We’ve all been in project boards and updates when the last agenda item is reached – risks and opportunities. The risk register is dug out and if time permits, each is reviewed in turn. Although there are usually controls and mitigations linked to each it is sometimes unclear as to how these are realised.
Risk management shouldn’t be an add-on to a project – it should be integrated fully into the plan. Although the ubiquitous risk register is important, we would suggest that there is a bi-directional link between the activities in a delivery plan and the approved controls and mitigations listed in the register. Similarly, there should be a mechanism to record how ‘tweaks’ to approaches are influenced by risk in a documents and measurable way.
Why is this important? As the twists and turns of delivery progress, it is sometimes difficult to trace back where and why decisions were made, how the plan evolved and crucially, getting an objective assessment of the extent to which risks are being managed. In the real world, the boundaries of risk management don’t always fall neatly within the confines of risk management activities – they are woven into the delivery. As such, how we manage these ‘messy’ risks should reflect their true character.
For more on how to achieve bi-directional traceability of risks in your change or operational delivery – speak to Tosol Ltd.