Risk Capability

Insights

Risk Management Capability Improvement 

Why a piecemeal approach doesn’t work (and what to do instead)

Two of my personal and professional interests are a) endurance sport and b) improving risk management capability in programmes and portfolios. These two things have more in common than you’d think.

When I train for races, I work on lots of different areas:

  • Building strength and flexibility
  • Easy runs to build fitness
  • Speed work to get faster
  • Long rides and runs
  • Getting enough rest and recovery and eating well
  • Developing an athlete identity and mindset and being part of a community

Adding just one of these helps a little. But breakthrough performance only occurs when the elements are combined effectively and targeted for a particular event. And yes, having an expert coach and a method to bring it all together really helps.

Similarly, there is no silver bullet for improving risk management capability in change programmes and portfolios. If risk management doesn’t seem to be working, it’s tempting to reach for single initiatives to resolve it. I liken this to an athlete who concentrates on training harder but doesn’t get good sleep and eats a poor diet. It takes a lot of effort to see minor improvement, but they will always be constrained by their “limiters”.

What Goes Wrong

Here’s what P3M Leaders often experience:

  • Teams don’t take risk seriously. They see it as an overhead, a compliance task or “another spreadsheet to fill in”.
  • Leaders don’t get the information they need to make decisions.
  • It’s hard to clearly provide assurance to senior management or ask for help when necessary.
  • Risk Management is treated as a separate activity, divorced from the real business of decisions and delivery, with disappointingly little added value.
  • Everything becomes reactive – It can feel like the programme is running them.

There are many causes for these problems. But attempts to respond to them are often singular or piecemeal:

  • “We need better risk software”
  • “We need a new process”
  • “We need to change the culture”
  • “We need risk training”
  • “We need to grow the risk team”

Why Quick Fixes Don’t Work

These aren’t bad ideas. Improvements to process, skills, tools and culture are each necessary but insufficient. Like a runner who trains harder but doesn’t sleep enough, throwing resources at the problem might achieve small gains but you will always be held back by what you’re not fixing.

Here’s some brief example scenarios:

  • A fundamentally sound software tool can be ineffective if there isn’t a consistent process. Or if there is a lack of skilled application and interpretation of information. Garbage in, garbage out.
  • People can be trained and broadly aware of risk management, but without clear roles and responsibilities, the practice doesn’t work.
  • You might have a good process that generates information about risks. But if it’s not quantified and combined with other information in the programme context (like the budget), the information might not be useful for decisions.
  • Adding additional resources without fixing the system results in higher costs and the creation of more data that doesn’t add value.
  • If there is a perception that risk management is a waste of time, it doesn’t matter how good your tools and processes are.

 

A Better Way: Take a Holistic Approach

Just like training for a race, real improvement happens when you work on the whole system, including process, skills, tools and culture. Breakthroughs in performance happen when the system is designed for the programme context with key decisions in mind.

At Pelorus Insights, we know that trial-and-error and fragmented efforts to improve won’t result in the capability you want and this leads to ongoing frustration. We’ve developed the POPPIE™ method to tackle this systematically. Here’s how it works:

  • 1. Pitch/Posture Get everyone on board. Explain why it matters. Establish psychological safety. Be clear about what you want and need for risk management to provide value.
  • 2. Orientation Get clear on the situation. What are you trying to achieve? How does your overall delivery “system” work? What are the constraints? How does the context influence the what and how of your risk management capability.
  • 3. Process Design the process to suit the context and generate the information required by the decision-maker. Establish who will do what, when and where to make this happen. Create a governance structure that enables you to decide and steer.
  • 4. People Develop the team and specific role holders to understand and operate effectively to produce intelligent insight.
  • 5. Information Create a data and tools strategy to make data visible, available, standardised and assured. Ensure that risk and uncertainty data is appropriate to your decisions, including integrating with other data sets (like the budget or schedule).
  • 6. Exploitation Use your data to create useful management information that creates insights, helps you steer delivery and make better decisions.

 

The Bottom Line

Just like you can’t get fit by only training harder (while ignoring sleep, nutrition, and strength), you can’t fix risk management by only buying new software or running training sessions.

If risk management isn’t providing the value you need, it’s a change programme. Design the capability to work in your programme context and it will serve your decisions and delivery needs. Create your roadmap and implement the necessary change and you’ll actually see the breakthrough results you’re looking for.

Phil Jakubowski MSC MAPM IRMCert – Phil is Co-Founder of Pelorus Insights, a management consultancy that helps P3M Leaders build enduring risk management capability, improve decision quality and win major bids.

Get in touch if you would like to discuss any of our services

Back to insights