Share this
Mister Wong
Digg
Del.icio.us
Slashdot
Furl
Yahoo
Technorati
Newsvine
Googlize this
Blinklist
Facebook
Wikio
Hear this text
Export PDF
Print
E-mail
Tags
- 24/06/2011 08:19 - Certified!
- 23/06/2011 12:30 - Disintegration
- 23/06/2011 12:12 - Cooking with passion
- 23/06/2011 08:27 - In principle
- 23/06/2011 08:04 - Building bunkers for Gaddafi
- 29/03/2011 07:42 - Project insurance marketing
- 29/03/2011 07:28 - Exactly what is going on?
- 29/03/2011 07:02 - Trial by stealth
- 28/03/2011 13:40 - Project offices, the corporate rainforest
- 28/03/2011 13:24 - Coaching conversations
Checking risk process, marking progress and demonstrating successful completion
In some businesses and projects, risk management is described as an exercise in “ticking boxes”. This phrase means that people simply follow the steps in the risk process, but with no real commitment or energy, and no belief that it will actually make any difference.
The term “box-ticking” is always used in this negative way, as a bad thing to be avoided. But perhaps ticking boxes could be useful if we do it differently.
The key to using box-ticking in a positive way is to ensure that you have the correct boxes.
We can create a set of boxes that act as checkpoints to reinforce the correct process and encourage appropriate behaviour.
The right process boxes may include some of the following:
- All objectives are clearly defined;
- Risk thresholds are stated and quantified;
- All key stakeholders are contributing to risk identification;
- Risks are described clearly and unambiguously;
- Key risk characteristics are assessed and recorded;
- Each risk has a single agreed risk owner;
- Each risk has an appropriate response strategy with specific actions;
- Risk exposure is communicated appropriately to all stakeholders; and
- Risk reviews are held regularly, etc.
Ticking these boxes is a way of checking the risk process, marking progress and demonstrating that the right steps have been completed successfully.
It provides an audit trail for process effectiveness.
Each process box is linked with specific activities or outcomes, and the box must only be ticked if these have been completed in full.
Other tick boxes may be designed to examine behaviours, for example:
- Stakeholders and team members feel comfortable to identify risks openly and honestly;
- Risk identification explicitly takes account of sources of bias;
- People are accountable and committed to completing agreed risk response actions fully;
- Senior management demonstrates visible and consistent support for the risk process;
- Risk outputs are used to inform strategy, decisions and actions;
- Appropriate risk-taking is encouraged and rewarded; and
- The risk attitudes of individuals and groups are managed openly and proactively, etc.
Ticking these boxes may be more difficult for some less mature organisations, as it requires an understanding of the softer side of risk management. But behaviour is as important as process, and it should be examined in the same way.
Used properly, box-ticking is a valuable discipline, offering a framework for good practice. It can ensure everyone knows what they have to do, and it can provide assurance that things are being done properly.
It can further indicate areas requiring improvement in order to make risk management as effective as possible.
So let us not condemn ticking boxes as a useless exercise. Instead, let us tick the right boxes to ensure we do the right things well.
Dr David Hillson
PMI Fellow, HonFAPM, FIRM
E-mail: This e-mail address is being protected from spambots. You need JavaScript enabled to view it
