SlideShare ist ein Scribd-Unternehmen logo

Improving the application of risk management

K
Karl Davey

Paper on risk management culture change and improving the aplication of Risk Managemenrm

1 von 6
Improving the Application of Risk Management: Moving from a ‘Name and Blame’ to ‘Name and Gain’ Culture Karl Davey CEng MIEE Head of Risk Management Strategic Thought Limited The Old Town Hall, 4 Queens Road London, England SW19 8YA karl.davey@strategicthought.com Risk management is not just about processes and INTRODUCTION methodologies. It is also about people and their involvement in the objectives of having such systems. This paper explores why risk management It is a fact that all projects and business endeavours often fails to deliver against defined performance face uncertainty. The need to address these sources criteria and looks at methods of improving the buy- of uncertainty and increase the likelihood of success in and commitment to making risk management is not only common sense but also good business work as promoted. practice. To this end many organizations seek management techniques to address these issues and, as a result, see risk management as the answer to FOREWORD this problem. Recent history is full of high profile and news worthy project/business failures. In many of these Today, risk management is widely publicised as a cases the quality of risk management has been process which seeks to give organizations an edge in questioned and blamed as a contributing factor. Of today’s uncertain and competitive environment. It is more significance, where project and business risk also generally accepted that the benefits of risk were identified, the lack of effective mitigation management provide, for example: rendered the value of risk and opportunity identification meaningless • greater understanding of project or business objects or goals; But why does this happen? Many organizations involved in failures claim to undertake risk • more realistic business and project planning; management and have developed processes based • improved management of project and business on widely published best practice guides or costs; and, international standards. A common conclusion that can be drawn from the lessons learned, however, is • more effective communication within an that having a risk process and system in place is organization. only part of the solution. If commitment and understanding, as to why risk management is It is therefore fundamental that a collaborative risk important to all participants’ goals, is lacking and a culture be developed to allow an organization to team has not bought into the full risk process, effectively address the problems and opportunities including mitigation actions, the risk management they may face. Unfortunately the farthest many process will fail. organizations travel in creating a positive risk-aware culture is in developing detailed risk management processes, publishing them on their websites and TABLE OF CONTENTS mandating their organization or teams to “just do INTRODUCTION……………………………….…1 it”. PROMOTING BUY-IN TO THE RISK PROCESS…..3 TECHNIQUES TO GAIN INVOLVEMENT………...5 SUMMARY…………………………………........6 1 0-7803-9546-8/06/$20.00© 2006 IEEE 1 1 IEEEAC paper #1001, Version 6, Updated Oct, 28 2005
However, all too commonly, an often overlooked From understanding how individuals perceive and area of the risk process is the human element. For react to the risk process we can see where processes risk management to be truly effective, individuals go wrong. from all levels of the enterprise must be involved throughout the process and ideally from the outset of the endeavour. This means involving people and their opinions and perceptions. After all, isn’t risk ent management just another part of good people and mitm project management? Com No Many organizations spend valuable resources developing what, on paper, appears to be an ctive effective risk management process. But when In-effe ement exposed to their employees the process never Po operates as intended. Why is this? Surely the Manag Ident or ificat process couldn’t have been that wrong to start with? ion ks k Ris The problem is a combination of people, the risk process and its shortfalls. The solution is simple in concept. Those involved within the organization just Wea don’t see the value of the process and why it is necessary. Are people’s performance measured upon their involvement in the process? Most of the time Where the risk management process goes wrong the answer is no. And these busy people have enough to do without having to also think about how to solve difficult problems! One major cause for poor perception of risk management relates to risk management being considered a “black art”. Granted, risk management As a risk consultant, often called in to address these does sometimes appear subjective. So we need to issues and address why the process is not working understand how to verify or input data and interpret as intended, the feedback from interviews with staff the results more consistently and objectively. Also, can be very enlightening and forms a basis for the since we are dealing with uncertain events, which considerations management should consider when may or may not happen, we need to be able to implementing a risk aware culture. Similar measure the effectiveness of our process. And comments come up often, regardless of the industry another major issue relates to the view that risk or size of company. These comments generally management is a complex and specialist share a theme that relates to understanding why the management technique that needs to be performed process is not important to them: by expert risk managers. With all of these perceptions, the result can be a gradual withdrawal from a process that was designed to help, not hurt, • I’m too busy running the project. the business. • We manage risk anyway. Therefore, we must ensure that our processes • What’s in it for me? encourage understanding, buy-in and commitment to in • Risk always focuses on the negatives. order to achieve shared objectives from the offset. If we fail to do this, the risk process will spiral into • It’s a paper exercise. disrepute and become untenable. • It’s of no real value; it’s just maths and statistics. • It doesn’t solve real problems. 1 0-7803-9546-8/06/$20.00© 2006 IEEE 2 1 IEEEAC paper #1001, Version 6, Updated Oct, 28 2005
PROMOTING BUY-IN TO THE RISK PROCESS Asking individuals to contribute at early stages of an endeavour demonstrates that their involvement and opinions are valued and is a key part of a risk The key to successful risk management (and in fact manager’s role. any management process) is a shared desire to succeed because this brings both personal and team satisfaction. From this flows a willingness to learn, Evaluation – “Simple”, “sensible” and comply and contribute. So it is necessary to ensure “comprehendible” are keywords at this stage of the risk we develop (or enhance) a risk management process process. As mentioned earlier, some risk processes are that encourages contribution from all parties over complicated by organizations and can lead to a involved in the project or business endeavour. lack of understanding, of the meaning and substance of results, by those involved in the project. This loss of understanding can lead to increased costs, time and We must take a number of carefully considered steps effort trying explaining the risk process rather than and develop an internal risk environment that gains the actually managing the risks that have been identified. contribution of those in our business. If we look at any standard risk process from the simplest perspective, To develop a sensible understanding of the risk issues then we can identify and simply some improvement within the organization, simple-to-use techniques areas to make increased buy-in more achievable. should be applied. Risk weighting factors and scoring/assessment criteria need to be developed and Identification – This is the first key step of the risk agreed upon by the key stakeholders of an endeavour. process. Undoubtedly, we will have identified risks from our documentation, assumptions, business plan or V High -25 -24 -23 -22 -18 5 11 18 19 21 25 tender response. However, we should also talk to those 5 2 people who are, or will be, actively involved in the High -21 -20 -17 -16 -15 4 10 14 20 24 project or business organization/enterprise: those that Probability Med need to make things happen. -19 -14 -13 -12 -9 3 8 13 17 19 23 9 7 Low -11 -10 -8 -7 -6 2 7 12 16 22 Shareholders Shareholders V Low -5 -4 -3 -2 -1 1 6 9 15 17 18 25 Board Board Customers Customers V High High Med Low V Low | V Low Low Med High V High Risk Level Probability Impact Diagram (Opportunity and Threat) Management Risk Risk Suppliers Management Suppliers System System These then need to be consistently applied across an organization and customized only to reflect projects or business endeavours which differ in terms of duration, Staff Staff Regulators Regulators budget or scope. Auditors Auditors Risk Lifecycle – It is often all too easy to purely focus on the big risks: those that sit at the top of the risk list. Risk management stakeholders But are we missing something? Are there risks that We, therefore, need to include all key stakeholders demand immediate attention that may not be at the top from all levels of the organization. History and lessons of the risk register? By also understanding when the learned from previous projects provide an extensive risks we face will occur, we can make better use of our source of risk information. The experiences of resources. individuals in our organizations offer a living, Significant value can be delivered by listing both the breathing knowledgebase that can identify possible big risks that occur in the next 6 months and the risks from experience and possible strategies to address smaller risks which can be cost-effectively managed them. It only takes one individual to identify an within a specific time frame. opportunity to benefit from a risk mitigating action in another part of the business for the real value of integrated risk management to be made. Management – The key to successful risk management has always been MANAGEMENT! For 1 0-7803-9546-8/06/$20.00© 2006 IEEE 3 1 IEEEAC paper #1001, Version 6, Updated Oct, 28 2005
