Making risk management simple and accessible.
Having worked as a risk manager, I have seen firsthand the detrimental effects of unnecessary complexity. I am driven by a strong desire to eliminate complexity wherever possible, because if something doesn't need to be difficult, why should it be?
Risk Managers Should Not Own Risks
One of the main frustrations that I have with risk management in many of the organisations that I have worked with is the idea that project risks are managed by the project risk manager.
To my mind, this is a seriously flawed statement. It undermines the responsibility of the subject matter experts within the project team who are best placed to actually manage the risks, whilst at the same time expecting the person nominated as the risk manager to take on too much responsibility on subjects that are often outside of their technical understanding.
I believe that the reason behind this problem stems from issues associated with access to the risk project register, and therefore perceived responsibility for the risks on the risk register. This is more often true where spreadsheets are used in which the risk register is used to calculate the project contingency values. In such cases, risk managers are reluctant to allow subject matter experts to make changes to the ‘master copy’ as this could introduce changes to the values. At the same time, subject matter experts are daunted by risk registers which have lots of formulas. As such, separate spreadsheets proliferate leading to inconsistencies and errors.
Breaking Bad Behaviour
The first place I start when faced with the problem of inconsistent spreadsheets is to break the link between the identified risks and the project contingency. The idea that the sum of the probability of a risk multiplied by its likelihood leads to a value which should be used as a contingency budget is bad practice for several reasons:
- This is a hindrance when it comes to identifying new risks, as it is difficult for the new risks to be slotted into the register without changing the sum of the values.
- Opportunities will present their impact as positive values compared to negative threat values.
Offsetting threats with opportunities is a practice which has the potential to lead to significant deception when considering the overall exposure to risk.
The simple solution is to stop using simple spreadsheet formulas to calculate contingency, and instead use probabilistic calculations. In so doing, the values on the risk register can be updated, added to, or closed out, without changing the ‘bottom line’ value.
The trouble with this is that probabilistic calculations require probabilistic impact data, which comes back to the challenge of getting subject matter experts involved in taking responsibility for their risks. When confronted with the need to provide not just one impact value but at least two and more, usually three, the subject matter experts throw their proverbial hands in the air and declare it all too much.
The Challenge
The challenge, then, is to simplify the method of data collection from subject matter owners whilst at the same time providing more data for probabilistic calculations for the risk manager. The solution to this problem lies at the heart of Safran Risk Manager!
The slider bars (see figure 1) can be used by the risk owner to assess the risk qualitatively, whilst the tool intelligently assigns a three-point quantitative evaluation to the risk. This works by determining the likely impact, then asking the question, “How confident are you in this assessment?”. With this data, a three-point triangular estimate is created by default. However, if the user has sufficient knowledge, they can simply overwrite the assessment, changing everything including the distribution type.
Figure 1: At the heart of Safran Risk Manager is the slider bar data collection.
The principle that risks are comprised of one or more sources and potentially many impacts is the basis of the bowtie methodology (figure 2). When this philosophy is combined with the slider bar data collection method for each impact and source, the risk owners have a simple and consistent means with which they can assess the complete risks.
Figure 2: The representation of the bowtie from Safran Risk Manager.
The fact that anyone in the project team can now have access to a simple data collection tool which can translate their basic qualitative assessment into a quantitative evaluation means that everyone can become empowered to access and update their data without fear of breaking the register or throwing off the contingency values.
Keeping it Simple
Enabling all users to access their risks wherever and whenever they need to update them is a fundamental step in putting ownership into the hands of the people who can actually do something with the data.
However, if the rest of the tool is so complicated that the users do not understand or remember what they need to do, then this will also become a barrier for adoption. With this in mind, the design team at Safran specifically set out to keep the design as simple as possible. Users should see what they need to see when they need to see it.
All of the important actions should be obvious, and data should be easy to access and understand, wherever the user may be. At the same time, the tool should be powerful enough to provide high-quality insights into the data being captured, leading to better decision making.
Why not see for yourself?
Want to simply learn more about Safran Risk Manager? Click Here.
If you are looking for a way to empower your teams and give them the tools they need to manage their risks, then why not contact Safran for a 30 day free trial by requesting a consultation below!
