Programme Risk Management
How would you go about risk assessing and determining the risk appetite of several hundred discrete entities?
Many of us are faced with multiple tasks, activities, projects. Our dilemma is, where to place our limited resources to control risk?
Traditional risk management technique assesses each discrete project against bespoke criteria and generates a list of impact and probability scores. The list is represented graphically as a grid and segregated into zones to enable the team to mitigate the top threats and exploit opportunities. However, when we try to compare multiple projects we find that there is no ‘standard’ measure and projects are all too often gauged on the monetary value. History unfortunately tells us that the project value is often misleading and threats appear on even the most lowly cost activity.
A few colleagues, MBA Students at Robert Gordon University in Aberdeen (UK) and myself have been looking at how we manage risk and assurance. One of the strands was how we might better represent multiple projects in a standard manner. We started to look at the inherent characteristics of the projects taking a cue from the way in which the HSE in the UK categorises hazardous installations. We assigned values to various factors which included standard Political, Economic, Social and Technical (PEST) factors. What we discovered was that different parts of the business had different profiles.
The 'standard' distribution gave the full population of projects what this represents is the relative 'risk appetite' of the organisation. When we interrogated the data we saw that different parts of the organisation were more or less tolerant to the norm. These were represented by shifts in the mean or individual 'projects' were outside a pre-set deviation.
Our conclusion was,
That an organisation will develop its people and processes to control the 'norm'
- People will be recruited, trained and promoted to cope with the majority of the projects.
- The business management system will be designed to control the majority of the projects.
Positive skew parts of the data are more complex,
- People in the organisation are extended, potentially beyond their experience
- Processes and Procedures may not be adequate to control the project.
Negative skew are less complex,
- People work well within their capability and may be distracted
- Processes and procedures are bureaucratic and not efficient.
So what? Well early indications are we are able to spot outlying projects but I guess you could use this for any large group of activities, for example could you use it to screen maintenance work-orders? We have a way to go to operationalise the methods and I would welcome any academic or practical input, or indeed hear form anyone that has done something similar?
Strategic Leader
7 年Hi Mike, quite insightful. Trust you are keeping well.
Founder and Technical Director
7 年Fine JK, you can get me on messenger if you want.
Business Development Consultant
7 年Hi Mike, How is it going?
Corrosion Consultant and Reliability Expert
7 年If you have NOT lumped the Political, Economical, Social and Technical risk factors on one big PEST heap I wholeheartedly agree. Nothing so meaningless as Tossed Risk Salad.
Integrity Engineering Manager @ Bilfinger UK | Integrity Management SME & AI Lead | Chartered Marine Engineer | Competence Leadership | Solutions Enabler | Chairperson UKAS Technical Advisory Committee
7 年In my experience there is a lot of value in conducting Cumulative Weighting to prioritise risk against the barrier model. It can be done 'quick and dirty' against independent findings or in more detail against Maintenance Correctives. The competence to do it comes down to an individuals experience to identify how impaired a Safety Critical Element is from being failed. It can be done for a range of assets but ultimately the key to the exercise is that it creates the right conversation, between the right people to create the right actions. The output gives targeted activities for tangible risk reducing measures which critically will give the Ops Manager a defined idea of what is to be fixed, when is it to be fixed and how much will it cost aligned to the competence profile of the number of individuals required to implement the fix.