risk management to succeed we must do something Risk Management Lifecycle Timeframes about the risks we have identified and evaluated. This Trigger Expiry requires us to involve people in the process; and their Date Date contribution will be crucial to the success of our Resolution Date Impact Period endeavour. To gain full and effective buy-in at this Mitigation stage, it is important that we develop appropriate management actions. By appropriate I mean a real Time Control/ Fallback Planning action that is neither too detailed nor too general to be Management Period of value. A management or risk mitigation action has Plan Start Date Plan End Date to be a real task that is both measurable and realistic Planning the lifecycle of a risk to achieve. Often known as “SMART” risk management, a mitigation action must be specific to the issue we seek to address, measurable in terms of the perceived goal, achievable and realistic to achieve, TECHNIQUES TO GAIN INVOLVEMENT and have tangible results. Finally, the action must be As well as having a process that closely involves timed, a predefined window of opportunity in which people from the outset, there are a number of other soft the risk can be addressed. techniques which we should use to further encourage involvement and continuous contribution throughout There are also risks that we will choose to not to an endeavour’s lifecycle. manage and those that will occur no matter what we do. It is important that we plan for the worst: develop Involvement – Encouraging involvement within the contingency and recovery plans. These fallback plans risk process needs to penetrate all levels of an need to be treated like normal actions and regularly organization. Highlighting the benefits of participation reviewed to ensure that they remain valid and have not and involvement is core to this process. This visibility been superseded by other events. means that such things as naming successful individuals in board meetings, management team reviews and in dispatches emphasizes the importance WHAT ABOUT THE POSITIVE ASPECTS OF of the activity. Leading from the top is very important. RISK? The board needs to be involved in this process especially considering recent corporate governance and Another reason why individuals groan at the sight of internal control requirements, which state than the the risk team is that, unfortunately, risk management is board must be aware of the risks to their business. often perceived as only being negative: risk management generally concentrates on the need to find Another method of increasing involvement is to reward potential problems. In this case, risk management is positive input to the risk process. Many companies seen in a pessimistic light and the risk team then can already reward individuals who identify ways of always be seen as the bearers of bad news. increasing productivity or realize cost savings. There is no reason why this should not be expanded to risk But risks can also contain positives. A risk could either management because, through risk management, an be a threat to our endeavour or it could present us with organization may avoid massive potential cost an opportunity to increase business value. By increases, realise savings and identify opportunities to attempting to identify both the threats AND significantly improve how a business is managed. opportunities, risk management can be seen as helping to realise benefits – not just as a tool used to identify Champions – Although this article has said that risk problems. By actively seeking benefits the process can management should be pursued by all, it is essential to be seen to add even more value, the risk team as more have key sponsors and employees that have the positive contributors (not negative) and this will help necessary authority and budget to initiate and manage produce a much more positive risk culture at all levels change. Ideally, the sponsors should also include a of an organization. board member and a director whose responsibilities include risk management and has the authority to operate across operating divisions. If employees are aware that risk is taken seriously by senior management then they themselves will see it is in their best interest to participate in and contribute to the risk process. 1 0-7803-9546-8/06/$20.00© 2006 IEEE 4 1 IEEEAC paper #1001, Version 6, Updated Oct, 28 2005
Visibility – The visibility of risk management within an importance that the organization places on risk organization is extremely important to promoting a risk management from day one. Another couple methods to aware culture. The profile and importance of risk improve risk management commitment and management within an organization has to be contribution is to introduce brief risk awareness demonstrated. This can be achieved in a number of lunchtime seminars and/or formal training for key ways. For example, a statement on risk could be project members. included in an organization’s dispatches, intranet or newsletters. Statements that highlight the importance New Technologies – Use of web-based technologies of risk management and provide examples of its and company intranets are also becoming common success in the organization increase awareness. In the practice. They may be used to effectively provide past we have seen vast improvement in risk awareness information on risk management best practice, and the on many projects and organizations by encouraging the benefits and progress achieved to date across placement of risk posters around an office. distributed geographical environments. Some elements can include details of management techniques, These posters should be simple: they should list the top contribution areas to allow feedback to be quickly risks (threats and opportunities) for a set period, communicated back to the risk team, and lessons highlight ownership and propose management’s learned from risk management in other business areas. activities to mitigate the risks. This can act as a constant reminder to the potential issues that could The risk manger’s toolkit needs to support and use drive a project or organization off-track. Also included technologies that add value. The use of web-based risk on the poster should be the successes achieved to date. management tools allow all stakeholders to view These successes such as risks avoided, opportunities information that is relevant to their level, understand realised and management activities completed should the relevant risks they face now and in the future, and be highlighted as they positively communicate how a share that information across all levels of the team is succeeding with their collective objectives. organization. Finally, people obtain satisfaction from positive promotion of their value to the business. So, if they have contributed positively to help resolve an issue they should also publicly receive the credit. Communication – Providing a framework for effective communication is essential for any business process. This is especially true for risk management, which requires an environment that is open and provides an information-aware blame-free culture. To this end it is important that we assertively communicate about risks and issues by letting colleagues know of any risks that have been successfully addressed. In other words successes should be highlighted to show the process works. Likewise, if things go wrong, the failures or missed deadline should be openly discussed and the reasons for failure learned. Defensive behaviour by any team member should be actively discouraged and managed with positive encouragement, action and behaviour. Web-based, risk management system Training and Education – Lack of understanding within an organization or team is often a reason for ineffective process adoption. Understanding can be increased through education and training on risk management processes – whether on an in-house or formal training course. Many organizations run training courses for new employees on company procedures. A section of this training that included risk management awareness would emphasize the 1 0-7803-9546-8/06/$20.00© 2006 IEEE 5 1 IEEEAC paper #1001, Version 6, Updated Oct, 28 2005
complex to be effective and has been working with a SUMMARY number of major companies to develop and champion risk processes which encourages contribution from all In summary, when attempting to gain contribution to a stakeholders. process, the people cannot be overlooked. A combination of soft techniques and a formal process Karl has also been responsible for developing the risk must be adopted to engage and demonstrate the management chapter for the Association of Project importance of individuals to this critical function. Managers (APM) Project Pathways publication and was involved in developing the ‘Implementation of Aiding the creation of a risk-aware culture can be Risk Management’ Chapter for the new APM Project achieved by the sensible use of briefings, workshops Risk guide. and including a risk management discussion in progress meetings. Leaving risk management as the last agenda item during a meeting often means that it never get discussed. This sends a message to the team that it is not important; so serious consideration to this should be taken into account when meeting agendas are set. Encouragement should be given to the team to bring ideas forward even if they are outside of their areas of responsibility. And a team ideally should include all stakeholders in the endeavour: suppliers, customers, partners, subcontractors, regulatory authorities, etc. A change in culture may be required. An organization needs to establish a blame-free environment that allows and encourages the airing of potential issues. Managers at all levels need to demonstrate that risk identification is extremely valuable to the business and something that needs to be embraced by all. Finally, it must always be remembered that the key to risk management is management! The process will fail if management and end-user commitment/contribution is lacking, and risks are not efficiently identified, assessed, managed and pursued to their acceptable conclusion. BIOGRAPHY Karl Davey CEng MIEE of Strategic Thought Ltd is the Head of Risk Management and leads the Active Risk Manager Consultancy Team. Karl has over 12 years of in-depth and practical experience in the application of proactive risk management across organizations and on major projects – both in the Defense and commercial sectors. Karl regularly lectures on risk management and has provided proven risk management training for universities and clients in the UK, North America, Australia, New Zealand and Japan. Karl believes that risk management does not have to be 1 0-7803-9546-8/06/$20.00© 2006 IEEE 6 1 IEEEAC paper #1001, Version 6, Updated Oct, 28 2005

