Exciting news: MyAxelos is transitioning to a brand new membership experience. In preparation for our launch, we'll need to implement a few adjustments, therefore, for the week of Monday, 26th February 2024, certain MyAxelos functionalities will be temporarily unavailable. These include: Editing of CPD points, Access to Digital Badges, Subscription changes, Payment detail updates. Rest assured, access to all other resources and content will remain uninterrupted during this period.
Sign in
  • Blog

Author  John Edmonds

PPM Portfolio Development Manager – AXELOS

May 10, 2022 |

 5 min read

  • Blog

Even a cursory Google search on “risk management” will tell you that this topic is very much of the moment.

The world – and the nature of risk – has changed significantly in recent years, with threats and opportunities coming from security, climate, health, finance and so on. The volatile, uncertain, complex and ambiguous – VUCA – environment is not merely an acronym.

The stakes when managing risk are higher than ever and environmental, social and governance (ESG) issues are now reaching the boardroom agenda.

And this means everyone’s understanding of risk needs to be much greater.

While there are job roles and industries specializing in risk management, it’s a discipline that is really everyone’s job. That responsibility needs more preparation and wider capabilities to handle it.

Creating a risk management culture

Organizational leadershipneeds to create the right environment to build a culture of proactive risk management. Essentially, a mandate from the top that this is important.

Competence is necessary across the organization: both building expertise in risk specialists and increasing everyone’s awareness and knowledge, so it ceases to be “someone else’s job”.

Achieving this in organizations is challenging. While developing the latest version of the Management of Risk best practice – M_o_R® 4 – we witnessed examples of good and less good practice in organizations; the latter, especially, where risk is considered a culturally negative thing and merely given lip service.

M_o_R 4 – a timely guidance update

Organizations operating in a VUCA world demand a risk management framework that is both current as possible and practical/usable.

Therefore, we felt M_o_R 4 could be even more practical than its predecessor; something to put in practitioners’ hands that they could run with immediately. And this was also an opportunity to add the latest thinking and plug some gaps, so reinforcing its value as a practical and integrated framework for successful risk management.

But while M_o_R 4 isclearly connected with the world of portfolios, programmes and projects, it is equally valid on an enterprise-wide level; taking in strategic and operational activities too.

Programmes and projects have always dealt with risk. However, with its heightened potency today, change professionals really need to improve their risk management game.

And alongside the guidance offered in both PRINCE2 and Managing Successful Programmes (MSP), M_o_R 4 takes it further, helping the practitioner go deeper and build more expertise.

What’s new in the new M_o_R 4?

  1. The eight principles of M_o_R 4 are now described more clearly – offering something more practical than theoretical.
  2. What was previously a four-process lifecycle is now eight. We have broken down the processes into more detail – something that will give PRINCE2, MSP practitioners and other change professionals and managers greater risk knowledge.
  3. Techniques for identifying risk are now related directly to parts of the process cycle. The description of techniques is clearer and we have included example, fictional scenarios for the first time.
  4. A new “people” chapter reflects the fact that people make or break risk management through their decisions. For example, company cultures often reward so-called heroic behaviour, such as “firefighting” problems constantly. With better risk behaviour, they needn’t be causing “fires” in the first place.
  5. The guidance acknowledges different perspectives and how various parts of an organization will use M_o_R 4 differently, including strategic, operational and product management functions.

Why manage risk with M_o_R 4?

The subheading for this latest guidance is “Creating and protecting value”.

By that, we mean that managing risk is more than a cost: it brings benefits to the organization and, if done well, will create and protect business value by managing threats and opportunities better.

For individual practitioners, studying and certifying in M_o_R 4 will help them become more accomplished managers, leaders and supervisors – alert to what could happen in the face of ongoing uncertainty.