This chapter is from the book
This chapter is from the book
This chapter is from the book
The Three R’s: RAM, RACI, and RBS
The risk management plan is rooted in the notion of providing management guidance. It is less about what work is being performed and more about how processes are ultimately going to be managed. Roles and responsibilities for these processes need to be clearly delineated. The clearer the understanding of what roles need to be filled, the easier it will be to minimize bias within the process. Bias often asserts itself when roles are established ad hoc and when consistency doesn’t exist across RMP approaches.
Consistency is much easier to achieve when the same documents exist within an enterprise to identify the roles essential to carrying out risk management planning. Key among those documents are
The responsibility assignment matrix
The responsibility/accountability/consultation/information grid
The risk breakdown structure
Responsibility Assignment Matrix (RAM)
The responsibility assignment matrix (RAM) in risk management is a simple list of the risk processes to be implemented and the roles (or individuals) responsible for carrying them out. Ideally, to make the RAM function more effectively, the responsibilities are assigned by role, rather than individual names. Although individuals will fill those roles, the use of the role affords the project the ability to absorb team member loss or organizational shifts more readily.
One of the major advantages of the RAM is its simplicity. It doesn’t require extensive education to understand or interpret what the chart means. Table 5-2 provides an example of a simple RAM.
Table 5-2 Risk Management Plan Responsibility Assignment Matrix
Process |
Martine |
Executive Sponsor |
Project Manager |
Product Owner |
Data Capture |
X |
|
|
|
Archiving |
X |
|
||
Lexicon Maintenance |
X |
|
|
|
Escalation Protocol |
|
X |
|
|
To apply the RAM, one needs to go no further than to identify the process and look for the “X.” Note that the only named individual in the sample chart is Martine. If something should happen to Martine, this document will have to be updated. For the other processes, if there are organizational shifts, the roles become all important, rather than named individuals. When an individual is critical to the process, the individual should be named.
For a risk manager, this document facilitates the assignment of process owners, making it easier to track down responsible parties and get their help in serving those process steps.
RACI (Responsible Accountable Consult Inform) Chart
The RACI chart in risk management is an expansion of the traditional (simpler) RAM. For most managers, the RACI is better known by its acronym than the words the acronym represents. In an exam where most of the acronyms have been abolished, RACI remains. The major difference between a RAM and a RACI is that the RACI has additional information regarding the other participants in any risk process. In addition to responsibility (as found in a RAM), this chart also identifies three other factors. The four factors found in a RACI each have a distinct meaning:
Responsibility: The role or person who will actually perform the process step
Accountability: The role or person who will be held liable for the success or failure of the process step
Consult: The role or person who might be able to provide supplemental information about the nuances of implementing the process step
Inform: The role or person who should be apprised of the progress or status of the process step
As with the RAM, it doesn’t require extensive education to understand or interpret what the chart means. Table 5-3 provides an example of a simple RACI chart.
Table 5-3 Risk Management Plan RACI Chart
Process |
Martine |
Executive Sponsor |
Project Manager |
Product Owner |
Data Capture |
R |
C |
A |
I |
Archiving |
C |
I |
R, A |
I |
Lexicon Maintenance |
R, A |
|
C, I |
I |
Escalation Protocol |
|
R, A |
|
C, I |
To apply the RACI, it’s important to understand that no process step can have more than one accountable individual. Although there might be several roles working on a process, and even more who need to be informed, only one person or role can ultimately be accountable for the work.
The Risk Breakdown Structure
The name of the risk breakdown structure (RBS) is most appropriate when discussing it in the context of the risk management plan. That’s because it’s a structure. It’s a framework into which risks will ultimately be incorporated. It is not the risks themselves, but instead is the decomposition of the source of risks as they are identified or about to be identified.
The sources of risks for an RBS may be generic (like the prompt list PESTLE) or enterprise specific. They can go down several levels through decomposition. The risk management plan documents this structure, because it might be applied and reapplied multiple times throughout the life of a project.
In its lowest levels, the RBS can highlight some of the most pervasive risks faced by an organization, and the set of sources at those low levels can ultimately become the foundation for risk process checklists.
If the organization seeks to maintain consistency, ownership of the RBS might rest with the project management office, at least at the higher levels of the structure. At the more detailed levels, more project-specific risk sources might surface. Table 5-4 provides an example of a simple RBS.
Table 5-4 Risk Management Plan Risk Breakdown Structure
Risk Breakdown Structure Level 0 |
Risk Breakdown Structure Level 1 |
Risk Breakdown Structure Level 2 |
All Project Risk Sources |
Politics |
National political movements |
Community political movements |
||
Internal enterprise politics |
||
Economics |
Market growth |
|
Inflation |
||
Taxation/tariffs |
||
Social |
Media narratives |
|
Social media presence |
||
Community perceptions |
||
Technological |
New tech |
|
Obsolescence |
||
Technological acceptance |
||
Legal |
Lobbying |
|
Lawsuits |
||
Liability |
||
Environmental |
Earth-based |
|
Regional environment |