Empfohlen

Revista PM Network
Revista PM NetworkRevista PM Network
Revista PM NetworkDC-DinsmoreCompass
 
Leadership in a crisis responding to the coronavirus outbreak
Leadership in a crisis responding to the coronavirus outbreakLeadership in a crisis responding to the coronavirus outbreak
Leadership in a crisis responding to the coronavirus outbreakGraham Watson
 
Proactive Risk Management
Proactive Risk ManagementProactive Risk Management
Proactive Risk Managementkevinlu
 
Solutions to Managing a Crisis
Solutions to Managing a CrisisSolutions to Managing a Crisis
Solutions to Managing a Crisisaakash malhotra
 
Common failures of risk management
Common failures of risk management Common failures of risk management
Common failures of risk management Surajit Datta
 
disaster-recovery-online
disaster-recovery-onlinedisaster-recovery-online
disaster-recovery-onlineShaktinandan Satyakam
 
On Risks and Agile Approaches
On Risks and Agile ApproachesOn Risks and Agile Approaches
On Risks and Agile ApproachesEmiliano Soldi
 
Contribution to PMI article
Contribution to PMI articleContribution to PMI article
Contribution to PMI articleHSBC Private Bank
 

Weitere ähnliche Inhalte

Was ist angesagt?

SagaciousThink Overview
SagaciousThink OverviewSagaciousThink Overview
SagaciousThink OverviewLouAnn Conner
 
Ab Initio January 2012
Ab Initio January 2012Ab Initio January 2012
Ab Initio January 2012Upohan
 
Impact of Changing World Politics in Managing Risk
Impact of Changing World Politics in Managing RiskImpact of Changing World Politics in Managing Risk
Impact of Changing World Politics in Managing RiskPECB
 
Best Practice Crisis And Issues Management A Recommended Approach By SMC
Best Practice Crisis And Issues Management A Recommended Approach By SMCBest Practice Crisis And Issues Management A Recommended Approach By SMC
Best Practice Crisis And Issues Management A Recommended Approach By SMCJanet Saunders
 
Leadership, Intangibles & Talent Q1 2009 Four Groups
Leadership, Intangibles & Talent Q1 2009 Four GroupsLeadership, Intangibles & Talent Q1 2009 Four Groups
Leadership, Intangibles & Talent Q1 2009 Four GroupsFour Groups
 
Issues management and crisis management
Issues management and crisis managementIssues management and crisis management
Issues management and crisis managementnamakuguten
 
Securities America Financial Corp.-Monthly Newsletter-3/11
Securities America Financial Corp.-Monthly Newsletter-3/11Securities America Financial Corp.-Monthly Newsletter-3/11
Securities America Financial Corp.-Monthly Newsletter-3/11Securities America Inc.
 
THE NEW RELIGION OF RISK MANAGEMENT
THE NEW RELIGION OF RISK MANAGEMENTTHE NEW RELIGION OF RISK MANAGEMENT
THE NEW RELIGION OF RISK MANAGEMENTWisnumurti Rahardjo
 
Crisis management presentation
Crisis management presentationCrisis management presentation
Crisis management presentationiChange
 
Ethan Berman at Risk Metric (A)
Ethan Berman at Risk Metric (A) Ethan Berman at Risk Metric (A)
Ethan Berman at Risk Metric (A) Wisnumurti Rahardjo
 
Stephen Warrilow Slideshow(1)
Stephen Warrilow Slideshow(1)Stephen Warrilow Slideshow(1)
Stephen Warrilow Slideshow(1)lynton
 
Risk Management Infographic
Risk Management InfographicRisk Management Infographic
Risk Management InfographicSAP Analytics
 
Siegfried addressing current governance and risk management challenges in gov...
Siegfried addressing current governance and risk management challenges in gov...Siegfried addressing current governance and risk management challenges in gov...
Siegfried addressing current governance and risk management challenges in gov...icgfmconference
 
VaLUENTiS Nicholas J Higgins 12 Key Differentiators of Leader-Managers 02-2014
VaLUENTiS Nicholas J Higgins 12 Key Differentiators of Leader-Managers 02-2014VaLUENTiS Nicholas J Higgins 12 Key Differentiators of Leader-Managers 02-2014
VaLUENTiS Nicholas J Higgins 12 Key Differentiators of Leader-Managers 02-2014njhceo01
 

