Issue 9 – Changes in the environment
If there are changes in the environment, then your business case and solution will become obsolete before you’ve actually finished the project. You may have to review your original requirements and goals at some point in the project to decide how to proceed. This may result in tremendously changing the scope of your project or canceling the project. This is probably the trickiest area resulting in project failure
There are many more types of impacts as well and you can look to your industry to come up with typical examples. Health and Safety and environmental impact are two popular categories.
However you categorise risks your team doesn’t have to restrict themselves to the list. Just because my table doesn’t address environmental risks doesn’t mean we shouldn’t consider the risk unexpected disposal costs as a result of the type of batteries e install into our computers we manufacture.
n cases where the risk is considered unworthy of effort to manage it can be accepted. This may occur in instances where the risk is so unlikely to occur as to not warrant attention, or where the impact is insignificant in the content of the business and project’s environment.
Whichever option you pick for your risks you should have a detailed action plan against the risk which includes
- Who is responsible for managing the risk
- What is going to be done to manage the risk
- When are the major work activities to manage the risk going to start and end
- How the risk will be managed as a result of this management plan – that is the planned outcomes of the risk management plan
For risks that require major bodies of work to be managed appropriately you should consider raising a change request and revising the project management plan to include new or modified work packages including this new work.
Historically, businesses have viewed risk as a necessary evil that should be
minimized or mitigated whenever possible. In recent years, increased regulatory
requirements have forced businesses to expend signifi cant resources to address
risk, and shareholders in turn have begun to scrutinize whether businesses had the
right controls in place. The increased demand for transparency around risk has not
always been met or met in a timely manner, however—as evidenced by the fi nancial
market crisis, where the poor quality of underlying assets signifi cantly impacted
the value of investments. In the current global economic environment, identifying,
managing, and exploiting risk across an organization has become increasingly
important to the success and longevity of any business
Organizations that vigorously interpret the results of their risk assessment process
set a foundation for establishing an effective enterprise risk management (ERM)
program and are better positioned to capitalize on opportunities as they arise. In
the long run, this capability will help steer a business toward measurable, lasting
success in today’s ever-changing business environment.
Risk assessment is a systematic process for identifying and evaluating events (i.e.,
possible risks and opportunities) that could affect the achievement of objectives,
positively or negatively. Such events can be identifi ed in the external environment
(e.g., economic trends, regulatory landscape, and competition) and within an
organization’s internal environment (e.g., people, process, and infrastructure). When
these events intersect with an organization’s objectives—or can be predicted
to do so—they become risks. Risk is therefore defi ned as “the possibility that an
event will occur and adversely affect the achievement of objectives.”1
When the risk assessment process is incorporated into ongoing business
practices, risk can be managed as part of day-to-day decision making, in a manner
consistent with the organization’s risk appetite and tolerance. Risk assessment
should, for instance, be triggered within the business process when special
circumstances arise outside of the ongoing business cycle—e.g., changes to the
operating environment, evaluation of new projects, introduction of new products or
investments, expansion into new markets, and corporate restructurings.
When the risk assessment process is incorporated into ongoing business
practices, risk can be managed as part of day-to-day decision making, in a manner
consistent with the organization’s risk appetite and tolerance. Risk assessment
should, for instance, be triggered within the business process when special
circumstances arise outside of the ongoing business cycle—e.g., changes to the
operating environment, evaluation of new projects, introduction of new products or
investments, expansion into new markets, and corporate restructurings.
Capturing KPIs
and KRIs on management dashboards remains necessary, but it is also important
for organization leaders to prompt broader consideration of market issues that
could potentially create risk to the organization. Leading indicators—those data
points that signal a change in the environment—are central to anticipating these
types of potential risks, but they are often diffi cult to capture since they tend to
arise from a broad set of circumstances, often in the macro-environment, that
may seem remote and initially disconnected from day-to-day operations.
To identify meaningful leading indicators, management must identify and analyze
changes in the business environment, such as rapid growth, changing technology,
or the emergence of new competitors that could impact the organization’s ability to
reach its objectives. The discipline to look beyond past events and anticipate new
risks requires a forum for discussion, along with strong leadership and facilitation
as part of the risk assessment process.
A review of the external environment helps identify outside events that may have
impacted the organization’s shareholder value in the past or may impact it in the
future. Drivers to consider include economic, social, political, technological, and
natural environmental events, which can be identifi ed through external sources
such as media articles, analyst and rating agency reports, and insurance
broker assessments.
