Failure to provide an appropriate level of risk infrastructure can cripple risk management in an organisation. Too little support makes it difficult to implement the risk process efficiently, while too much infrastructure adds to the cost overhead. Getting the supporting infrastructure right is essential for effective risk management, enabling the risk process to deliver the expected benefits to the organisation and its projects.
This might include choosing techniques, buying or developing software tools, providing training in both knowledge and skills, producing templates for various elements of the risk process, and considering the need for technical support from risk specialists.
It’s particularly important to get each of these elements right if we want to use an inclusive risk process that addresses both threats and opportunities.
Although the underlying risk process is the same whether we are addressing only threats or considering opportunities as well, some modifications are needed to the standard risk techniques when we’re dealing with opportunities, and there are also specific additional techniques that we might employ. For example, we might use SWOT analysis or Force Field Analysis to identify opportunities alongside threats. We’ll need a double P-I Matrix to prioritise both types of risk by probability and impact. Risk response strategies for opportunities are different from threat-based strategies.
Many current popular risk software tools don’t have the functionality needed to include opportunities. We need risk software tools that cover both threats and opportunities, especially for more complex projects that require an in-depth risk process with more detailed analysis.
Many risk training courses still focus exclusively on threats, leaving project team members lacking in both the knowledge and skills required to address opportunities effectively.
We can improve efficiency and consistency by developing templates for various elements of the risk process: risk management plan, risk register, interview outlines, checklists/questionnaires, Risk Breakdown Structure (RBS), risk reports, and so on. Many of these will need to mention opportunities explicitly if they are to support a broader risk process.
Sometimes we need to call in risk experts to assist us, especially for more complex projects that use specialist risk techniques or tools. These experts might come from another project or department, a Project Support Office, an internal risk centre of excellence, or an external consultancy. If our risk process includes opportunities, we’ll need to ensure that the expertise of our chosen experts also covers this aspect of managing risk.
Each of these infrastructure elements can be implemented at different levels, depending on the type, size and complexity of the project being supported. Organisations setting up their risk management capability should invest in providing an appropriate level of risk infrastructure to support the types of projects that they typically perform, with some flexibility to cope with unusual projects that are larger or smaller than usual, or more or less complex. But if we’re serious about including opportunities in our approach to managing risk, we’ll also need to provide the right risk infrastructure to support it.
This article was first published as part of the Risk Doctor Network Briefing (August 2019) and has been posted with permission.