The Tale of Two Risk Owners

    2=Planning, 4=Control

  •  Minute Read

In this article, we will look at what a risk owner is and why they are needed.

Have you ever had a really bad day as a project manager? Imagine that you are managing a software development project. Several simultaneous events have occurred that put your project at great risk:

  • The defect level of source code has risen well above the defined threshold or trigger point for the third consecutive week
  • The test region has been very unstable (and is going down once or twice per day)
  • Your best developer had a car accident and will be out two to three months
  • The users continue to make numerous requirement changes

The Benefits of a Skilled Risk Owner

You need a risk owner or owners for these Information Technology (IT)-related risks. Now imagine the risks listed above occurring under two different IT Directors.

Let's call the first Director – Mr. Amok. This guy is not a planner and is always busy putting out fires. He runs wildly from one event to another.

Mr. Amok feels he must in control of every detail himself. He marshals his resources from one issue to the next. Riding in on a white horse and saving the day – that's his classic trademark. His resources are confused and weary.

The second Director – Miss Capable. This individual sees the IT processes not as separate processes but as an integrated whole. She provides oversight to the IT software development process and proactively identifies and manages the IT risks.

Miss Capable integrates risk management naturally into her day-to-day conversations and meetings. This leader enjoys developing her resources through effective delegation. When there is a success, she quickly gives praise to others.

Which Director would you prefer to own the IT risks? For me, Miss Capable wins hands down.

How Skilled Risk Owners Identify and Manage Risks

Mature, skilled risk owners understand and leverage various risk identification tools, such as:

  • Looking at lessons learned from past projects
  • Interviewing stakeholders
  • Reviewing risk checklists
  • Brainstorming risks with IT managers

Skilled risk owners proactively define risk response plans. These risk owners invest time in mitigating risks early and preparing their contingency and fallback plans. They proactively take steps to reduce the probability and impact of risks.

The Need for Risk Action Owners

For large projects, it would be difficult for a single risk owner to execute numerous risk response plans simultaneously. This is where the risk action owners come into play. Risk owners define the risk response plans. The action owners monitor the assigned risks and execute the response plans when the risks occur

As the risk action owners execute the plans, the risk owner oversees the effectiveness of the risk responses. If the desired results are not being obtained, the risk owner works with the risk action owner to refine the response plans and ensures the necessary resources are provided.

You may also like

What is a RAID Log?

What is a RAID Log?
>