Book Structure
As you might expect from the foregoing, the Management of Risk guide has just six chapters. However, six appendices and a glossary provide considerable amplification of the chapter content altogether as follows:
|
1.
|
Introduction |
|
2. |
Management of risk principles |
|
3. |
Management of risk approach |
|
4. |
Management of risk process |
|
5. |
Embedding and reviewing management of risk |
|
6. |
Perspectives |
Followed by:
|
Appendix A:
|
Provides 10 risk document outlines and describes their purpose and content |
|
Appendix B: |
Describes 50 risk management techniques, including several less well known |
|
Appendix C: |
Introduces a health check tool to identify areas that might be improved |
|
Appendix D: |
Provides a five-level maturity model and compares it to other established models |
|
Appendix E: |
Introduces some management of risk specializations |
|
Appendix F: |
Provides considerations in selecting risk management software tools |
|
Further information: Gives a list of references
|
Chapter 1 introduces some key terminology, always a good idea, and explains what risk management is; why it is important to organizations; and where and when it should be applied. It also provides an introduction to the subjects of corporate governance and internal control. Chapter 2 introduces eleven management-of-risk principles intended to be high-level, universally applicable guidelines for aiding and influencing risk management practices.
These principles include such items as Stakeholder Involvement; Roles and Responsibilities; and Supportive Culture. These are wrapped around by a twelfth principle of Continual Improvement. Each of these principles are described, followed by a listing of Supporting Factors. According to the guide, these principles are derived from corporate governance and recognize that risk management is a subset of an organization's internal controls. If that is true, then it may be presumed that project management is likewise a subset of corporate development management.
Chapter 3 presents the management of risk approach, which consists of the Risk Management Policy, Process Guide, Strategy and Risk Register. It explains the main risk management concepts that need to be considered in establishing these documents. Interestingly, it also includes different ways of looking at probability and impact that should help to shed light on how to interpret these variables in practical project environments. Chapter 4 describes the main steps of the management of risk process. It contains practical pointers for identifying, assessing, and controlling risks.
Chapter 5 describes and provides guidance on how an organization can introduce and embed risk management, and then measure the success and maturity of its risk management. We have some difficulty with this chapter because we don't believe that "maturity" is an end in itself and that therefore the success of risk management, of any kind, should not be measured on this metric. But we'll get to that later. Chapter 6 explains when and how management of risk principles, concepts and processes should be applied throughout the organization, from the strategic, program, project and operational perspectives.
|