Simon Buehring is a project manager, consultant and trainer. He works for KnowledgeTrain which offers risk management training in the UK and overseas. He can be contacted via the management of risk practitioner training website.
Every project manager and business leader needs to be aware of the practices and principles of effective risk management. Understanding how to identify and treat risks to an organisation, a programme or a project can save unnecessary difficulties later on, and will prepare managers and team members for any unavoidable incidences or issues.
The OGC M_o_R (Management of Risk) framework for risk management identifies twelve risk management principles, which are intended “not ... to be prescriptive but [to] provide supportive guidance to enable organisations to develop their own policies, processes, strategies and plan.”
Organisational context
A fundamental principle of all generic management methods, including PRINCE2 and MSP as well as M_o_R, is that all organisations are different. Project managers, programme managers and risk managers need to consider the specific context of the organisation in order to ensure thorough identification of risks and appropriate risk treatment procedures.
The term ‘organisational context’ encompasses the political, economic, social, technological, legal and environmental backdrop of an organisation.
Stakeholder involvement
It is easy for a management team to become internalised and forget that stakeholders are also key participants in everyday business procedures, short-term projects and business-wide change programmes.
Understanding the roles of individual stakeholders and managing stakeholder involvement is crucial to successful risk management. Stakeholders should, as far as is appropriate, be made aware of risks to a project or programme. Within the context of risk management and stakeholder involvement, “appropriate” concerns: the identity and role of the stakeholder, the level of influence that the stakeholder has over and outside of the organisation, the level of investment that the stakeholder has in the organisation, and the type, probability and potential impact of the risk.
Organisational objectives
Risks exist only in relation to the activities and objectives of an organisation. Rain is a negative risk for a picnic, a positive risk for drought-ridden farmland and a non-risk for the occupants of a submarine.
It is imperative that the individual responsible for risk management (whether that is the business leader, the project/programme manager or a specialist risk manager) understands the objectives of the organisation, in order to ensure a tailored approach to risk management.
M_o_R approach
The processes, policies, strategies and plans within the M_o_R framework provide generic guidelines and templates for risk management within a particular organisation. These guidelines are based on the experience and research of professional risk managers from a wide range of organisations and management backgrounds. Following risk management best practices ensures that individuals involved in managing the risks associated with an organisation’s activity are able to learn from the mistakes, experiments and lessons of others.
Reporting
Accurately and clearly representing data, and the transmission of this data to the appropriate staff members, managers and stakeholders, is crucial to successful risk management. The M_o_R methodology provides standard templates and tested structures for managing the frequency, content and participants of risk communication.
Roles and responsibilities
Fundamental to risk management best practice is the clear definition of risk management roles and responsibilities. Individual functions and accountability must be transparent, both within and outside an organisation. This is important both in terms of organisational governance, and to ensure that all the necessary responsibilities are covered by appropriate individuals.
Support structure
A risk management support structure is the provision within an organisation of standardised guidelines, information, training and funding for individuals managing risks that may arise in any specific area or project.
This can include a centralised risk management team, a standard risk management approach and best-practice guidelines for reporting and reviewing organisational risks.
Early warning indicators
Risk identification is an essential first step for removing or alleviating risks. In some cases, however, it is not possible to remove risks in advance. Early warning indicators are pre-defined and quantified triggers that alert individuals responsible for risk management that an identified risk is imminent. This enables the most thorough and prepared approach to handling the situation.
Review cycle
Related to the need for early warning indicators is the review cycle. This establishes the regular review of identified risks and ensures that risk managers remain sensitive to new risks, and to the effectiveness of current risk management policies.
Overcoming barriers to M_o_R
Any successful risk management strategy requires thoughtful consideration of possible barriers to implementation. Common issues include:
• established risk management roles, responsibilities, accountabilities and ownership
• an appropriate budget for embedding a risk management approach and carrying out risk management activities
• adequate and accessible risk management training, tools and techniques
• risk management orientation, induction and training processes
• regular assessment of M_o_R approach (including all of the above issues)
Supportive culture
Risk management underpins many different areas and aspects of an organisation’s activity. A supportive risk management culture is essential for ensuring that everybody with risk management responsibilities feels confident raising, discussing and managing risks. A supportive risk management culture will also include evaluation and reward of risk management competencies for the appropriate individuals.
Continual improvement
In an evolving organisation, nothing stands still. An effective risk management policy includes the capacity for re-evaluation and improvement. At a practical level, this will require the nomination of an individual or a group of individuals to the responsibility of ensuring that risk management policies and procedures are up-to-date, as well as the establishment of regular review cycles of the organisation’s risk management approach.
