Risk Management: A Transformational Journey Towards Organizational Mastery
Photo by Samson / Unsplash

Risk Management: A Transformational Journey Towards Organizational Mastery

If you are wondering how well developed are your organization's risk practices, then the following information might be helpful. To be at Step 5, your organization should have already established various guidelines and policies that cover or include risk management, which are endorsed by the Board or Executive. The organization should also have a risk management framework in place, with a high-level manager or Risk Management Committee nominated as a champion, responsible for establishing a risk management plan and processes. Typically, the organization would have put some money into the process. Additionally, the organization should have documented materials that support and record the risk communication and consultation activity, such as meeting schedules, risk management action plans, etc. Furthermore, there should be a risk management system and processes in place that translate the corporate criteria for classifying risk at all levels of the organization. The inclusion of risk in team meetings and a clear hierarchy for managing risks are also expected at this level. Lastly, there should be risk training available at all levels of the organization, including induction processes.

In terms of the evolution of risk practices, there are several key shifts that organizations should make. For instance, organizations should move from viewing risk as individual hazards to seeing it in the context of business strategy. Moreover, they should progress from risk identification and assessment to risk 'portfolio' development. Additionally, organizations should shift their focus from all risks to critical risks, and from risk mitigation to risk optimization. They should also move from focusing on risk limits to developing a risk strategy, and from having risks with no owners to defined risk responsibilities. Furthermore, risk quantification should move from being haphazard to being monitored and measured. Lastly, organizations should shift from thinking that risk is not their responsibility to understanding that it is everyone's responsibility.



Risk as Individual Hazards

Risk in the context of business strategy

Risk Identification and Assessment

Risk 'portfolio' development

Focus on all risks

Focus on critical risks

Risk mitigation

Risk optimisation

Risk limits

Risk strategy

Risk with no owners

Defined risk responsibilities

Haphazard risk quantification

Monitoring and measurement

Risk is not my responsibility

Risk is everyone's responsibility

Enterprise Risk Management - An emerging model for building KPMG Nov 2001 downloaded Feb 2009

The Art of Conquering Uncertainty with Foresight and Resilience

Effective risk management is crucial for any organization to achieve its goals and objectives. However, many people get uncomfortable when risks are pointed out. Therefore, it is essential to adopt a coordinated and consistent approach to effectively manage risks. This requires integrated positive thinking, a continuous and proactive approach, rigorous thinking, forward thinking, a value-adding process management approach, a broad and balanced approach, responsible thinking, accountability for decision making, process-driven, transparent discussions, interdependent management, and communication throughout the organization.

On the other hand, some barriers hinder effective risk management, such as a fragmented approach, negative attitude, reactive/crisis approach, sporadic approach, historic approach, purely financial approach, narrow approach, function approach, independent management, silo mentality, and tick box management.

As a project manager, you need to implement effective risk management in practice, which is not an easy feat. David Hillson, the Risk Doctor, recommends structuring your risk process by asking and answering six simple questions. This will help you develop a proper risk management plan and mitigate any potential risks.

If you are responsible for risk management in your project, it is crucial to know what makes a good risk manager. Macquarie University Applied Finance Centre provides additional resources to help you improve your risk management skills.

Risk management is a fundamental aspect of project management that involves identifying, assessing, and mitigating potential risks that could negatively impact the project's success. To effectively manage risk, project teams must adopt a proactive and reactive approach.

Proactive risk management involves continuously assessing potential risks and determining which ones are most important based on their potential impact. This process enables teams to develop strategies to mitigate risks before they occur, reducing the likelihood of negative impacts on the project's schedule, cost, and quality. Proactive risk management also provides opportunities for process improvement, allowing teams to optimize processes and avoid potential risks in the future.

Reactive risk management, on the other hand, is a last resort that is often used when proactive measures have failed. This approach, also known as crisis management, involves putting out fires as they arise, which can have significant negative impacts on the project's schedule, cost, and quality. In addition, reactive risk management often ignores process improvement opportunities, as firefighting takes priority over process optimization.

In recap, successful risk management requires a balanced approach that combines both proactive and reactive strategies. By prioritizing proactive risk management and continuously assessing potential risks, project teams can effectively mitigate potential issues before they arise, optimize processes, and avoid the need for reactive measures.


  • Ridley Matt 2012 The Rational Optimist: How Prosperity Evolves, Brock Education: a Journal of Educational Research and Practice, vol 21,series 2, No pp. 438.
  • Murray-Webster, R & Hillson, D 2008, Managing group risk attitude, Gower, Burlington, VT.
  • Varanini Francesco and Ginevri Walter ‘Projects and Complexity’ Auerbach Publications 2012 - Alberto Felice De Toni The Shared Vision as a Change Engine Projects and Complexity. May 2012 , 91 -120
  • Roland Iosif Moraru (2012). ‘Current Trends and Future Developments in Occupational Health and Safety Risk Management’, Risk Management for the Future - Theory and Cases, Dr Jan Emblemsvåg (Ed.), ISBN: 978-953-51-0571-8, InTech, Available from:  Stephen Ward, Chris Chapman ‘Stakeholders and uncertainty management in projects’ Construction Management and Economics Vol. 26, Iss. 6, 2008