Collaborative Risk Management

PRIMO Academy shares knowledge about authoritative and successfully applied risk methods and techniques. In this article the focus on collaborative risk management by application of the agile framework Scrum and the interactive software  RISKiD, used for (re)design of strategy and development by a large company, delivering and maintaining infrastructure for a diverse range of train traffic. One of the instruments which can be helpful to play the music of good governance.

By Gwendolyn Kolfschoten* and Jos van Ginkel**

Rigorous collaborative risk management to enhance stakeholder awareness and engagement
Risk management is becoming increasingly important in various domains. Although nowadays risk management is a common practice, and most project management disciplines prescribe it as a best practice, we still see large projects consistently end up over budget and over time. Even in new types of contracts and in innovative, collaborative forms of organization and management, where shared responsibility is the norm, we still see risk management failing to cope with the dynamics and uncertainties in projects. We distinguish two typical pitfalls.

Pitfalls in risk management
In the first case, one single specific person, often a specific, central role, high in the project organization structure, is made responsible for risk management. Although this anchors the responsibility for risk management, we see that the key challenge of the risk manager appears to be gaining trust and feedback to gain and keep insight in the project risks. Support and ownership of the risk monitoring and control measures is often difficult to achieve, also because risk manifestation, or an early indication of it, is often the prelude to a round of ‘black jack’, to place the blame and responsibility with a specific person, preferably someone else of course.

In the second case, risk management is operationalized as an exercise in ‘check-marking’. With a large check list, risks are identified and controlled. In this way there is little attention for new and unknown risks, and little consideration of scenario thinking and rigorous exploration of trends and changes. This approach has a serious risk of blind spots and tunnel vision.

Participatory approach
New types of collaboration demand a risk management approach that creates support from the stakeholders involved, in a participatory and transparent setting, with rigor, both in the formulation of risks and in the exploration of scenarios and potential trends and developments. Such approach can be achieved with the use of RISKiD, developed to identify risks interactively with a group of people and to achieve a joint consensus on results. This way a shared and supported perspective on risks is developed, as a basis for a more participatory approach to risk management.

Characteristics of this approach are a structured, rigorous method in which risks are step-by-step identified, classified, specified, and where stakeholders jointly consider the measures to manage and control risks. Further, structure in the formulation of risks is important. Risks are identified with a cause and effect, a classification and with specification of chance, impact and time of occurrence. Similarly, measures are specifically formulated with a person responsible, status and duration.

Besides structure it is critical to enhance support and consensus. This can be achieved by (virtually) involving all critical stakeholders, and inviting them to actively participate and engage in the identification and specification of risks and mitigation strategies. Further, it is critical to jointly develop shared understanding and consensus about the impact of risks. This creates an overview of risks that is recognized, acknowledged, and supported by all critical stakeholders, and in which responsibilities are allocated and owned.

“This creates an overview of risks that is recognized, acknowledged, and supported by all critical stakeholders.”

Such a shared foundation is critical to create transparency and develop trust with respect to the risks in a project. This transparency will pay off when stakeholders and participants in the project share insights and updates about risks and mitigation strategies, and their status.

Using RISKiD also has the advantage that participants can collaborate much more effectively than in a traditional workshop as they are able to work in parallel in several phases of the process. As the identification and specification of risks happens anonymously, there is a more objective and open discussion about risks and the acknowledgement of uncertainties and issues. A final critical advantage of this approach is that the system takes care of automatic impartial documentation of the risks, which can be exported to another maintenance environment.

Case example
To illustrate the experience with this method, we describe a case. A large infrastructure management company works on the development of a new management information system to control the overall status and configuration of the infrastructure network. The data in this management system are critical for the organization and the safety of the infra structure network. There are many stakeholders involved  who upload, manage and use the data in the system.

The development of this new system encompasses various risks, especially with respect to context management, coordination, technological innovation and information quality. These risks can only be maintained though the active involvement of stakeholders, which ensures ownership and shared responsibility.

In traditional approaches to risk management, the execution of the risk assessment is mainly done by a risk manager or project manager. Experience shows that the commonly used approach of plan-do- check-act is labor intensive and tends to fail when it comes to creating risk awareness and a team focus on risk management.

The project was executed using the agile Scrum method, based in sprints of three weeks, in which both Scrum teams deliver their potentially shippable results, and evaluate their progress.

For this project we needed an approach to identify, analyze, evaluate and control risks in a collaborative way, in which a shared result is created that is supported by the team, and leads to shared awareness and joint overall ownership of the risk management approach. The approach further had to fit the Scrum approach in which stakeholders were regularly involved.

“For this project we needed an approach to identify, analyze, evaluate and control risks in a collaborative way”

For this purpose we choose to use the collaborative risk management system called RISKID. With this we were able to involve all relevant stakeholders in the process without losing efficiency of the analysis and evaluation of risks. The interactive approach strengthened the rigor of the analysis and helped to structure the formulation of risks. Using the collaborative approach embedded in the software we managed to keep all stakeholders engaged  in the risk management task, and to gain full support for and ownership of the risk mitigation strategy.


*Dr. Ir. Gwendolyn Kolfschoten, Beter Samenwerking. For the past decade Gwendolyn did research on electronic meeting systems and collaboration. She published a book under the title ‘Effective Collaboration’ and currently works as an independent trainer, consultant and workshop facilitator.

**  Ing. Jos van Ginkel, Gephuro Projectmanagement, has more than two decades of experience with software development, of which more than eight years as an independent project manager. He combines his technical experience with change management expertise to optimize the performance of project teams.