You know that you want to do something to improve how risk is managed across critical business programs, but you aren’t exactly sure what needs to be done. Where do you start with improving your level of risk management maturity?
As with many process reviews and continuous improvement plans, it all begins with knowing where you are starting from. Let’s walk through the high level process of improving your position, so you can fast track your journey to more confident in how risk is managed.
Assess Your Current Risk Maturity Level
You can’t plan to get better if you don’t know where you are starting from. Take an objective look at how good your teams really are at managing risk.
It’s easier to do this if you break it down into different areas. For example, you might be really good at identifying risks, but less good at analyzing how they are going to affect your major programs and average at carrying out your risk responses.
You’ll need a variety of inputs to collect this information. So consider organizing workshops, interviewing key managers and reviewing the data from your risk management tools to get a rounded picture of today’s performance.
Score your performance on a scale that makes sense to you: we tend to use a 1 to 5 rating scale in our client engagements.
Decide Where You Want to Be
You don’t have to score ten out of ten for risk management. It’s important to set realistic goals; targets that you think the team can achieve. You can always move on from there.
Armed with the information from the previous step that showed you what current performance is, give some critical thought to where you feel the company needs to be.
For example, right now it might feel more strategically important to put effort into aligning senior managers to the risk management process. Without top level buy in for your risk management work, you will not be able to progress to greater levels of maturity. With that in mind, perhaps right now the correct decision for you is to set a target of 5 out of 5 in this area, and lower targets for other areas.
You can always review these and set incremental targets over time, as a process of continuous process improvement.
You will use the information you put together in this step to review your progress, so make sure that your targets are clear and precise and that you know how you will measure whether you have achieved them or not.
Plan How to Address The Gap
You know what you scored your current performance and the targets you have set yourself for future performance. Now you need to establish how to close the gap.
There will be a number of interventions involved here, from communications planning to change management, additional training and process reviews. As well as the tasks, consider who from your teams needs to be involved and lead on various strands of work. Consult widely. You may well find that your experienced project, program and portfolio managers have thoughts about how the company could improve how it manages risk that would fit neatly into your proposals.
Implement The Plan
The plan so far has ambition to take you where you need to go, but right now it’s just a plan. The time has come to implement the plan, do the work and start to see the changes.
Manage the work as a project, with a schedule, and budget if required. Allocate experienced resources to lead the effort and check in with them regularly.
It’s likely that this work will be managed by your PMO team. The PMO team are perfectly placed to ensure that the processes implemented dovetail with existing practices.
Review Your Progress
Finally, you’ll want to make sure that the efforts of the team are paying off. You have worked through your plan and are, hopefully, starting to see changes. Changes in how the team approaches risk management and how risk is managed.
Go back to your targets and your original position. Review how close you are to achieving those targets. Which were easy to achieve? Where did you not move the needle as far as you had hoped?
Cycle back to the analysis stages and decide if there is further work to be done to improve risk management maturity any more at this point. You can carry on iterative improvements, or it might be pertinent to let the current changes bed in for a while before implementing more changes.
You’ll know the focus that you want to put on risk management for the business right now. And you’ll also know the capacity for change present in your key resources and teams.
The most crucial point to remember is that improving any process takes time. Maturity models give you a clear and measurable way to ensure that your process improvement efforts are making a real difference to the company’s performance. But you don’t have to shoot for an optimized process from the start.
Move up the steps on the maturity model over time, making incremental changes at the pace that is right for you. And you can improve risk is managed.