Login required to access some wiki spaces. Please register to create your login credentials
|
The different maturity level of NSOs should be taken into account when designing risk management. The state of projects, programs and the portfolio maturity level of the NSO should be assessed before the beginning of the risk management process. In particular, it is important to identify, classify (general, specific) and assess risks related to implementation of the organization’s strategy (so-called “risk of risk management”)[1].
To ensure proper accuracy and quality, a detailed consideration should be undertaken of the context in which the risk management process will take place.
Establishing the external context ensures that stakeholders and their objectives are considered when developing risk management criteria, and that externally generated threats and opportunities are properly taken into account.
Evaluating the organization’s external context may include, but is not limited to:
- The legal, regulatory, environment (whether international, national, regional or local);
- The financial, technological, and economic environment;
- Competitive environment analysis;
- Key drivers and trends having impact an on the organization’s objectives;
- Relationships with, as well as perceptions and values from, external stakeholders[2].
As risk management takes place in the context of the organization’s goals and objectives, it’s necessary to understand the internal context.
Organizational analysis and process mapping are two tools which can support this work. Organizational analysis takes into consideration:
- Governance, organizational structure;
- Policies, objectives, and the strategies set to achieve them;
- Resources and knowledge (e.g., capital, time, people, processes, systems and technologies);
- Information systems;
- Relationships with, as well as perceptions and values from, internal stakeholders and the organization’s culture;
- Standards, guidelines and models adopted by the organization.
Through process mapping, all processes are broken down, analysed and represented while identifying inputs, information flows, roles and accountabilities and outputs for each of them.