Was ist angesagt? (19)

PMN1115 Org Agility
PMN1115 Org AgilityPMN1115 Org Agility
PMN1115 Org Agility
 
SagaciousThink Overview
SagaciousThink OverviewSagaciousThink Overview
SagaciousThink Overview
 
Ab Initio January 2012
Ab Initio January 2012Ab Initio January 2012
Ab Initio January 2012
 
Impact of Changing World Politics in Managing Risk
Impact of Changing World Politics in Managing RiskImpact of Changing World Politics in Managing Risk
Impact of Changing World Politics in Managing Risk
 
People Risk Collateral
People Risk CollateralPeople Risk Collateral
People Risk Collateral
 
People Risk Collateral
People Risk CollateralPeople Risk Collateral
People Risk Collateral
 
Best Practice Crisis And Issues Management A Recommended Approach By SMC
Best Practice Crisis And Issues Management A Recommended Approach By SMCBest Practice Crisis And Issues Management A Recommended Approach By SMC
Best Practice Crisis And Issues Management A Recommended Approach By SMC
 
Leadership, Intangibles & Talent Q1 2009 Four Groups
Leadership, Intangibles & Talent Q1 2009 Four GroupsLeadership, Intangibles & Talent Q1 2009 Four Groups
Leadership, Intangibles & Talent Q1 2009 Four Groups
 
Issues management and crisis management
Issues management and crisis managementIssues management and crisis management
Issues management and crisis management
 
Securities America Financial Corp.-Monthly Newsletter-3/11
Securities America Financial Corp.-Monthly Newsletter-3/11Securities America Financial Corp.-Monthly Newsletter-3/11
Securities America Financial Corp.-Monthly Newsletter-3/11
 
THE NEW RELIGION OF RISK MANAGEMENT
THE NEW RELIGION OF RISK MANAGEMENTTHE NEW RELIGION OF RISK MANAGEMENT
THE NEW RELIGION OF RISK MANAGEMENT
 
Crisis management presentation
Crisis management presentationCrisis management presentation
Crisis management presentation
 
Ethan Berman at Risk Metric (A)
Ethan Berman at Risk Metric (A) Ethan Berman at Risk Metric (A)
Ethan Berman at Risk Metric (A)
 
Stephen Warrilow Slideshow(1)
Stephen Warrilow Slideshow(1)Stephen Warrilow Slideshow(1)
Stephen Warrilow Slideshow(1)
 
Risk Management Infographic
Risk Management InfographicRisk Management Infographic
Risk Management Infographic
 
Siegfried addressing current governance and risk management challenges in gov...
Siegfried addressing current governance and risk management challenges in gov...Siegfried addressing current governance and risk management challenges in gov...
Siegfried addressing current governance and risk management challenges in gov...
 
VaLUENTiS Nicholas J Higgins 12 Key Differentiators of Leader-Managers 02-2014
VaLUENTiS Nicholas J Higgins 12 Key Differentiators of Leader-Managers 02-2014VaLUENTiS Nicholas J Higgins 12 Key Differentiators of Leader-Managers 02-2014
VaLUENTiS Nicholas J Higgins 12 Key Differentiators of Leader-Managers 02-2014
 
Guidebook: Optimizing Your Leadership Pipeline
Guidebook: Optimizing Your Leadership PipelineGuidebook: Optimizing Your Leadership Pipeline
Guidebook: Optimizing Your Leadership Pipeline
 
MBWA
MBWAMBWA
MBWA
 

Andere mochten auch

2013 SOPAC presentation understanding hidden risks
2013 SOPAC presentation understanding hidden risks2013 SOPAC presentation understanding hidden risks
2013 SOPAC presentation understanding hidden risksKarl Davey
 
2005 Project Management Institute presentation on Risk Management
2005 Project Management Institute presentation on Risk Management2005 Project Management Institute presentation on Risk Management
2005 Project Management Institute presentation on Risk ManagementKarl Davey
 
Risk Leadership Perspectives Breakfast Risk Manager of the Year Karl Davey
Risk Leadership Perspectives Breakfast Risk Manager of the Year Karl DaveyRisk Leadership Perspectives Breakfast Risk Manager of the Year Karl Davey
Risk Leadership Perspectives Breakfast Risk Manager of the Year Karl Daveykarld
 
VÅRD FÖR EN NY TID – Hur IT och nya arbetssätt kan ge ökat patientfokus i vården
VÅRD FÖR EN NY TID – Hur IT och nya arbetssätt kan ge ökat patientfokus i vårdenVÅRD FÖR EN NY TID – Hur IT och nya arbetssätt kan ge ökat patientfokus i vården
VÅRD FÖR EN NY TID – Hur IT och nya arbetssätt kan ge ökat patientfokus i vårdenCenterpartiet i Region Skåne
 
The use of risk management systems can asist with ERM implementations
The use of risk management systems can asist with ERM implementationsThe use of risk management systems can asist with ERM implementations
The use of risk management systems can asist with ERM implementationsKarl Davey
 
It 2 r ppt for screencast feb 19
It 2 r ppt for screencast feb 19It 2 r ppt for screencast feb 19
It 2 r ppt for screencast feb 19joerussellitalian
 
Risk leadership perspectives Risk Manager of the Year
Risk leadership perspectives Risk Manager of the YearRisk leadership perspectives Risk Manager of the Year
Risk leadership perspectives Risk Manager of the YearKarl Davey
 
Advanced Composition
Advanced CompositionAdvanced Composition
Advanced Compositionzaritmaaa
 
Quantitative Risk Analysis - Preventing Project cost escalation
Quantitative Risk Analysis - Preventing Project cost escalationQuantitative Risk Analysis - Preventing Project cost escalation
Quantitative Risk Analysis - Preventing Project cost escalationKarl Davey
 
inflammatory bowel disease and drug used for it
inflammatory bowel disease and drug used for it inflammatory bowel disease and drug used for it
inflammatory bowel disease and drug used for itIslam Home
 
antimuscarnic drug
antimuscarnic drugantimuscarnic drug
antimuscarnic drugIslam Home
 
Pharmaceutical water
Pharmaceutical waterPharmaceutical water
Pharmaceutical waterIslam Home
 
Thule competitiveanalysis(jrs)
Thule competitiveanalysis(jrs)Thule competitiveanalysis(jrs)
Thule competitiveanalysis(jrs)James Silvester
 

Andere mochten auch (20)

2013 SOPAC presentation understanding hidden risks
2013 SOPAC presentation understanding hidden risks2013 SOPAC presentation understanding hidden risks
2013 SOPAC presentation understanding hidden risks
 
