Login required to access some wiki spaces. Please register to create your login credentials
|
This paragraph, and the work of the Task Team which supported its development, has surfaced a number of common issues across NSIs around the application of risk management and the advantages of operating in an Agile delivery environment.
It is clear that risk management is evolutionary and different organisations are at different levels of maturity. For those organisations which have implemented a risk management approach following international best practice, the principles in this paper can be used to accelerate from these foundations and grow maturity to that of a high performing organisation.
At Figure 7 is a maturity model which demonstrates the behaviours which would qualify an organisation to achieve differing levels of maturity against various dimensions. These include, Risk Appetite, Risk Culture, Agile Delivery and Risk and Agile Resource. This model has been developed by the Task Team to help organisations understand the journey and the positive steps at each stage.
What we have shown is reconciliation between risk management and Agile to make sure risk management is fundamentally about effective decision making, to take advantage of Agile delivery as a process which inherently reduces risk, and to exploit Agile practices for better risk management.
In a rapidly changing world and within an environment of multiple emerging threats and opportunities NSIs can exploit these principles in order to ensure their continuing success.
The work of the UNECE Task Team on Risk Management in the Context of Agile Development uncovered many similar challenges being faced by NSIs from across the global community. With the data revolution this community of organisations is facing unprecedented change and opportunity.
In order to continue to help each other succeed in this challenging environment the members of the Task Team have agreed to continue to work collaboratively. This work will focus on practical application, further considering case studies and the maturity model and helping each other implement the principles outlined in this paper.
Should the contents of this paper be approved, it is proposed that the Task Team will reconvene in the New Year to develop this work further. It is also suggested that a follow-up workshop of the wider community is held to consider both the outcomes from this task team and other priority areas, including developing a register of the highest level risks which are common across NSIs and considering whether these can be managed collectively for mutual benefit.