Risk

Determining a change's risk level is essential for effective change management. It involves evaluating both the change's impact and the implementation team's experience. This dual assessment allows organisations to categorise changes according to their potential consequences and the likelihood of successful execution.

Risk Assessment Matrix

A risk assessment matrix can be utilised to facilitate this process. This matrix considers two main dimensions: Implementation Experience and Impact. Each change can be positioned within this framework to ascertain its risk level, as demonstrated below:

Implementation Experience

Impact:

Extensive / Widespread

Significant / Large

Moderate / Limited

Minor / Localized

No Experience

Critical

High

Previously Done With Issues

Critical

High

Medium

Limited Experience

High

Medium

Experienced With Multiple Successes

Medium

Low

Routine

Medium

Low

Assessing Implementation Experience

No Experience: Changes initiated by individuals or teams with no prior exposure to similar implementations pose the highest risk. This lack of familiarity can lead to critical failures, especially for changes that have widespread impacts.
Previously Done With Issues: Previous attempts at implementing similar changes with issues also indicate a critical risk level. Although there is some experience, the past problems highlight potential pitfalls.
Limited Experience: Teams with limited experience show a moderate to high-risk level. While they may be somewhat familiar with the process, uncertainties remain that could lead to challenges during implementation.
Experienced With Multiple Successes: A track record of successful implementations significantly lowers the risk. Such teams are better equipped to handle challenges and anticipate potential issues, resulting in a medium to low risk.
Routine: Changes that are routinely implemented carry the least risk. Established processes and familiarity within the team ensure smooth execution with low risk across various impact levels.

Evaluating Impact

The impact of the proposed change must also be assessed:

Extensive / Widespread: These changes affect the entire organisation and pose a critical risk due to the potential for large-scale disruption.
Significant / Large: Changes with significant internal implications are high-risk and require thorough evaluation and planning.
Moderate / Limited: Changes affecting specific departments or groups are of moderate risk, necessitating careful consideration.
Minor / Localized: These changes carry the lowest risk, impacting only a small department or role, allowing for more straightforward implementation processes.

Organisations can effectively identify the associated risk levels by systematically analysing the implementation experience and impact of a proposed change. This structured approach enables proactive risk management, ensuring appropriate resources and strategies are in place to facilitate successful change implementation while minimising potential disruptions.

Escalation Process

The escalation process is vital to effective risk management and change implementation within an organization. It involves a structured approach to addressing risks based on their severity and the necessary level of response. The escalation process ensures that appropriate action is taken promptly to mitigate potential organisational impacts.

Example Risk Levels and Actions

Critical Risks:
- Approval Level: Managed by the Managing Director.
- Actions: This requires urgent and immediate attention, and an action plan must be developed immediately. The action plan must identify controls to reduce the likelihood and impact of the risk. The Managing Director (MD) should escalate the matter to the Board as appropriate, while the General Manager actively manages, monitors, and updates the MD.
High Risks:
- Approval Level: Handled by the General Manager.
- Actions: Emphasis is placed on identifying and implementing controls promptly. The action plan should be developed promptly, with the Functional GM escalating to the MD as needed and monitoring the situation closely.
Medium Risks:
- Approval Level: Supervised by the Direct Manager.
- Actions: The focus is on reviewing existing controls for effectiveness. Team members are expected to escalate issues to the General Manager and actively manage, monitor, and update them as necessary.
Low Risks:
- Approval Level: Automatically managed.
- Actions: The focus remains on maintaining existing controls, with team members responsible for monitoring any changes in the risk environment.

Last updated 7 months ago

Was this helpful?

Risk Assessment Matrix

Implementation Experience

Impact:

Extensive / Widespread

Significant / Large

Moderate / Limited

Minor / Localized

No Experience

Critical

High

Previously Done With Issues

Critical

High

Medium

Limited Experience

High

Medium

Experienced With Multiple Successes

Medium

Low

Routine

Medium

Low

Assessing Implementation Experience

No Experience: Changes initiated by individuals or teams with no prior exposure to similar implementations pose the highest risk. This lack of familiarity can lead to critical failures, especially for changes that have widespread impacts.

Previously Done With Issues: Previous attempts at implementing similar changes with issues also indicate a critical risk level. Although there is some experience, the past problems highlight potential pitfalls.

Limited Experience: Teams with limited experience show a moderate to high-risk level. While they may be somewhat familiar with the process, uncertainties remain that could lead to challenges during implementation.

Experienced With Multiple Successes: A track record of successful implementations significantly lowers the risk. Such teams are better equipped to handle challenges and anticipate potential issues, resulting in a medium to low risk.

Routine: Changes that are routinely implemented carry the least risk. Established processes and familiarity within the team ensure smooth execution with low risk across various impact levels.

Evaluating Impact

The impact of the proposed change must also be assessed:

Extensive / Widespread: These changes affect the entire organisation and pose a critical risk due to the potential for large-scale disruption.

Significant / Large: Changes with significant internal implications are high-risk and require thorough evaluation and planning.

Moderate / Limited: Changes affecting specific departments or groups are of moderate risk, necessitating careful consideration.

Minor / Localized: These changes carry the lowest risk, impacting only a small department or role, allowing for more straightforward implementation processes.

Escalation Process

Example Risk Levels and Actions

Critical Risks:

Approval Level: Managed by the Managing Director.
Actions: This requires urgent and immediate attention, and an action plan must be developed immediately. The action plan must identify controls to reduce the likelihood and impact of the risk. The Managing Director (MD) should escalate the matter to the Board as appropriate, while the General Manager actively manages, monitors, and updates the MD.

High Risks:

Approval Level: Handled by the General Manager.
Actions: Emphasis is placed on identifying and implementing controls promptly. The action plan should be developed promptly, with the Functional GM escalating to the MD as needed and monitoring the situation closely.

Medium Risks:

Approval Level: Supervised by the Direct Manager.
Actions: The focus is on reviewing existing controls for effectiveness. Team members are expected to escalate issues to the General Manager and actively manage, monitor, and update them as necessary.

Low Risks:

Approval Level: Automatically managed.
Actions: The focus remains on maintaining existing controls, with team members responsible for monitoring any changes in the risk environment.