Professional Documents
Culture Documents
From Integrated Risk Management to Enterprise Risk-based Decision Support: A Phased Approach. Krishen L*; Futron Corporation lkrishen@futron.com Abstract: In technology-related endeavors, applied risk management often results in a stove-piped approach by organization and is also influenced by a tactical versus strategic project management perspective. But,conversely,decisions and risk mitigation plans are then implemented at the enterprise level, resulting in a gap in an effective risk management process overall.This presentation discusses the strategic and tactical aspects of merging top-down integration processes driven by enterprise risk management (RM) needs with the bottoms up approach of building and defining risk-based decision support initiatives. The merging of the RM processes with risk-based decision implementation is needed especially with changes at enterprise levels. To meet unique challenges posed by a Government agency undergoing organizational transformation, we developed a comprehensive strategy using enterprise-level decision management initiatives. Results of employing enterprise-level risk factors identification, strategic communications, and collaborative mitigation methodologies will be presented. Integration issues identified in existing risk information management tools and implementation methods will be presented. Additionally, the presentation will discuss innovative approaches to solving the integration issues in existing risk information management tools and implementation methods. The conclusions will be presented within the context of building a new and phased approach to Agency-wide strategic risk and decision management. This presentation will help provide best practices and lessons learned to RM practitioners and consultants facing the complex and unique challenges posed by clients undergoing enterprise and agency-level reorganization.
Background
Risk Management (RM) is about
implementing an objective, structured approach to proactive problem-solving
Identify success criteria Identify risks to achieving success Analytical or quantitative risk assessment Qualitative ranking Key strategy: Successfully installing a Risk management system depends on tying in overall programmatic organizational goals and objectives
ISO 9001 Registered
Establish Context
Monitor & Review
These programs are looking at shared infrastructure and institutional assets, resource constraints, skill sets changes, generational changes in the workforce, and new funding approaches
1. Stamatelatos, M., Ph.D. and H. Dezfuli, Ph.D. Agency-Wide Integrated Risk Management System. 2006.
Identifying Disconnects
Top-Down Risk Management dependent on disparate sources
of information to feed Enterprise decisions
RM tools stovepiped for different organizations from supplier (contractor) to Projects to Programs to Agency No integration or communication over organizations horizontally
Decision environments constrained by organizational structure, goals, and maturity levels leads to communication gap Cross-organizational risk reviews not a requirement, nor a normal practice
Success criteria Risk factors Consequence criteria Identified risks Evaluation criteria Risk handling and mitigation strategies
Better Decisions Better Future
9
10
program as well as affected stakeholder organizations Make sure all team members are trained in RM basic concepts and tools/processes in place Capture all risk data regardless of whether risk is actually owned by the sponsor program Outline unique enterprise-level risk factors (program management, technical, non-technical performance parameters) Build risk evaluation criteria (eg. Scoring Guideline) that augments but still uses baselined program scorecard Emphasize and initiate risk mitigation collaborative planning (e.g. Leveraged expertise and shared resources among affected organizations) Risk transfer and residual risks are potential outcomes
11
12
Cross-pollination of Program and Agency decision-making councils to ensure thorough vetting Multi-organizational Risk Mitigation Special Teams
13
14
Summary
Agency transformation brought about by shutdown of a major
program revealed lack of established enterprise-level risk management
No strategic risk capture or integration of information Compartmentalized RM systems, tools, and processes
15
Between every worthwhile destination and where you are lie many critical decisions.
Futron
Questions?
Dr. Lovely Krishen 281-333-0190, X5512 lkrishen@futron.com
17