIT90s model, which has been used to examine how higher education institutions in Australia were managing the introduction of technology to delivery and administer education (Yetton, 1997). Cohen et al. then detail six case-studies of the implementation of MIT90s. They describe how to implement the framework in higher education in general.

Merna and Al-Thani (2008, p69-84) identify a range of tools and methods that can be used to identity risks including brainstorming, assumption analysis, Delphi, hazard and operability studies, and failure modes and effects criticality analysis. Identified risks can be further analysed using checklists, prompt lists, risk registers, risk mapping, probability-impact tables, risk matrices, and project risk management road maps. A range of quantitative techniques can be used to identify risks of time or budget issues including decision trees, Monte Carlo simulations, sensitivity analysis, and probability-impact grid analysis.