Risk Management Improvement for a Portfolio
The client and what they needed
The Defence portfolio provides the technology for people working in Defence to perform their jobs safely and securely. Covering Official and Secret domains, it provides more than 200,000 users with a wide range of platforms, devices, tools, and support. The portfolio’s risk profile and risk exposure are complex and large-scale.
Risk management in the portfolio was not aligned with JSP892 processes and procedures, and project and risk professionals were not engaged with the risk management process. The portfolio needed to uplift and transform its risk management landscape with both wide-scale and targeted interventions in order to manage its transformational and operational activities more effectively.
The solution
Hand and Millar (H&M) embedded themselves in the portfolio integration office to ensure the business function approach aligned to the wider organisation risk requirements. H&M assessed the current situation; assured the existing risk data sets; uplifted and introduced a risk management plan; and trained staff. H&M's risk SMEs applied risk management methodologies and techniques to advise the portfolio team on how best to establish a process that ensured a clear and shared understanding of the risk management requirements was established between the user, supplier, and delivery agent. This was achieved by ensuring the portfolio team focussed on:
Vertical coherence
H&M identified the activity leads throughout the portfolio to establish the appropriate point of contact for each activity in operation or in flight for identifying, assessing, reporting, and managing risk. We engaged with external teams to understand the requirements laid out in JSP892. H&M produced and delivered a bespoke risk management plan which aligned portfolio risk management to the core processes, principles, and processes of the HLB.
Horizontal coherence
The portfolio plays a pivotal role in equipping staff across MOD with secure and up-to-date services. H&M ensured the portfolio began to take a holistic view by ensuring that risk requirements were considered and understood across all portfolio activities. This helped to establish a firm understanding of risk management and to inform strategic reporting into key governance boards such as the Portfolio Management Board.
Temporal coherence
Programme- and project-level approaches have an impact on the portfolio's capabilities. H&M managed these relationships to avoid gaps, overlaps, and ensure that the right risk management solution would be delivered at the right time. H&M ensured that when baselining risk, projects and programmes understood where these constraints impacted on capability delivery, what risks these impacts imposed, and how the technology roadmap would be affected by cumulative risk.
The benefits
H&M helped the portfolio reach an agreed position on the intent and level of compliance for risk management. This removed ambiguity from the risk management process and introduced a policy-supported consistent approach. By using assurance to identify where non-compliance, conflict, and contradiction existed, H&M enabled the portfolio to agree and execute a collaborative plan to fill gaps, resolve conflict, and put in place effective risk mitigation.
The assurance, improvement, and review cycles H&M introduced allowed the project and programme teams within the portfolio to better understand where risk was being introduced, and had the additional effective of supporting the identification and management of dependencies and assumptions.