The processes and procedures that you use in your WeTrack Risk Log form your Risk Management approach. This is your internal plan that defines how your organization approaches risk. It includes responsibilities for managing risk, what the risk tolerances and thresholds are, how risk impact and likelihood is measured, and how risk review is built into your organizational governance.
A risk management approach does not need to be complicated, but you do need to have one. This will ensure everyone understands their roles, and risk planning is built into your everyday activities. When building your Risk Management Approach, try to answer the following questions.
What are the roles, and who holds them?
It's important to define who in your organization is responsible for recording, managing and reporting on risks, who is responsible for making decisions on risk, and who is responsible for carrying out the actions. For larger organizations, these roles can vary depending on the severity of the risk being managed.
How are risks categorized?
WeTrack uses two five-point sliding scales to classify risks: one for impact, and one for probability. The rating is then calculated based on these values. A good risk approach should set guidelines for each of these scales and their combinations, so that classification is consistent across all risks. For example, for financial risks set thresholds for each impact level based on the overall project budget: a financial impact of £0-£1,000 could be classified as 1, whereas a financial impact of £100,000+ could be a 5, with appropriate thresholds in between.
How often are risks discussed, how are they reported, and who are the stakeholders?
It's important to make sure that risks are regularly discussed and at a variety of levels. As part of your planning it's important to decide levels of responsibility for risk management to ensure decisions are taken at the right level. Top-level executive time and resource is always limited; make sure that they are only seeing the key risks that are business-critical. Keep the less critical risks at the department level or lower, as appropriate. An efficient risk management approach will ensure that when executive time is needed to manage risks, it is available.
Comments
0 comments
Article is closed for comments.