2005 Project Management Institute presentation on Risk Management
2005 Project Management Institute presentation on Risk Management2005 Project Management Institute presentation on Risk Management
2005 Project Management Institute presentation on Risk Management
 
Risk Leadership
Risk LeadershipRisk Leadership
Risk Leadership
 
Risk Leadership Perspectives Breakfast Risk Manager of the Year Karl Davey
Risk Leadership Perspectives Breakfast Risk Manager of the Year Karl DaveyRisk Leadership Perspectives Breakfast Risk Manager of the Year Karl Davey
Risk Leadership Perspectives Breakfast Risk Manager of the Year Karl Davey
 
Insulin
InsulinInsulin
Insulin
 
VÅRD FÖR EN NY TID – Hur IT och nya arbetssätt kan ge ökat patientfokus i vården
VÅRD FÖR EN NY TID – Hur IT och nya arbetssätt kan ge ökat patientfokus i vårdenVÅRD FÖR EN NY TID – Hur IT och nya arbetssätt kan ge ökat patientfokus i vården
VÅRD FÖR EN NY TID – Hur IT och nya arbetssätt kan ge ökat patientfokus i vården
 
The use of risk management systems can asist with ERM implementations
The use of risk management systems can asist with ERM implementationsThe use of risk management systems can asist with ERM implementations
The use of risk management systems can asist with ERM implementations
 
It 2 r ppt for screencast feb 19
It 2 r ppt for screencast feb 19It 2 r ppt for screencast feb 19
It 2 r ppt for screencast feb 19
 
Risk leadership perspectives Risk Manager of the Year
Risk leadership perspectives Risk Manager of the YearRisk leadership perspectives Risk Manager of the Year
Risk leadership perspectives Risk Manager of the Year
 
Perfect game
Perfect gamePerfect game
Perfect game
 
Advanced Composition
Advanced CompositionAdvanced Composition
Advanced Composition
 
Quantitative Risk Analysis - Preventing Project cost escalation
Quantitative Risk Analysis - Preventing Project cost escalationQuantitative Risk Analysis - Preventing Project cost escalation
Quantitative Risk Analysis - Preventing Project cost escalation
 
inflammatory bowel disease and drug used for it
inflammatory bowel disease and drug used for it inflammatory bowel disease and drug used for it
inflammatory bowel disease and drug used for it
 
antimuscarnic drug
antimuscarnic drugantimuscarnic drug
antimuscarnic drug
 
inflammation
inflammationinflammation
inflammation
 
ibuprofen
ibuprofen ibuprofen
ibuprofen
 
Pharmaceutical water
Pharmaceutical waterPharmaceutical water
Pharmaceutical water
 
thiazides
thiazides thiazides
thiazides
 
Thule competitiveanalysis(jrs)
Thule competitiveanalysis(jrs)Thule competitiveanalysis(jrs)
Thule competitiveanalysis(jrs)
 
Succession “Losers”: What Happens to Executives Passed Over for the CEO Job?
Succession “Losers”: What Happens to Executives Passed Over for the CEO Job? Succession “Losers”: What Happens to Executives Passed Over for the CEO Job?
Succession “Losers”: What Happens to Executives Passed Over for the CEO Job?
 

Ähnlich wie Improving the application of risk management

Ateet Kapadia | Simple Tips for Project Risk Management Techniques
Ateet Kapadia | Simple Tips for Project Risk Management TechniquesAteet Kapadia | Simple Tips for Project Risk Management Techniques
Ateet Kapadia | Simple Tips for Project Risk Management TechniquesAteetKapadia
 
Managing Risk in Uncertain times
Managing Risk in Uncertain timesManaging Risk in Uncertain times
Managing Risk in Uncertain timesChris Fletcher
 
Enterprise risk management-Yashvanth G Nayak
Enterprise risk management-Yashvanth G NayakEnterprise risk management-Yashvanth G Nayak
Enterprise risk management-Yashvanth G NayakYashavanth Nayak
 
Conversations oneffectiveit management
Conversations oneffectiveit managementConversations oneffectiveit management
Conversations oneffectiveit managementComputer Aid, Inc
 
Building an invisible framework for risk management
Building an invisible framework for risk managementBuilding an invisible framework for risk management
Building an invisible framework for risk managementhallowedblasphe76
 
Change and the Finance Function
Change and the Finance FunctionChange and the Finance Function
Change and the Finance FunctionMorgan McKinley
 
Enterprise Risk Management for the Digital Transformation Age
Enterprise Risk Management for the Digital Transformation AgeEnterprise Risk Management for the Digital Transformation Age
Enterprise Risk Management for the Digital Transformation AgeCareer Communications Group
 
Management of Risk M_o_R Dubai - Syzygal
Management of Risk M_o_R Dubai - SyzygalManagement of Risk M_o_R Dubai - Syzygal
Management of Risk M_o_R Dubai - SyzygalSyzygal
 
Chaitanya Kosaraju Week 4 discussionCOLLAPSETop of FormHan.docx
Chaitanya Kosaraju Week 4 discussionCOLLAPSETop of FormHan.docxChaitanya Kosaraju Week 4 discussionCOLLAPSETop of FormHan.docx
Chaitanya Kosaraju Week 4 discussionCOLLAPSETop of FormHan.docxketurahhazelhurst
 
Lc Risq One Pager
Lc Risq One PagerLc Risq One Pager
Lc Risq One PagerLita Cuen
 
WTW-EU-16-PUB-1735 Risk Culture Perspectives_V02
WTW-EU-16-PUB-1735 Risk Culture Perspectives_V02WTW-EU-16-PUB-1735 Risk Culture Perspectives_V02
WTW-EU-16-PUB-1735 Risk Culture Perspectives_V02Mike Wilkinson
 
Module 15 - Risk Management.pptx
Module 15 - Risk Management.pptxModule 15 - Risk Management.pptx
Module 15 - Risk Management.pptxcaniceconsulting
 
Enhancing Existing Risk Management in National Statistical Institutes by Usin...
Enhancing Existing Risk Management in National Statistical Institutes by Usin...Enhancing Existing Risk Management in National Statistical Institutes by Usin...
Enhancing Existing Risk Management in National Statistical Institutes by Usin...Светла Иванова
 
Risk-Management-ppt.pptx
Risk-Management-ppt.pptxRisk-Management-ppt.pptx
Risk-Management-ppt.pptxYashuShukla2
 
Integrated Risk Management Whitepaper - CAMMS
Integrated Risk Management Whitepaper - CAMMSIntegrated Risk Management Whitepaper - CAMMS
Integrated Risk Management Whitepaper - CAMMSCAMMS
 
