Risk Management Process

IRIS provides a flexible framework that caters for the specific needs of customers from all industry sectors.

Our Risk Management Approach is based on our extensive experience of managing risks “at the coal face”.

IRIS Intelligence has worked with private sector and government institutions of all shapes and sizes across Europe and North America.

Our method is a prescriptive framework, but it recognizes the need for flexibility – the framework must support your teams in managing risk, not constrain them.  The method is flexible enough to be used across all industries and in conjunction with a variety of regulatory frameworks.

Using our methodology, organizations can embed a risk aware culture.  We are able to match the maturity of the framework to ensure it is appropriate for the size and complexity of each team.

Regulatory Frameworks

Step 1: Identify

A variety of techniques can be used to identify risks.  These range from checklists to brainstorming prompts, fishbone diagrams to fault tree analysis, structured “what if” questioning to scenario analysis.

More detail on risk identification techniques can be found in our White Papers section.


Step 2: Analyse

The key to risk assessment is to ensure there is consistency of evaluation criteria – ensuring  one person’s “low” is not “very high” to another on the team and vice versa.

Risks should be assessed in terms of both probability of occurrence and impact but the complexity and sophistication of the specific assessment criteria should be matched to the size and complexity of the project or department.

It is common to assess impact in terms of cost, schedule and technical criteria but a single impact dimension or additional dimensions such as safety may be appropriate.  Impact assessments range from simple qualitative assessments to three point estimates for statistical simulation.

Step 3: Mitigating Actions

Once risks have been assessed consistently and the high priority ones have been identified, the key is to reduce risk exposure in the most cost-effective manner.  Teams should consider not just the size of the risk exposure today, but how much this is controllable – in other words, what could the risk exposure be after mitigation.

Resources are invariably limited so how do you decide which risk mitigations to work on?  Simple – the Return on Investment Calculations embedded within IRIS instantly highlight which activity will generate the highest return.

Step 4: Monitor

Once a mitigation plan is developed, the next stage is to monitor progress in reducing risk exposure.  Our Dynamic Risk Matrix and Risk Waterfall (Burndown) Charts provide a snapshot of your current risk profile and progress towards your target respectively.

As well as the typical views, IRIS software enables users to view data according to their priorities (e.g. Finance, Scheduling, etc).  It is even possible to create a matrix to highlight the risk profile for specific departments, customers, components or locations.

Our Gantt Chart Style Timeline View provides a snapshot of the progress on risk mitigation and opportunity maximization actions, instantly flags overdue items and can be viewed within IRIS or exported to MS Project or Primavera for integration with a Master Schedule.

Step 5: Control

Management and Decision-Makers require accurate and timely information to ensure risks are managed in accordance with the appropriate risk appetite.  IRIS software can export all of the displays directly to PowerPoint in just a few seconds to ensure time is spent managing risks rather than preparing management reports.

Risks should be constantly re-assessed.  Risk identification should be repeated to ensure any new risk items are captured, existing risks re-evaluated and the mitigation action plans monitored to ensure they are being completed on time.

Specific implementation will vary from one environment to another, but all of the most successful teams will follow these principles of Comprehensive Risk Identification, Consistent Risk Assessment, Cost Effective Mitigation Plans, Timely and Accurate Reporting.

Need more details? Contact us

For more information on the method, or on the additional tools and experience that one of our Risk Management Specialists can bring to your organisation, please contact us.

Contact Us