Every project manager and business leader needs to be aware of the practices and principles of effective risk management. Understanding how to identify and treat risks to an organization, a program or a project can save unnecessary difficulties later on, and will prepare managers and team members for any unavoidable incidences or issues.
The UK OGC (Office of Government and Commerce) M_o_R (Management of Risk) framework identifies twelve principles, which are intended “not … to be prescriptive but [to] provide supportive guidance to enable organizations to develop their own policies, processes, strategies and plan.”
Organizational context of Risk Management
A fundamental principle of all generic management methods, including PRINCE2 and MSP as well as M_o_R, is that all organizations are different. Project managers, programme managers and risk managers need to consider the specific context of the organization in order to ensure thorough identification of risks and appropriate risk treatment procedures.
The term "organizational context" encompasses the political, economic, social, technological, legal and environmental backdrop of an organization.
It is easy for a management team to become internalized and forget that stakeholders are also key participants in everyday business procedures, short-term projects and business-wide change programs.
Understanding the roles of individual stakeholders and managing stakeholder involvement is crucial to successful. Stakeholders should, as far as is appropriate, be made aware of risks to a project or program. Within the context and stakeholder involvement, "appropriate" concerns: the identity and role of the stakeholder, the level of influence that the stakeholder has over and outside of the organization, the level of investment that the stakeholder has in the organization, and the type, probability and potential impact of the risk.
Organizational objectives of Risk Management
Risks exist only in relation to the activities and objectives of an organization. Rain is a negative risk for a picnic, a positive risk for drought-ridden farmland and a non-risk for the occupants of a submarine.
It is imperative that the individual responsible for risk management (whether that is the business leader, the project/program manager or a specialist risk manager) understands the objectives of the organization, in order to ensure a tailored approach.
The processes, policies, strategies and plans within the M_o_R framework provide generic guidelines and templates within a particular organization. These guidelines are based on the experience and research of professional risk managers from a wide range of organizations and management backgrounds. Following best practices ensures that individuals involved in managing the risks associated with an organization’s activity are able to learn from the mistakes, experiments and lessons of others.
Risk Management Reporting
Accurately and clearly representing data, and the transmission of this data to the appropriate staff members, managers and stakeholders, is crucial to successful risk management. The M_o_R methodology provides standard templates and tested structures for managing the frequency, content and participants of risk communication.