Touch base before looking beyond risk management

Where do you go once your organization has good risk managers, good risk governance, and a strong risk management program? That’s not an easy question to answer, particularly because so few organizations have the magic combination of good risk managers, governance, and programs. Most fall short. But what’s compelling is that organizations are looking for the “next level” without completing the ground floor.

Despite the years and years of effective risk practice available and waiting, organizations (including the Project Management Institute [PMI]) are looking for new, different, and inventive ways to effectively implement risk practice. The question surfaces as to whether or not the basics have been addressed first.

In the Guide to the PMBOK, 3rd Edition, PMI has dropped some of the fundamental practices (such as the Program Evaluation and Review Technique [PERT]) in favor of newer techniques and practices in an effort to energize the practice.

The new edition emphasizes tools that have been characterized in other ways in an attempt to rediscover best practice. For example, for years, the Software Engineering Institute has explored risk through a taxonomic process, which now has a close cousin in the latest PMBOK Guide: the risk breakdown structure.

There is a significant allure for things that are new and unfamiliar. Project organizations continue the quest for better practice through a proliferation of different tools. Risk models (PMI’s OPM3, George Washington University’s PMPM Model), software tools (Risk Radar, PERTMaster), risk guidelines, risk templates — all hold the promise of improving our risk practice. But the question remains as to whether or not these newer or less heavily applied tools will serve as the panacea for our risk concerns.

In examining risk taxonomies, breakdown structures, models, software tools, templates, and guidance, they have a common foundation. They all require the basic understanding of what risks exist, what the organization can tolerate, and how the organization prefers to deal with risk. Before we can stride to the “next level” of risk practice, the basics need to be in place and implemented effectively. In order to test whether your organization is truly primed to try more advanced practices, consider the fundamentals:

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Stemming the tide of cybercrime

By: Derek Manky Technology continues to play a significant role in accelerating...

Power through a work-from-anywhere lifestyle with the LG gram

“The right tool for the right job” is an old adage...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now