The Tale of Two Risk Owners

Ever had a really bad day as a project manager? Imagine that you are managing a software development project. Several simultaneous events have occurred that put your project at great risk:

  • The defect level of source code has risen well above the defined threshold or trigger point for the third consecutive week
  • The test region has been very unstable (and is going down once or twice per day)
  • The best developer had a car accident and will be out two to three months
  • The users continue to request numerous changes in the functionality of the software
The Tale of Two Risk Owners

Photo courtesy of (edited in Canva)

You Need a Skilled Risk Owner

You need a risk owner or owners for these IT-related risks. Now imagine these risks occurring under two different IT Directors.

Let’s call the first IT Director – OC – for “Out of Control.” OC is not a planner and is always busy putting out fires. He jumps from one situation to another.

This Director feels he must be hands-on and involved in all the details. He marshals his resources from one issue to the next. He loves to ride in on a white horse and save the day. His resources seem confused and weary.

The second IT Director – IC – is “In Control.” IC sees the IT processes not as disparate processes but as an integrated whole. This Director provides oversight to the IT software development process. She proactively identifies and manages the IT risks.

She integrates risk management naturally into her day-to-day conversations and meetings. IC enjoys developing her resources through effective delegation. When there is a success, she gives praise to others.

Which IT Director would you prefer to own the IT risks? For me, IC wins hands down.

How Skilled Risk Owners Identify and Manage Risks

Mature, skilled risk owners understand and leverage various risk identification tools, such as:

  • Looking at lessons learned from past projects
  • Interviewing stakeholders
  • Reviewing risk checklists
  • Brainstorming risks with IT managers

Skilled risk owners proactively define risk response plans. These risk owners invest time in mitigating risks early and preparing their contingency and fallback plans. They proactively take steps to reduce the probability and impact of risks.

The Need for Risk Action Owners

For large projects, it would be difficult for a single risk owner to execute numerous risk response plans simultaneously. This is where the risk action owners come into play. Risk owners define the risk response plans. The action owners execute the response plans when the risks occur.

As the risk action owners execute the plans, the risk owner oversees the risk responses. The risk owner ensures that the risk action owner has the required resources. They evaluate the effectiveness of individual responses as well as the aggregate IT response.

Question: What has been your biggest challenge with risk owners? How did you address the challenge?

Please note: I reserve the right to delete comments that are offensive or off-topic.

2 thoughts on “The Tale of Two Risk Owners

Comments are closed.