Three Weak Spots in the Risk Process

Known globally as The Risk Doctor, David has been working in risk management for about 30 years. He has worked in 48 countries on every continent except the Antarctic (too cold!), with clients in most industries.

  Lessons Learned   Risk Management   Stakeholder Management   ProjectsAtWork  

There are three important ways in which the typical risk process is flawed: a failure to turn analysis into action; lumping risk issues in other documents, instead of highlighting them separately; and not capturing lessons learned.

A recent article —  “8 Risk Questions” (August 23, 2010) — listed eight steps as essential components of a basic risk process: (1) Getting Started — risk process initiation, (2) Finding Risks — risk identification, (3) Setting Priorities — risk assessment, (4) Deciding What to Do — risk response planning, (5) Taking Action — risk response implementation, (6) Telling Others — risk reporting, (7) Keeping Up to Date — risk reviews, and (8) Capturing Lessons — risk lessons learned.

Although logically this sequence of steps makes good sense, many organizations often do not include all eight steps in their risk process. There are three important ways in which the typical risk process is flawed.

The most significant problem is a failure to turn analysis into action. Despite agreeing on risk responses and allocating actions to Risk Owners, it is common for nothing to get done. One reason for this lack of action is that most risk processes do not have any formal “Risk Response Implementation” (Step 5). Instead we just hope that Risk Owners will do what we ask …

Please log in or sign up below to read the rest of the article.