Risk Assessment Matrix

A large industrial client invited us to build and support their risk management system.  Previously, risk analysis had been managed using spreadsheets and documents.  There was legitimate doubt over where the “single version of the truth” lay.  The situation had not been helped by previous risk management specialists who provided one-off studies resulting in documents which were hard to absorb and expensive to maintain.

We put the risk log online, and selected SharePoint in the Cloud as a value for money proposition, easily maintained and always live, accessible to all the organisation’s staff without complex additional licencing.

The crucial element of this project was to obtain ownership and maintenance of the risk log data.  Initially, we targeted the range of engineering disciplines, where there was the strongest desire to solve the long-running issue.  Hence, in addition to the technical delivery, we

  • Worked alongside a dedicated on-site risk specialist over the system design
  • Extracted data from previous studies to seed the risk log
  • Conducted 1:1 knowledge elicitation interviews with subject matter experts
  • Carried out group training workshops to familiarise people with the platform
  • Conducted quarterly follow-up sessions with key staff to developed and improve the data

This embedding phase was one of the key successes of the programme, which led to its continued growth and rollout.

Although the risk log began as a specialist engineering concern, its success in one area caused it to be accepted rapidly by the rest of the business.  In a short period, we had migrated a full range of corporate risks onto the system, including diverse kinds of risk such as governance, environmental, industrial safety and trading.

At this point, it became essential to manage which users could see which data, which was feasible by using SharePoint.  There was also a separate challenge of catering for different types and levels of risk.  For example, a tiny risk of a fatal or severe incident requires completely different treatment from a (sometimes) very large risk of commercial setbacks.

Through hard work and a committed approach to risk management throughout the organisation, we succeeded where other specialists had failed.  The key to this success, we believe, lay not in our being “experts” but in developing a close working relationship with the large community of risk owners.