Skip to content

Evaluate Your Risk Management Strategies

Evaluate Your Risk Management Strategies.

How can you evaluate the outcomes of risk management strategies

When you want to evaluate the outcomes or effectiveness of the risk management strategy you need to define key performance indicators (KPI) that you can measure. KPIs need to be defined on the company specific tailored towards the risk management and strategy.

Possible KPIs for evaluating can be:

  • Percentage of risk issues outside the risk tolerance without a response option
  • Number of non-identified risk that occurred
  • Cost incurred for any unidentified risk, which occurred
  • Deviation of estimated impact to real impact for risks occurred
  • Percentage of non-implemented risk actions
  • Mitigation cost vs cost of impact

Another way of measuring is by introducing a maturity model for the management of risk. The higher the maturity in an organization the more successful the implementation of the risk management strategy is. There are ‘pre-defined’ models already; there is a comparison of these maturity models in the Table 2: Comparison of maturity model levels (Office of Government Commerce, 2010)(Office of Government Commerce, 2010).

Publication

Level 1

Level 2

Level 3

Level 4

Level 5

CCTA

First

Second

Third

Fourth

Chapman

Initial

Basic

Standard

Advanced

Hilson

Naïve

Novice

Normalized

Natural

Hopkinson

Naïve

Novice

Normalized

Natural

OGC P3M3

Awareness

Repeatable

Defined

Managed

Optimized

Sun Microsystems

Chaotic

Reactive

Proactive

Optimized

Self-aware

PMI

Standardize

Measure

Control

Continually improve

FAA

Performed

Managed planned and tracked

Defined

Quantitatively managed

Optimizing

INCOSE/PMI/APM

Ad hoc

Initial

Repeatable

Managed

Table: Comparison of maturity model levels (Office of Government Commerce, 2010)

Determine actions to respond to outcomes of risk strategies

By using a continuous improvement process that aligns the strategic risk management process with the business management process you can capture the strategic risks in the organizational business plans.

The output or lessons learned from earlier outcomes will be incorporated in the risk management strategy that will define how the current strategic planning cycle or investment decisions are handled.

In the strategic risk register you will have all the captured risks that are identified, assessed and their agreed and planned risk response.

Key lessons

As in every framework are using, you need to be aware that it helps you to become better and that people are not doing this because this is a ‘mandatory action’. The big risk with risk management is that people feel that there is nothing done with the real risks detected or that they are just filling forms. Therefor the (top)management needs to live the risk strategy in the organization, actively discuss and ‘defend’ the policies.

To see if the risks are still valid or counter measures are still the right choice regular checks need to be made on risks registered. A risk that was low at the beginning can become high during the time or a risk that was very high at the start is gone when you finish your project. The same for the countermeasures that were taken (or not) can need some change based on recent changes in the organization or regulations.

Risk management needs to be ‘companywide’ and not only a team, department, branch solution. The benefit of having this overall view is that possible risks for a single entity can maybe easily be mitigated in the whole, or when it is a companywide risk, one solution that will benefit all individual risks.

What’s your best advice to evaluate your Risk Management Strategies?

Source: Original text, based upon first hand knowledge and the following bibliography:

· Mintzberg, H. (1990). The Design School: Reconsidering the Basic Premises of Strategic Management. Strategic Management Journal, Vol. 11 , 171-195.
· Office of Government Commerce. (2010). Management of Risk: Guidance for Practitioners 2010.London: The Stationery Office (TSO).
Image: © Pressmaster – photodune.com