Author- Anand Shah Subject- Risk Appetite anandshah.09@gmail.com

+91 940 863 5561 Page 1

Know your Risk Appetite!

Categories – Risk management, who is

responsible, need to manage at tolerable level,

importance of informed decision.

Risk is an event which is not yet occurred and once it is occurred then it is an Issue.

We all have been doing risk management throughout our lifetime, knowingly or

unknowingly. When we were student, few were studying consistently from day one of

the semester and few of us when exams approaching. Result is more dependent

upon how proactively we identify and effectively analyse the risk along with efficient

implementation of the strategy.

Concept of risk management is same and applies in all areas as it is. Only in case of

Organization, Risk management is more of a collaboration approach rather than

individual. It is an activity to improve quality, productivity and work/life balance in

organization. If we consider Software water flow model then PM/BA performs risk

management to make sure that Arch/Designer can perform well and this goes on for

Arch/Designer to make developer’s life smoother and in turn tester in a successive

chain approach and any deviation can result into more rework and impact on quality.

So is it only senior team members are responsible for identifying and mitigating risk

or people implementing plans are responsible?

It is everyone’s job at all levels in order to work

as a Team. Collaboration and communication

plays a vital role, how we manage risk in larger

context. Everyone needs to know Risk Appetite

(generally guidelines/policy) of the organization

and then perform risk management within

control limits specified. Risk management is

mandatory and beneficial at individual, team,

project and organization level irrespective of

employee role, responsibility and designation.

It is an integral part of every business

processes in organization.

Author- Anand Shah Subject- Risk Appetite anandshah.09@gmail.com

+91 940 863 5561 Page 2

Like every country has traffic rules and system in place and every driver needs to

follow these rules along with their hazard perception skills. Similarly Organizations

have Risk management policy and standard defined. Every employee of organization

need to compliance with this policy along with their hazard perception skills specific

to their expertise/domain. Expert says that known roads and improved hazard

perception skills of employee will lead to high maturity organization. This is the

reason all organizations are moving towards standards like ISO, CMMi so that new

joiner can understand the process faster if they work in similar standard with their

previous organization. Every organisation has customized model for risk

management primarily depends upon organization size, budget, business and risk

adopting threshold. Almost all methodology like Agile, Scrum, PMP, Prince2, Six

Sigma and CMMi are developed around Risk Management framework.

It is important to train everyone to

identify/manage/escalate the Risk as per

organization standard/policy. For e.g. Software

Company may not have critical risk with regards to

adopting technology as this is its primary domain

but the same can be a critical risk for Government

organization. Defining risk management policy

includes appetite, threshold, strategy, categories,

do’s & don’t, tolerance level and escalation

procedures. We cannot mitigate all the risk but

always can communicate/escalate to respective

stakeholders as appropriate. Risk can be

escalated at every level and mitigated at every

level as it is a job of everyone in the project team.

It is not enough to just identify the risk but also to develop plans and consider

important decisions in order to avoid/transfer the risks or convert them into

opportunity. Processes are used to overcome people dependency on the project.

Risk management ensure that succession plan is created and implemented at

individual level to make sure that project is more process centric and not people.

Author- Anand Shah Subject- Risk Appetite anandshah.09@gmail.com

+91 940 863 5561 Page 3

There are number of methods of managing risks and more one uses statistical and

industry proven approach then decisions are more aligned with business needs.

Sometimes it is best to take decision based upon past/current experience in

organization instead of getting into statistical method and justify the decision as a

team. But many a times, we cannot take decision just on perception/experience and

requires proven method/science/evidence to reach to a decision. For example, pilot

cannot take decision that today, I am ready and safe to travel from one place to

another as this decision requires number of parameters like weather, flight

condition/readiness, fuel, satellite, software, hardware and many more. Also this

decision requires at each and every flight departure. Here, industry using rigorous

statistical risk management process to see if the acceptance level is met as per

airlines risk management policy. Benefits of using standard process are to take

consistent safer decision along with business benefits.

There is no right or wrong framework and it needs to be customized depends upon

project and organizations resource maturity and adoptability level. To know more

about organization operating model please refer my blog on the same. Industry

statistics claim that more effort requires on risk management front at the beginning of

the project to increases success ratio of the project as it is more manageable at early

stage. But that does not mean, Risk management effort decreases most of the times

as project moves forward.

Author – Anand Shah PMP & Prince2 Practitioner

Visit for more blogs @ in.linkedin.com/in/anandshah09/ or On Slideshare