Common Objectives of the CRO and the CAE
Common Objectives of the CRO and the CAECommon Objectives of the CRO and the CAE
Common Objectives of the CRO and the CAEWheelhouse Advisors LLC
 
as response to this post 75 words if in text cite use reference 
as response to this post 75 words if in text cite use reference as response to this post 75 words if in text cite use reference 
as response to this post 75 words if in text cite use reference mallisonshavon
 

Ähnlich wie Improving the application of risk management (20)

Ateet Kapadia | Simple Tips for Project Risk Management Techniques
Ateet Kapadia | Simple Tips for Project Risk Management TechniquesAteet Kapadia | Simple Tips for Project Risk Management Techniques
Ateet Kapadia | Simple Tips for Project Risk Management Techniques
 
Managing Risk in Uncertain times
Managing Risk in Uncertain timesManaging Risk in Uncertain times
Managing Risk in Uncertain times
 
Enterprise risk management-Yashvanth G Nayak
Enterprise risk management-Yashvanth G NayakEnterprise risk management-Yashvanth G Nayak
Enterprise risk management-Yashvanth G Nayak
 
Irm Risk Appetite
Irm Risk AppetiteIrm Risk Appetite
Irm Risk Appetite
 
Conversations oneffectiveit management
Conversations oneffectiveit managementConversations oneffectiveit management
Conversations oneffectiveit management
 
Building an invisible framework for risk management
Building an invisible framework for risk managementBuilding an invisible framework for risk management
Building an invisible framework for risk management
 
Change and the Finance Function
Change and the Finance FunctionChange and the Finance Function
Change and the Finance Function
 
Enterprise Risk Management for the Digital Transformation Age
Enterprise Risk Management for the Digital Transformation AgeEnterprise Risk Management for the Digital Transformation Age
Enterprise Risk Management for the Digital Transformation Age
 
Management of Risk M_o_R Dubai - Syzygal
Management of Risk M_o_R Dubai - SyzygalManagement of Risk M_o_R Dubai - Syzygal
Management of Risk M_o_R Dubai - Syzygal
 
Chaitanya Kosaraju Week 4 discussionCOLLAPSETop of FormHan.docx
Chaitanya Kosaraju Week 4 discussionCOLLAPSETop of FormHan.docxChaitanya Kosaraju Week 4 discussionCOLLAPSETop of FormHan.docx
Chaitanya Kosaraju Week 4 discussionCOLLAPSETop of FormHan.docx
 
Lc Risq One Pager
Lc Risq One PagerLc Risq One Pager
Lc Risq One Pager
 
WTW-EU-16-PUB-1735 Risk Culture Perspectives_V02
WTW-EU-16-PUB-1735 Risk Culture Perspectives_V02WTW-EU-16-PUB-1735 Risk Culture Perspectives_V02
WTW-EU-16-PUB-1735 Risk Culture Perspectives_V02
 
Descriptor MetisGRC
Descriptor MetisGRCDescriptor MetisGRC
Descriptor MetisGRC
 
Module 15 - Risk Management.pptx
Module 15 - Risk Management.pptxModule 15 - Risk Management.pptx
Module 15 - Risk Management.pptx
 
Enhancing Existing Risk Management in National Statistical Institutes by Usin...
Enhancing Existing Risk Management in National Statistical Institutes by Usin...Enhancing Existing Risk Management in National Statistical Institutes by Usin...
Enhancing Existing Risk Management in National Statistical Institutes by Usin...
 
Risk-Management-ppt.pptx
Risk-Management-ppt.pptxRisk-Management-ppt.pptx
Risk-Management-ppt.pptx
 
Integrated Risk Management Whitepaper - CAMMS
Integrated Risk Management Whitepaper - CAMMSIntegrated Risk Management Whitepaper - CAMMS
Integrated Risk Management Whitepaper - CAMMS
 
Common Objectives of the CRO and the CAE
Common Objectives of the CRO and the CAECommon Objectives of the CRO and the CAE
Common Objectives of the CRO and the CAE
 
as response to this post 75 words if in text cite use reference 
as response to this post 75 words if in text cite use reference as response to this post 75 words if in text cite use reference 
as response to this post 75 words if in text cite use reference 
 
Let's Talk about Risk
Let's Talk about RiskLet's Talk about Risk
Let's Talk about Risk
 

