Risk management is a central part of any organisation's strategic management. It is the process whereby organisations methodically address the risks attaching to their activities with the goal of achieving sustained benefit within each activity and across the portfolio of all activities.
The focus of good risk management is the identification and treatment of these risks. Its objective is to add maximum sustainable value to all the activities of the organisation. It marshals the understanding of the potential upside and downside of all those factors which can affect the organisation. It increases the probability of success, and reduces both the probability of failure and the uncertainty of achieving the organisation's overall objectives (Institute of Risk Management (IRM), 2002).
There are many approaches to managing risk in a business setting. The elements that comprise a risk management plan or program are now well established.
However, in addition to developing a suitable framework and structure to manage risks, most organisations are faced with the challenge of how to implement this and maintain its effectiveness. The organisation must learn to develop a 'culture' in the organisation where people attend to risk and risk management as an integral part of doing business.
This case study looks into the risks that one business unit within an organisation exposed to; then goes into developing a risk management framework that hopefully get embedded into organisation's culture.
The organisation in this case study is actually the Professional Services or Delivery business unit of an international enterprise, XYZ. The organisation operates as a provider of software and systems enabling value-added services for voice, messaging, mobile Internet and mobile advertising; converged billing and active customer management; and IP communications.
XYZ has a typical corporate structure, comprising a board of directors, chief executive officer (CEO), executive management team and a number of business units.
The Delivery business unit is responsible for providing professional services to customers. Please refer to the Appendix for details on XYZ's Professional Services business model.
While the unit has enjoyed a healthy grow in the past number of years, one cannot ignore the fact that the entire process from pre-sales phase to post-delivery are exposed to risks. Despite this apparent exposure to risks, there is no formally risk management process in place.
That is not to say that the unit is ignorance to risks. Risks are treated at project level rather than at the unit level.
Risks from Begin to End
When XYZ receives an RFP document from a customer, in almost all cases, the customer expects the response including the point-by-point compliance to the requirements, a solution description and architecture, a project plan, a resource plan and price.
As a member of the tender response team, the Technical Lead is responsible for producing the high-level project plan, resource plan and a Delivery Commercials which will be used for pricing of the deal and planning of the project if and when the contract is awarded to XYZ.
In XYZ, Technical Lead is usually an experienced consultant, who climbed up the ladder through his/her years of project consulting. The Technical Lead uses his/her understanding of the required solution, coupled with his/her experience to estimate the effort and timeframe required to deliver such solution; thence cost to deliver.