Progressive Intelligence Consulting Group
Enterprise Risk Management & Mitigation Services
“What we anticipate seldom occurs; what we least expect generally happens.” -- Benjamin Disraeli
Enterprise Risk Management – Risk Management Plan
Your enterprise risk management plan anticipates risks and provides an ongoing process for risk identification, analysis, and implementing a response upon risk occurrence. In planning for anticipated risks, your functional stakeholders should develop the risk responses and agree to being accountable as “owners’ of the risk responses. In this way, they are actively involved in the planning, analysis, monitoring, and implementing the risk response.
Usually, a tool such as a risk register will be used to monitor the occurrence and responses to specific risks. Progressive Intelligence has several examples of risk management plans and risk registers and will provide this on request.
Creation of a disciplined, consistently applied enterprise risk management plan is the first step for an organization to anticipate and minimize the effects of risks. The second step is to minimize the effects of risk is to ensure sponsorship and participation by the organization’s senior management team. Finally, ensure functional group leaders are accountable for implementing risk responses.
Enterprise Risk Management – Strategic and Operational Risk Management
Risk is defined as, “an uncertain event or condition that, if it occurs, has a positive or a negative effect on an objective”. Also, “a risk has a cause and, if it occurs, a consequence”.
From both a strategic and an operational perspective there are known risks – risks that have been identified, analyzed, and having related planned responses – and unknown risks which cannot be planned for, but require a “general” contingency approach. Your organization may plan for unknown risks by providing a “general contingency”, based on past experiences.
There are five levels of risk management:
Crisis Management
Organizations falling into this level practice reactive risk management. They address risks only after they have become problems.
Fix on Failure
Although this is also a reactive approach, the organization has pre-planned procedures in place to detect and provide a quick fix.
Risk Mitigation
This approach has a plan that anticipates risks, provides an analysis of the effect, plans for resources and costs should the risk occur, other contingency planning, and providing details regarding risk triggers. This approach does not actively attempt to prevent risks from occurring.
Risk Prevention
This risk management level plans for the occurrence of risks by identify potential risks, analyzing their effect, and specifying risk triggers. Unlike the first three levels, the risk prevention approach does not simply specify a risk response. Instead, once the risks are identified, this approach works toward preventing the risks becoming problems – these responses work to prevent or eliminate the risk.
Elimination of Root Causes
Once the potential risks are identified, this approach identifies the root causes of the anticipated risks and works to eliminate those root causes. This level of risk management is focused on elimination of the risk, before it occurs.
In addition to understanding your organization's approach to risk, based on the five levels of risk management (above), your organization will have a “temperament” toward risk. This temperament, coupled with the level of risk management, will direct your risk planning and risk responses.
Enterprise Risk Management – Project Risk Management
The Project Management Institute (PMI) defines risk management as:
”…maximizing the probability and consequences of positive events and minimizing the probability and consequences of adverse events to project objectives.”
Common sources of project risks include:
- Changes and revisions to User Requirements
- Unknown or undocumented acceptance criteria for individual user requirements
- Inaccurate schedule estimates
- Unreliable contractors and/or suppliers/vendors
- Inexperienced project management or project sponsorship
- Conflicts and problems with project team members or other project stakeholders
- Poor/conflicting project management practices, lack of a disciplined governing project management methodology
- Failures or problems with technologies and solutions (project deliverables/Work Product)
- Changing government regulations and/or requirements
- Unrecognized, not measured, or not corrected shortfalls in project performance
Project risks arise from the uncertainty that is present in all projects. Your organization must be committed to consistent, disciplined risk management throughout the lifecycles of all projects.
Progressive Intelligence - Risk Management Process
Progressive Intelligence, in a risk management consulting role, has over 20 years of direct experience developing and implementing a risk management procedures and controls for our clients. Although some elements may be similar, such as the use of insurance as a transference vehicle, risk management procedures and controls are typically unique to each organization.
Progressive Intelligence has the experience to assist you with the development and review of effectiveness of your Strategic Risk Management, Operational Risk Management, and Project Risk Management planning and execution.
From Enterprise Risk Management & Mitigation Services page return to our Home Page
