Skip to Main Content of the Web Page
Effective Risk Management
Demo Request

"The IRIS software tool provides us with a rigorous methodology and our clients are able to generate a competitive advantage through risk management"

Mark Cook, Managing Director, Persides Ltd

"IRIS risk mangement software helped us to derive major financial and performance improvements. The combination of quantitative and qualitative functionality provides robust decision support and the ability to navigate through complex scenarios"

Mehender Rawat, Programme Manager, London Underground

"WFI searched for a risk management support tool for many years. With IRIS, we have finally found a product we can introduce to our clients and ensure they manage their risks effectively"

Michel Sabatier, Head of Consulting, WFI

"In developing the IRIS software product, Istria have successfully managed to integrate our leading-edge quantitative techniques within an extremely intuitive and user friendly application. With IRIS’s qualitative risk matrices, customers now get the best of both worlds"

Chris Marlow, European Sales Director, Palisade Europe

"Recent research indicates over 70% of programmes are late, over budget or ineffective. Organisations employing effective risk management have reduced this failure rate significantly and gained a significant competitive advantage"

Colin Wheeler, Istria Technical Director and PMI Risk Liaison

Managing Risk

Risk Management From Istria

Risk is an inevitable by-product of any activity. It is often not possible , therefore, for organisations to eliminate their exposure to risk entirely. Rather, organisations must seek to understand the risks to which they are exposed and manage this exposure more effectively.

20 years ago, Istria released its own Risk Management Method. This has been continually improved and refined over the last two decades using practical experience of managing risks at organisations of all shapes and sizes.

The Istria method is based on best practice across industries. While it is a prescriptive framework, it is flexible enough to be equally applicable across all industries. It can be applied using one of our Istria Risk Management consultants, who bring with them specific industry experience, or by implementing our user-friendly and intuitive software tool, IRIS.

Broadly, the method can be outlined as per the representational image here

We set out a brief overview of this method below. For more information on the method, or on the additional tools and experience that an Istria Risk Management Specialist can bring to your organisation, please contact us

Set up Risk Management Structure

Determine Risk Appetite: Understand the acceptable level of risk that can be absorbed by the organisation, department, project or programme. The costs of avoiding risks beyond this risk appetite (often called risk tolerance) mean that it is no longer beneficial to attempt to avoid them.

Develop Risk Language: From a change management perspective, it is imperative that people within the organisation understand each other. Developing a common risk language or “risk glossary” is a vital step to ensure that wires are not crossed

Implement Organisational Structure: In order to manage risk effectively, the organisation or project must set up an appropriate organisational structure. Individuals and groups should be set up with clearly defined roles and responsibilities, together with an appropriate reporting structure and meeting schedule.

The structure clearly varies according to the size and complexity of an organisation or project, ranging from a series of overlapping risk sub-committees through to no more than a part-time risk manager. In all cases, however, the objectives, responsibilities and respective authority of each group and individual should be clearly demarcated.

Identify Risks & Issues

  • Understand and validate the strategic objectives of the organisation / project to help determine what is at risk
  • Consider the various types of risks that the organisation is exposed to (Strategic Risk, Operational Risk, Project Risk etc)
  • Ensure a common risk language permeates the organisation / project
  • Identify specific risks that may occur. Include all stakeholders in the risk identification stage, utilising industry and functional expertise, together with lessons learned from similar projects
  • Consider the probability and potential impact of each of these risks occurring
  • Assign Responsibility: Each risk should be allocated a “risk owner” to ensure someone is accountable for the management of that risk going forward
  • Categorise each risk and set up a risk breakdown structure
  • Document each risk and set up the risk register

Evaluate & Plan

  • Develop overall risk reduction strategy and approach
  • Specify the “trigger” for each risk - the event or date that indicates the occurrence of the risk
  • For each risk, decide whether to mitigate, monitor or ignore
  • Develop Mitigating Actions: Specific action steps should be determined in order to reduce the probability or impact of each individual risk
  • Develop Contingency Plans: Contingency plans come into force once a risk has crystallised. These reduce the impact of the risk or return business as usual at the earliest opportunity (e.g. Disaster Recovery Plans)
  • Integrate Risk Actions within overall Programme Management Plans

Mitigate & Control

  • Initiate the risk mitigating actions.
  • Exposure to avoidable risks should be reduced at the earliest opportunity
  • Monitor the outstanding risks
  • Populate Risk Matrix / Risk Register and update regularly
  • Implement contingency plans for risks that do crystallise

Report & Review Risks

  • Risk Management should be inherently embedded within the organisation and / or project. Regular Management reports should provide clear visibility on the risk exposure and enable prioritisation of the risks.
  • As the internal and external environment is constantly changing, risks should be regularly reviewed and updated
  • Maintain the Risk Register and update Risk Matrix and Risk Action Plans
  • Quantify risk exposure using Monte Carlo statistical analysis and assess in conjunction with stated risk appetite. Cumulative time and cost analyses can be generated, scheduling issues identified and the relative cost / benefit of mitigating activities continually reviewed.

Throughout this process, organisations should embed a risk aware culture. This will increase sensitivity to warning signals and ensures continual improvement in the identification, assessment and management of risk.

Using this framework, organisations can ensure that appropriate strategies are planned well in advance of any risk occurring. In this way, the probability of a risk occurring is reduced, or its impact minimised. Through increased awareness of problems across the organisation or project, companies and government agencies can generate enormous value and process improvements through effective risk management.