Risk Management and
mitigation seem to typically be motivated (like so many things) by money. In
the case of risk mitigation, the motivation is to avoid potential cost. It’s a
great motivation, but how do you measure that cost?
Too many organizations make
risk mitigation decisions based on simple numbers. While this is easy for the
obvious, high-risk issues (we’ll be sued for $18M if we don’t do “X,” we’ll
lose a $65M/year contract if we fail “y”), those issues tend to be significant
enough in scale (even without analysis) that the risks associated with them are
identified and managed by default as part of a typical corporate culture. It’s
certainly crucial to deal with these things, but that risk identification
practice does not translate to the smaller issues organizations need to deal
with everyday – and those smaller issues can add up to a significant total very
quickly.
Ongoing contextual data
collection for as many activities as possible gives an organization the best
chance of identifying these smaller risks – and the effort does not have to be
expensive. Simple data collection, such as asking stakeholders to evaluate
expected opportunity losses, can yield very powerful results with some
lightweight business intelligence behind them. Keeping data collection efforts
simple and focused gives the best response rate, and also tends to yield the
best data.
The effort can pay for itself fairly
quickly (for those still worried about ROI) – this method let us find a small
opportunity loss that was replicated in many Project Management – expected loss x probability of loss x number of incidents
took three small numbers and translated them into one large potential expense
to the business, which we were able to avoid.
As per my overview, aits.org offers access to some of the most
knowledgeable professionals in the IT world through articles, blogs, and white
papers. This website gives great insight into many different important topics
ranging from Portfolio Management to
legacy support