Is your risk management process efficient or wasteful?Gavin Halling
Since the first standalone risk management standard (AS/NZS 4360 – 1996) there has been a significant growth in risk management as a specialisation. These “experts” have espoused a range of processes which, although mostly well intentioned, are often far from efficient. The result is a considerable waste in time and hence costs. Over the years we have honed in on an “essentials only” process.
The process comprises:
- Context based on a risk breakdown structure (RBS) (2) and project objectives
- Using a single sentence structure to describe a risk “(Something happens) leading to (outcomes expresses in terms of impact on objectives)” (1)
- Analysis – Likelihood and Impact on objectives (2)
- Treatments each with an owner and action/review date. (3)
This is a total of eight (*) pieces of data for managing a risk.
When an “essentials only” process is first suggested to an organisation it is normal to receive objections along the lines of “what about (residual risk, causes, consequences, risk owners etc)”. Whilst interesting these discussions are not particularly fruitful. There is only one question that needs to be addressed:
Are you able to manage risks with the above “essentials only” data? – (The answer is YES!!!)
It follows that anything other than the above are non-essential and hence wasteful. For one risk this is not an issue but multiply this by the number of risks in a project (and other risk areas), the number of times a risk is reviewed, the number of projects in an organisation and the wasted time really starts to add up.
Here is a sheet where you can make a quick assessment of the waste for yourself. Data efficiency checklist.
What do you think? (If you would like more reasons for not including “non-essential data” then let me know and I will send you the appropriate chapters from my book.)