Improving the application of risk management

  • 1. Improving the Application of Risk Management: Moving from a ‘Name and Blame’ to ‘Name and Gain’ Culture Karl Davey CEng MIEE Head of Risk Management Strategic Thought Limited The Old Town Hall, 4 Queens Road London, England SW19 8YA karl.davey@strategicthought.com Risk management is not just about processes and INTRODUCTION methodologies. It is also about people and their involvement in the objectives of having such systems. This paper explores why risk management It is a fact that all projects and business endeavours often fails to deliver against defined performance face uncertainty. The need to address these sources criteria and looks at methods of improving the buy- of uncertainty and increase the likelihood of success in and commitment to making risk management is not only common sense but also good business work as promoted. practice. To this end many organizations seek management techniques to address these issues and, as a result, see risk management as the answer to FOREWORD this problem. Recent history is full of high profile and news worthy project/business failures. In many of these Today, risk management is widely publicised as a cases the quality of risk management has been process which seeks to give organizations an edge in questioned and blamed as a contributing factor. Of today’s uncertain and competitive environment. It is more significance, where project and business risk also generally accepted that the benefits of risk were identified, the lack of effective mitigation management provide, for example: rendered the value of risk and opportunity identification meaningless • greater understanding of project or business objects or goals; But why does this happen? Many organizations involved in failures claim to undertake risk • more realistic business and project planning; management and have developed processes based • improved management of project and business on widely published best practice guides or costs; and, international standards. A common conclusion that can be drawn from the lessons learned, however, is • more effective communication within an that having a risk process and system in place is organization. only part of the solution. If commitment and understanding, as to why risk management is It is therefore fundamental that a collaborative risk important to all participants’ goals, is lacking and a culture be developed to allow an organization to team has not bought into the full risk process, effectively address the problems and opportunities including mitigation actions, the risk management they may face. Unfortunately the farthest many process will fail. organizations travel in creating a positive risk-aware culture is in developing detailed risk management processes, publishing them on their websites and TABLE OF CONTENTS mandating their organization or teams to “just do INTRODUCTION……………………………….…1 it”. PROMOTING BUY-IN TO THE RISK PROCESS…..3 TECHNIQUES TO GAIN INVOLVEMENT………...5 SUMMARY…………………………………........6 1 0-7803-9546-8/06/$20.00© 2006 IEEE 1 1 IEEEAC paper #1001, Version 6, Updated Oct, 28 2005
  • 2. However, all too commonly, an often overlooked From understanding how individuals perceive and area of the risk process is the human element. For react to the risk process we can see where processes risk management to be truly effective, individuals go wrong. from all levels of the enterprise must be involved throughout the process and ideally from the outset of the endeavour. This means involving people and their opinions and perceptions. After all, isn’t risk ent management just another part of good people and mitm project management? Com No Many organizations spend valuable resources developing what, on paper, appears to be an ctive effective risk management process. But when In-effe ement exposed to their employees the process never Po operates as intended. Why is this? Surely the Manag Ident or ificat process couldn’t have been that wrong to start with? ion ks k Ris The problem is a combination of people, the risk process and its shortfalls. The solution is simple in concept. Those involved within the organization just Wea don’t see the value of the process and why it is necessary. Are people’s performance measured upon their involvement in the process? Most of the time Where the risk management process goes wrong the answer is no. And these busy people have enough to do without having to also think about how to solve difficult problems! One major cause for poor perception of risk management relates to risk management being considered a “black art”. Granted, risk management As a risk consultant, often called in to address these does sometimes appear subjective. So we need to issues and address why the process is not working understand how to verify or input data and interpret as intended, the feedback from interviews with staff the results more consistently and objectively. Also, can be very enlightening and forms a basis for the since we are dealing with uncertain events, which considerations management should consider when may or may not happen, we need to be able to implementing a risk aware culture. Similar measure the effectiveness of our process. And comments come up often, regardless of the industry another major issue relates to the view that risk or size of company. These comments generally management is a complex and specialist share a theme that relates to understanding why the management technique that needs to be performed process is not important to them: by expert risk managers. With all of these perceptions, the result can be a gradual withdrawal from a process that was designed to help, not hurt, • I’m too busy running the project. the business. • We manage risk anyway. Therefore, we must ensure that our processes • What’s in it for me? encourage understanding, buy-in and commitment to in • Risk always focuses on the negatives. order to achieve shared objectives from the offset. If we fail to do this, the risk process will spiral into • It’s a paper exercise. disrepute and become untenable. • It’s of no real value; it’s just maths and statistics. • It doesn’t solve real problems. 1 0-7803-9546-8/06/$20.00© 2006 IEEE 2 1 IEEEAC paper #1001, Version 6, Updated Oct, 28 2005
  • 3. PROMOTING BUY-IN TO THE RISK PROCESS Asking individuals to contribute at early stages of an endeavour demonstrates that their involvement and opinions are valued and is a key part of a risk The key to successful risk management (and in fact manager’s role. any management process) is a shared desire to succeed because this brings both personal and team satisfaction. From this flows a willingness to learn, Evaluation – “Simple”, “sensible” and comply and contribute. So it is necessary to ensure “comprehendible” are keywords at this stage of the risk we develop (or enhance) a risk management process process. As mentioned earlier, some risk processes are that encourages contribution from all parties over complicated by organizations and can lead to a involved in the project or business endeavour. lack of understanding, of the meaning and substance of results, by those involved in the project. This loss of understanding can lead to increased costs, time and We must take a number of carefully considered steps effort trying explaining the risk process rather than and develop an internal risk environment that gains the actually managing the risks that have been identified. contribution of those in our business. If we look at any standard risk process from the simplest perspective, To develop a sensible understanding of the risk issues then we can identify and simply some improvement within the organization, simple-to-use techniques areas to make increased buy-in more achievable. should be applied. Risk weighting factors and scoring/assessment criteria need to be developed and Identification – This is the first key step of the risk agreed upon by the key stakeholders of an endeavour. process. Undoubtedly, we will have identified risks from our documentation, assumptions, business plan or V High -25 -24 -23 -22 -18 5 11 18 19 21 25 tender response. However, we should also talk to those 5 2 people who are, or will be, actively involved in the High -21 -20 -17 -16 -15 4 10 14 20 24 project or business organization/enterprise: those that Probability Med need to make things happen. -19 -14 -13 -12 -9 3 8 13 17 19 23 9 7 Low -11 -10 -8 -7 -6 2 7 12 16 22 Shareholders Shareholders V Low -5 -4 -3 -2 -1 1 6 9 15 17 18 25 Board Board Customers Customers V High High Med Low V Low | V Low Low Med High V High Risk Level Probability Impact Diagram (Opportunity and Threat) Management Risk Risk Suppliers Management Suppliers System System These then need to be consistently applied across an organization and customized only to reflect projects or business endeavours which differ in terms of duration, Staff Staff Regulators Regulators budget or scope. Auditors Auditors Risk Lifecycle – It is often all too easy to purely focus on the big risks: those that sit at the top of the risk list. Risk management stakeholders But are we missing something? Are there risks that We, therefore, need to include all key stakeholders demand immediate attention that may not be at the top from all levels of the organization. History and lessons of the risk register? By also understanding when the learned from previous projects provide an extensive risks we face will occur, we can make better use of our source of risk information. The experiences of resources. individuals in our organizations offer a living, Significant value can be delivered by listing both the breathing knowledgebase that can identify possible big risks that occur in the next 6 months and the risks from experience and possible strategies to address smaller risks which can be cost-effectively managed them. It only takes one individual to identify an within a specific time frame. opportunity to benefit from a risk mitigating action in another part of the business for the real value of integrated risk management to be made. Management – The key to successful risk management has always been MANAGEMENT! For 1 0-7803-9546-8/06/$20.00© 2006 IEEE 3 1 IEEEAC paper #1001, Version 6, Updated Oct, 28 2005
