Risk management in the Tactical Level is without any doubt a very tricky task because it deals with operational risks as well as strategical ones. All tasks on this level must align between bot sides and manage the risks accordingly. An additional challenge is the appropriate coordination and communication between all level and stakeholder. Major tasks are the aggregation and assessment of risk from the operational level, defining of measures and mitigation actions for the overall project, escalation to the strategical level and, the mist tricky one, understanding and applying of risk thresholds that are defined on the strategical level.
Identify and Analyse
For each potential risk, the probability of the risk arising and its potential impact on the project must be assessed and documented. Ultimately, the aim of risk assessment is to manage the most serious risks by eliminating them altogether or reducing them to an acceptable level. As much as possible, risk assessment should be based on tangible facts.
The risks should then be categorized and prioritized, with the high priority risks being the subject of regular review by the Tactical Level to ensure that they are fully considered. Care should be taken to confirm that any new risks, which may have evolved since the last assessment, have been captured. The status of existing risks should also be carefully monitored and updated in the risk log. The risk management is shared responsibility of all members of the Tactical Level as well as the operational leads.
Record and Manage
All identified and verified risks are recorded in a “Risk Tracker”. There will be a risk owner for each item who is responsible for monitoring the risk. The PMO should maintain the accessibility and consistency of this tracker.
A “Subsequent Risk Assessment” should be done on a regular basis. During this task the operational risk captured in the tracker will be assessed. All risks that require any attention on the Tactical Level must be assigned to a role. Then, the risks in the tracker will be assessed and if necessary changed or closed.
Risks that might have an influence on the Stratecigal Level will be marked and recorded in the tracker, too. These risks must be discussed in an Internal and/or External Steering Committee. The Tactical Level is responsible for these risk until they are handed over to the Strategical Level.