The organization recognized the need to manage risk and has set up a corporate risk committee, but there seems to be areas the organization is willing to really delve into exploring some of the known
The organization annually goes through the motions of identifying and evaluating risks, however when it comes to really developing true mitigation efforts they fall short in the effort by taking the path of least resistance. I am looking for some advice to demonstrate they are not really reducing risk, but could actually be increasing the probability, consequence or both. Saving Changes...
Sort By:
Edward DanielsProject Manager| IndependentGlen Burnie, Md, United States
The generic definition of Risk management as "forecasting and evaluation of financial risks together with the identification of procedures to avoid or minimize their impact" vice PMI's definition ""an uncertain event or condition that, if it occurs, has a positive or negative effect on a project's objectives." has most of us confused about what it should be about.
Risk management like everything else is a framework and the organization's mitigation strategy can be to ACCEPT, TRANSFER, or AVOID risks. Without context, it is hard to see what they may be doing wrong.
It wouldn't be business-savvy to spend thousands of dollars to backup data that is irrelevant to an organization's day-to-day or bottomline if something goes wrong.
I would use a cyber security scenario, where most organizations are worried they might get hacked and ransomed. If they use current security recommendations of say, strong passwords, good patch management, not using default password of password, it reduces their risk of being easily hacked. It doesn't entirely remove the risk but they can choose to buy insurance to cover their loss in the event they get hacked. They can choose to accept the risk and go with whatever happens.
...
1 reply by anonymous
Apr 19, 2017 12:51 PM
anonymous
...
Edward thank you for the good information. This does help and give me some ideas.
If they do this every year, do you have pertinent examples from previous years that you can use to illustrate your point?
Another consideration... Is their attitude toward this process simply an indicator that others have a higher risk tolerance? In other words, are they upset by the outcomes of their falling short?
I'm not saying that this isn't a great opportunity for improvement. It could be. But you have to be passionate AND informed. The benefit of taking more action needs to outweigh what they consider the costs to be. If you can't make it meaningful to them, they have no reason to support what you are recommending.
Anon: It's a slippery slope; so do your best to focus on your role, document all known risks, assign owners and report your project performance. Sometimes you need to pick your battles; keep your team focused on the goal.
...
1 reply by anonymous
Apr 19, 2017 12:55 PM
anonymous
...
Thank you Naomi. Your points are well taken.
Saving Changes...
Dominic LawProduct Manager| PCCW GlobalHappy Valley, Hong Kong
In the risk analysis you would evaluate the potential mitigation actions to see how far they can reduce the risk. So a certain "least effort" action might reduce the risk from 25 points to say 16 points. So as a PM in the next risk management meeting you can still notify all stakeholders that after that mitigation action the risk is still there. Well, I believe that would draw every stakeholder's attention to work together to reduce the risk further.
...
1 reply by anonymous
Apr 19, 2017 12:58 PM
anonymous
...
Thanks Dominic. I can apply some of these points in my reports to the corporate risk committee
The best is when you start having example of risk mitigated.
Keep the focus.
I got strong buy-in once a risk we where managing(reluctantly) append to an other firm and made the papers. Everybody was happy, not being in the paper!
Do you have a sponsor?
...
1 reply by anonymous
Apr 19, 2017 1:08 PM
anonymous
...
Thank you Vincent. There is a sponsor for the committee, but I unfortunately do not get to report to him. This organization is very matrixed and siloed. My part in the process has greatly changed due to the reorganization of the company. RM used to be handled regionally, but now sits at the global level, which means that risks are now being looked at from a global perspective and not a regional perspective. IMO, this is a mistake, because they are missing the opportunity to apply capital to mitigate the probability or consequences at a lower level and less expensively. While global risks are important to manage there needs to be some level at which the organization really looks at better investment in managing risk at the regional level so there critical failures are reduced and our name doesn't end up in the media, especially social media.
Saving Changes...
Anonymous
Apr 11, 2017 4:48 PM
Replying to Edward Daniels
...
The generic definition of Risk management as "forecasting and evaluation of financial risks together with the identification of procedures to avoid or minimize their impact" vice PMI's definition ""an uncertain event or condition that, if it occurs, has a positive or negative effect on a project's objectives." has most of us confused about what it should be about.
Risk management like everything else is a framework and the organization's mitigation strategy can be to ACCEPT, TRANSFER, or AVOID risks. Without context, it is hard to see what they may be doing wrong.
It wouldn't be business-savvy to spend thousands of dollars to backup data that is irrelevant to an organization's day-to-day or bottomline if something goes wrong.
I would use a cyber security scenario, where most organizations are worried they might get hacked and ransomed. If they use current security recommendations of say, strong passwords, good patch management, not using default password of password, it reduces their risk of being easily hacked. It doesn't entirely remove the risk but they can choose to buy insurance to cover their loss in the event they get hacked. They can choose to accept the risk and go with whatever happens.
Edward thank you for the good information. This does help and give me some ideas. Saving Changes...
Anonymous
Apr 11, 2017 6:23 PM
Replying to Aaron Porter
...
If they do this every year, do you have pertinent examples from previous years that you can use to illustrate your point?
Another consideration... Is their attitude toward this process simply an indicator that others have a higher risk tolerance? In other words, are they upset by the outcomes of their falling short?
I'm not saying that this isn't a great opportunity for improvement. It could be. But you have to be passionate AND informed. The benefit of taking more action needs to outweigh what they consider the costs to be. If you can't make it meaningful to them, they have no reason to support what you are recommending.
Good point Aaron Saving Changes...
Anonymous
Apr 11, 2017 6:55 PM
Replying to Naomi Caietti
...
Anon: It's a slippery slope; so do your best to focus on your role, document all known risks, assign owners and report your project performance. Sometimes you need to pick your battles; keep your team focused on the goal.
Thank you Naomi. Your points are well taken. Saving Changes...
Anonymous
Apr 12, 2017 8:35 AM
Replying to Dominic Law
...
In the risk analysis you would evaluate the potential mitigation actions to see how far they can reduce the risk. So a certain "least effort" action might reduce the risk from 25 points to say 16 points. So as a PM in the next risk management meeting you can still notify all stakeholders that after that mitigation action the risk is still there. Well, I believe that would draw every stakeholder's attention to work together to reduce the risk further.
Thanks Dominic. I can apply some of these points in my reports to the corporate risk committee Saving Changes...
Anonymous
Apr 12, 2017 4:40 PM
Replying to Vincent Guerard
...
The best is when you start having example of risk mitigated.
Keep the focus.
I got strong buy-in once a risk we where managing(reluctantly) append to an other firm and made the papers. Everybody was happy, not being in the paper!
Do you have a sponsor?
Thank you Vincent. There is a sponsor for the committee, but I unfortunately do not get to report to him. This organization is very matrixed and siloed. My part in the process has greatly changed due to the reorganization of the company. RM used to be handled regionally, but now sits at the global level, which means that risks are now being looked at from a global perspective and not a regional perspective. IMO, this is a mistake, because they are missing the opportunity to apply capital to mitigate the probability or consequences at a lower level and less expensively. While global risks are important to manage there needs to be some level at which the organization really looks at better investment in managing risk at the regional level so there critical failures are reduced and our name doesn't end up in the media, especially social media. Saving Changes...
Community Champion
