Risk management isn’t risky … but implementation projects can be.
So why hasn’t every organization formally implemented risk management? Here are a few thoughts.
It may not be clear what a risk management project can actually deliver
Projects should not have fuzzy goals. Unfortunately, that’s often exactly the situation for poorly-planned risk management projects. One of the underlying reasons is that risk management, itself, can mean different things to different people. Also, risk management can seem dramatically different from one case study to the next. It is no surprise that most organizations have not invested in risk management considering the difficulty of defining exactly what it can provide.
It may not be clear exactly how to translate risk management theory into practice.
The next stumbling point is implementation. Most people would agree that risk management is, at its core, an essentially intuitive concept. The problem isn’t with the ‘idea’ of risk management. Instead it stems from the supplemental concepts, such as "risk appetite", that attempt to make risk management more practical. These supplemental concepts might make perfect sense when they are discussed, philosophically, in a meeting room but they often fall apart when they move into the untidy real world. As a result, when organizations take their first stab at risk management, they may get discouraged when the real world creates ambiguities, circular logic, and a notable lack of relevant concrete examples.
It may not be initially clear how risk management can provide long term value.
Thinking forward, how will this initial effort benefit the organization long-term? In some cases executive
As you're considering a risk management implementation project, you must address and resolve these issues to achieve the benefits that risk management can deliver.
There are ways to remove these obstacles. Stay tuned.