  • 4. risk management to succeed we must do something Risk Management Lifecycle Timeframes about the risks we have identified and evaluated. This Trigger Expiry requires us to involve people in the process; and their Date Date contribution will be crucial to the success of our Resolution Date Impact Period endeavour. To gain full and effective buy-in at this Mitigation stage, it is important that we develop appropriate management actions. By appropriate I mean a real Time Control/ Fallback Planning action that is neither too detailed nor too general to be Management Period of value. A management or risk mitigation action has Plan Start Date Plan End Date to be a real task that is both measurable and realistic Planning the lifecycle of a risk to achieve. Often known as “SMART” risk management, a mitigation action must be specific to the issue we seek to address, measurable in terms of the perceived goal, achievable and realistic to achieve, TECHNIQUES TO GAIN INVOLVEMENT and have tangible results. Finally, the action must be As well as having a process that closely involves timed, a predefined window of opportunity in which people from the outset, there are a number of other soft the risk can be addressed. techniques which we should use to further encourage involvement and continuous contribution throughout There are also risks that we will choose to not to an endeavour’s lifecycle. manage and those that will occur no matter what we do. It is important that we plan for the worst: develop Involvement – Encouraging involvement within the contingency and recovery plans. These fallback plans risk process needs to penetrate all levels of an need to be treated like normal actions and regularly organization. Highlighting the benefits of participation reviewed to ensure that they remain valid and have not and involvement is core to this process. This visibility been superseded by other events. means that such things as naming successful individuals in board meetings, management team reviews and in dispatches emphasizes the importance WHAT ABOUT THE POSITIVE ASPECTS OF of the activity. Leading from the top is very important. RISK? The board needs to be involved in this process especially considering recent corporate governance and Another reason why individuals groan at the sight of internal control requirements, which state than the the risk team is that, unfortunately, risk management is board must be aware of the risks to their business. often perceived as only being negative: risk management generally concentrates on the need to find Another method of increasing involvement is to reward potential problems. In this case, risk management is positive input to the risk process. Many companies seen in a pessimistic light and the risk team then can already reward individuals who identify ways of always be seen as the bearers of bad news. increasing productivity or realize cost savings. There is no reason why this should not be expanded to risk But risks can also contain positives. A risk could either management because, through risk management, an be a threat to our endeavour or it could present us with organization may avoid massive potential cost an opportunity to increase business value. By increases, realise savings and identify opportunities to attempting to identify both the threats AND significantly improve how a business is managed. opportunities, risk management can be seen as helping to realise benefits – not just as a tool used to identify Champions – Although this article has said that risk problems. By actively seeking benefits the process can management should be pursued by all, it is essential to be seen to add even more value, the risk team as more have key sponsors and employees that have the positive contributors (not negative) and this will help necessary authority and budget to initiate and manage produce a much more positive risk culture at all levels change. Ideally, the sponsors should also include a of an organization. board member and a director whose responsibilities include risk management and has the authority to operate across operating divisions. If employees are aware that risk is taken seriously by senior management then they themselves will see it is in their best interest to participate in and contribute to the risk process. 1 0-7803-9546-8/06/$20.00© 2006 IEEE 4 1 IEEEAC paper #1001, Version 6, Updated Oct, 28 2005
  • 5. Visibility – The visibility of risk management within an importance that the organization places on risk organization is extremely important to promoting a risk management from day one. Another couple methods to aware culture. The profile and importance of risk improve risk management commitment and management within an organization has to be contribution is to introduce brief risk awareness demonstrated. This can be achieved in a number of lunchtime seminars and/or formal training for key ways. For example, a statement on risk could be project members. included in an organization’s dispatches, intranet or newsletters. Statements that highlight the importance New Technologies – Use of web-based technologies of risk management and provide examples of its and company intranets are also becoming common success in the organization increase awareness. In the practice. They may be used to effectively provide past we have seen vast improvement in risk awareness information on risk management best practice, and the on many projects and organizations by encouraging the benefits and progress achieved to date across placement of risk posters around an office. distributed geographical environments. Some elements can include details of management techniques, These posters should be simple: they should list the top contribution areas to allow feedback to be quickly risks (threats and opportunities) for a set period, communicated back to the risk team, and lessons highlight ownership and propose management’s learned from risk management in other business areas. activities to mitigate the risks. This can act as a constant reminder to the potential issues that could The risk manger’s toolkit needs to support and use drive a project or organization off-track. Also included technologies that add value. The use of web-based risk on the poster should be the successes achieved to date. management tools allow all stakeholders to view These successes such as risks avoided, opportunities information that is relevant to their level, understand realised and management activities completed should the relevant risks they face now and in the future, and be highlighted as they positively communicate how a share that information across all levels of the team is succeeding with their collective objectives. organization. Finally, people obtain satisfaction from positive promotion of their value to the business. So, if they have contributed positively to help resolve an issue they should also publicly receive the credit. Communication – Providing a framework for effective communication is essential for any business process. This is especially true for risk management, which requires an environment that is open and provides an information-aware blame-free culture. To this end it is important that we assertively communicate about risks and issues by letting colleagues know of any risks that have been successfully addressed. In other words successes should be highlighted to show the process works. Likewise, if things go wrong, the failures or missed deadline should be openly discussed and the reasons for failure learned. Defensive behaviour by any team member should be actively discouraged and managed with positive encouragement, action and behaviour. Web-based, risk management system Training and Education – Lack of understanding within an organization or team is often a reason for ineffective process adoption. Understanding can be increased through education and training on risk management processes – whether on an in-house or formal training course. Many organizations run training courses for new employees on company procedures. A section of this training that included risk management awareness would emphasize the 1 0-7803-9546-8/06/$20.00© 2006 IEEE 5 1 IEEEAC paper #1001, Version 6, Updated Oct, 28 2005
  • 6. complex to be effective and has been working with a SUMMARY number of major companies to develop and champion risk processes which encourages contribution from all In summary, when attempting to gain contribution to a stakeholders. process, the people cannot be overlooked. A combination of soft techniques and a formal process Karl has also been responsible for developing the risk must be adopted to engage and demonstrate the management chapter for the Association of Project importance of individuals to this critical function. Managers (APM) Project Pathways publication and was involved in developing the ‘Implementation of Aiding the creation of a risk-aware culture can be Risk Management’ Chapter for the new APM Project achieved by the sensible use of briefings, workshops Risk guide. and including a risk management discussion in progress meetings. Leaving risk management as the last agenda item during a meeting often means that it never get discussed. This sends a message to the team that it is not important; so serious consideration to this should be taken into account when meeting agendas are set. Encouragement should be given to the team to bring ideas forward even if they are outside of their areas of responsibility. And a team ideally should include all stakeholders in the endeavour: suppliers, customers, partners, subcontractors, regulatory authorities, etc. A change in culture may be required. An organization needs to establish a blame-free environment that allows and encourages the airing of potential issues. Managers at all levels need to demonstrate that risk identification is extremely valuable to the business and something that needs to be embraced by all. Finally, it must always be remembered that the key to risk management is management! The process will fail if management and end-user commitment/contribution is lacking, and risks are not efficiently identified, assessed, managed and pursued to their acceptable conclusion. BIOGRAPHY Karl Davey CEng MIEE of Strategic Thought Ltd is the Head of Risk Management and leads the Active Risk Manager Consultancy Team. Karl has over 12 years of in-depth and practical experience in the application of proactive risk management across organizations and on major projects – both in the Defense and commercial sectors. Karl regularly lectures on risk management and has provided proven risk management training for universities and clients in the UK, North America, Australia, New Zealand and Japan. Karl believes that risk management does not have to be 1 0-7803-9546-8/06/$20.00© 2006 IEEE 6 1 IEEEAC paper #1001, Version 6, Updated Oct, 28 2005