Login required to access some wiki spaces. Please register to create your login credentials
|
-
Created by
Tetyana Kolomiyets, last updated on 10 Jan, 2017
3 minute read
I. Risk Management in NSIs
A risk can be defined as “the effect of uncertainty on objectives”, where “an effect is a deviation from what is expected (positive and/or negative), often expressed in terms of a combination of the consequences of an event (including changes in circumstances) and the associated likely occurrence”.
NSIs operate in an environment with a number of inherent threats and opportunities, be it threats to statistical quality, data security, capability or general delivery. Many NSIs therefore see risk management as an intrinsic contributor to delivering high value outputs, as well as creating a platform for innovative work. Through the management of risk, organizations seek to minimize, though not necessarily eliminate, threats and maximize opportunities.
Effective Risk management is fundamentally about appropriate decision making. We all make decisions every single day; some decisions will create threats or opportunities whilst some will mitigate threats. Risk management helps us take decisions which are appropriate to the level of risk we are willing to take.
There are many factors which contribute to successful risk management, for example:
- gaining senior management support for risk management and a willingness to invest in and build risk management capability in accordance with best practice standards;
- having a specific and focussed infrastructure to support the management of risk, i.e. a risk management policy, corporate risk register, risk management training and central support;
- having clear risk appetite statements (as explained later in this paper) or tolerances to allow for appropriate decision making in line with the organization’s expectations;
- developing a positive risk-management culture – embeds and supports active management of risks to ensure best decision-making throughout statistical organizations
- taking action to anticipate, treat or tolerate threats and exploit opportunities; in line with agreed appetite levels
- monitoring and reviewing progress, in order to establish whether or not any further action may be necessary, i.e. have we ‘done enough’?;
- treating risks through use of action plans (mitigation), or tolerating (accepting) risk where risks are monitored not managed and contingencies are explicit;
- establishing appropriate escalation processes whereby unmanageable threats are presented to senior leaders who can strategically evaluate and make final decisions regarding treatment or toleration of the threat, taking into account possible consequences.
- effective identification of accountable and responsible product owners who take ownership of any risks.
- ensuring effective contingency plans are in place to support management of realized risks.
Agile in NSIs
Agile delivery has its roots in software development as an approach where requirements and solutions evolve through collaboration between self-organising, cross-functional teams. It promotes adaptive planning, powerful/ strategic development, continuous improvement, and encourages rapid and flexible response to change. Some common techniques associated with Agile include the use of Scrum, Kanban, Continuous integration, burn-up/down charts, etc. Agile focuses on the delivery of fit-for-purpose solutions early and often, thereby releasing value at the earliest opportunity, and learning from fast feedback to meet customer needs.
Agile practices inherently reduce risk. For example, tackling change and development in a series of ‘sprints’ helps ensure continuous feedback and alignment with customer expectations. This in itself mitigates risk, allows for a greater level of risk to be tolerated and manages the biggest risk any initiative can face – the risk of non-delivery. It has also been recognised that some Agile ‘ceremonies’ (daily stand-ups and sprint planning etc.) are essential to assurance but they can be focussed within teams and lack wider stakeholder engagement.
NSIs are organisations underpinned by technology; we have therefore seen the increasing use of Agile delivery both in terms of systems and tools but also the increasing use of Agile techniques in wider project delivery. In a rapidly changing world NSIs are delivering large amounts of change, particularly around digital and technology transformation, this focus on change and technology enabled transformation has led to an increase in Agile as a culture within NSIs.