- Related Videos
- Related Articles
- Ask / Related Q&A
Service Management Software - What is ITIL?
By: Antony Dutton | 04/12/2009ITIL is the accepted service management service framework for best practices for the provision of Information Technology services and is a basis for aligning business needs with IT. ITIL was established by the UK government and is currently in its 3rd version. It places a framework around common sense practices, giving...
Service Management Software - The Challenges
By: Antony Dutton | 04/12/2009One of the challenges in implementing ITIL in established organisations is that they already have processes and procedures in place for the business. A new company or division of a company however is in a position to determine the services required from IT, agree service levels with the business and...
CRM Software - Finding the Right Solution
By: Antony Dutton | 04/12/2009CRM software solutions have progressed considerably in recent times. While the key ingredient in a successful system is always the design and planning, the software solution can also make or break your CRM. The first step is to plan your system based on your needs - and then match a...
Restaurant Franchise Helps to Make to Business Success
By: A.Noton | 04/12/2009It is no secret that the restaurant industry is a tough one to succeed in. However, when you look at the real numbers, it is because far too many people get into the industry thinking that all they have to do is open their doors, have a good time and...
Know Your Costs
By: Mark S Fackrell | 04/12/2009Having current and accurate costing data is very beneficial to the operation of a business, it allows management to isolate problems and strengths, undertake sound pricing strategies, and is an excellent tool to evaluate performance of both managers and employees. This is not some needed only by "big companies", every company should have a comprehensive cost accounting system in place.
HP Joins Anti-Counterfeiting Group
By: Peter Lavelle | 04/12/2009In recent years HP has invested huge amounts to combat counterfeit ink cartridge sellers. Now the cartridge giant has joined the anti-counterfeiting Global Leadership Group.
What is the number one activity that makes generates income for your business?
By: Michelle Spalding | 04/12/2009With unemployment rates at record highs across the USA, I’m guessing that many people aren’t thinking like me. They aren’t looking for ways to improve their business while doing less of the daily activities. They aren’t looking for ways to increase their income by spending more time working on the business, and less working in the business...
Why Projects Fail? Part 5
By: projectmanuk | 30/11/2009 | ManagementThis article deals with the fifth of the OGC’s eight causes of project failure: too little attention paid to breaking down the project into manageable stages. Strikingly, this was the only possible cause of failure identified by the NAO report as not a factor in the failure of the C-NOMIS project.
Why Projects Fail? Part 4
By: projectmanuk | 24/11/2009 | ManagementThis article deals with the fourth of the OGC’s eight causes of project failure: poor approach to project and risk management.
Why Projects Fail? Part 3
By: projectmanuk | 20/11/2009 | ManagementThis article deals with the third of the OGC’s eight causes of project failure: insufficient or ineffective engagement with project stakeholders.
Why Projects Fail? Part 2
By: projectmanuk | 19/11/2009 | ManagementThis post deals with the second of the OGC’s eight causes of project failure: the lack of effective or clear senior management, ownership or leadership at higher levels within the organisation.
Why Projects Fail? Part 1
By: projectmanuk | 13/11/2009 | ManagementIn April 2009 the National Audit Office published a report that declared the failure of the original C-NOMIS and described how the project had demonstrated seven out of the eight primary causes of project failure. C-NOMIS has now been re-scoped and is earmarked for delivery in 2011. However, important questions remain regarding the way in which the project was managed, the length of time for which mis-management of the project was tolerated, and the value-for-money that can be expected from vast
Seven Principles of ISEB Software Testing
By: projectmanuk | 14/07/2009 | ManagementISEB Software Testing Foundation training courses introduce students to the fundamentals of software testing, including the reasons for carrying out tests, basic test processes and the general principles that underpin testing good practice. Knowing these principles, and understanding how they affect the software tester, is crucial to passing the ISEB Software Testing Foundation exam.
ISEB Software Testing Systems Analysis Diploma
By: projectmanuk | 14/07/2009 | ManagementThe ISEB Foundation Certificate in Software Testing is the international standard training-course and qualification for software testers, developers and solution architects. It is also a key specialist module for the ISEB Systems Development Diploma, which is an important addition to the CV of any IT professional.
The Principles of Risk Management
By: projectmanuk | 02/07/2009 | ManagementEvery project manager and business leader needs to be aware of the practices and principles of effective risk management. Understanding how to identify and treat risks to an organisation, a programme or a project can save unnecessary difficulties later on, and will prepare managers and team members for any unavoidable incidences or issues.