Developing and implementing a consistent risk management framework
Organisations recognise the need for risk management, and many purport to have it in place. Further investigation often reveals inconsistent and superficial processes for risk identification and management, and even inconsistent approaches to risk categorisation. Management is reassured by the belief that risk management is in place, as evidenced by the existence of risk registers produced by business units and project managers. Yet a high-rated risk in one project may receive only a medium rating in another, and there is often little challenge and debate about new and changing risk profiles.