A Collaborative System is an information system used to facilitate efficient sharing of data, documents, files, information, and knowledge between teams and employees in an organization.
The probability that an unwanted incident occurs causing any kind of loss to a company is known as risk. In Collaborative Risk Management (CRM), the employees across the company collaborate seamlessly to determine and manage risks on a regular manner.
The basic duties of CRM are as follows −
To promote adherence to standards and best practices (through consultancy and review) in fashion.
To ensure a level of confidence in the stated technical approach such that the time and costs estimated are not undermined by radical changes during the project delivery phase.
To ensure clear, specific, and appropriate information is available to allow business execution teams to complete their planning with respect to the given time bounds and costs.
The CRM approach implies that risk management function invokes in the entire lifecycle of the product. In each of these phases, the CRM risk function is essential for assessing and addressing risks.
In this phase, new ideas are entertained as well as invited by anyone from the company and are documented in a Business Proposal ready for assessment.
Ideas are filtered and selected on the basis of strategic alignment, business value, and executive risk.
The risk management team works with the Business planning teams that conduct SWOT (Strengths, Weaknesses, Opportunities, and Threats) analysis for the new project considering strategic alignment and business value of the idea.
Major areas addressed under the weaknesses and threats sections are the different risks posed to the product / solution idea.
At the end of this phase, the proposal is reviewed thoroughly at the Idea Approval Checkpoint. This checkpoint acts as a filter and forwards only those proposals which have been passed to pursue.
The result of this checkpoint will be pass / fail. Risks to the project / product or solution that are identified and evaluated are essential components in the go-no-go decision-making process.
After the Business Proposal is passed, a collaborative management team is created for the project that includes risk management responsibilities.
After the Proposal is approved and passed through the Idea Approval Checkpoint (at the end of the Idea Generation phase), a Product / Solution Owner is assigned to design the product / solution plan, describing it in more detail.
The output of this phase is a viable Product / Solution Plan. The plan is further reviewed followed by an acceptation or rejection at the Project Initiation Checkpoint.
The purpose of this checkpoint is to confirm that the business proposal is still viable.
During this phase, the role of the CRM team is to have a thorough study regarding the product landscape in the context of the organization’s environment and determine various risks the product faces so that these can be factored in the plan.
During this phase, the deliverables are defined with thorough detail regarding the product so that it can be developed further. Basically, a project plan is produced that describes the overall schedule and critical path.
In this phase, the business owners and the CRM team work collaboratively to address compliance with commercial, technical, and services governance policies.
During this phase, the CRM Team is accountable for the go-no-go decision of the ‘Project Architecture’.
During the Definition phase, the product plan is designed with details from the project plan that defines how the Commitment Checkpoint reviews the work during the Definition phase to check whether the product is ready to move into the delivery phase with all the risks identified in consultation along with the CRM team.
Additionally, it also confirms that the business proposal remains viable as well as feasible.
During this phase of the product lifecycle, the main deliverables are produced and the product is handed over to the working teams.
The end of the Delivery phase is highlighted by a Fitness for Launch Checkpoint.
This is the checkpoint when the project transforms from delivery to deployment.
During this phase, CRM ensures that risks in all major deliverables are addressed prior to the launch of the product. These deliverables includes a variety of elements like product, infrastructure, content, administration, systems, and processes.
A Fitness for Launch Risk Review is set up in a collaborative setting, the output of which is recorded in the CRM Scorecard.
This Scorecard indicates the concerns as well as the queries related to unresolved technology standards, misalignment, or any other significant levels of risk.
The function of this Fitness checkpoint is to confirm that the proposition is functional, scalable, stable, and ready to be presented to clients and that all the risks represented by CRM Scorecard have been addressed effectively.
During this phase, the product is handed over from the operational groups who have specified, developed and tested it to those who have to sell, administer, support, operate, and maintain it.
This phase includes Ready for Revenue Generation Checkpoint.
At the stage of Ready for Revenue Generation Checkpoint, the CRM team gives the approval that the product can be sold, administered, and supported in a target region without putting the organization at risk.
It confirms that the product is up to the agreed performance targeted in the production environment, is free from any significant known risks, and is ready to be supported on general release.
In this phase, the CRM team is responsible to review risks associated with the product in an ongoing manner.
During this phase, products that are no longer feasible or viable are retired or replaced with products that better support the organizational strategy.
It includes Closure Checkpoint.
The purpose of the Closure checkpoint is to formally confirm that the product has achieved its end of life. It confirms that all product vestiges have been eliminated, and no corporate resources remain allocated to its support, maintenance, or further enhancement.
The following illustration depicts CRM phases −
The CRM approach offers several advantages which are discussed below.
Shared ownership − Greater ownership is fostered among teams to understand and address risks.
Decentralized implementation − The risk assessment and management function works across the company in a decentralized manner wherein working teams across the major functions of the company implement it in collaboration with the CRM team.
Optimal resource utilization − Since the CRM team works with active working teams from the beginning, risks are identified and addressed before they actually emerge. Hence resources get utilized in an optimum manner.
Leveraging of consumer’s understanding of the domain − In this approach, the management is assured that risks are being looked at from the requisite diverse perspectives and most key risks are addressed by the time the product comes up for a launch. Once eradicated, a periodic review ensures that new emerging risks are identified early enough to be attended before they become disasters
How do we tackle enterprise risks in a corporation where all of the risk management functions are dispersed in differential line management? Yes, the ideal solution is to create a Collaborative Risk Management team. A CRM can be created in the following ways −
There is a risk of the information flow being one way, and this is usually the case at the beginning. However, as the discussion continues over time, the information flow gradually becomes two ways. For example, you may start with a weekly global meeting with Facilities, Business Continuity and monthly meeting with Information Security and Compliance.
As a part of our "doing-more-with-less" strategy, we look for opportunities to work together on joint-awareness programs. For example, customers of a company don't separate physical security from information security, as they both are equally important. Thus, working jointly on a security awareness program often leads to greater points of collaboration.
Reaching the heads of risk management functions to ascertain interest involving in an informal working group to share information and prioritize on a monthly basis.
Ground rules are established for participation around confidentiality.
A quick survey is done on the leaders of the functions on the gaps or threats they are most concerned with.
Taking a lead in this area will solidify the leader as an influence in the group. Further, the group is persuaded with the benefits of formalizing it around an enterprise risk management program.