Culture and Stakeholder Management
Establish a risk aware culture. Motivate and secure stakeholder support, buy-in, and ownership of key risk management initiatives.
Improvement Planning
Practices-Outcomes-Metrics (POM)
Representative POMs are described for Culture and Stakeholder Management at each level of maturity.
- 2Basic
- Practice
- Begin to raise awareness of how risk management activities contribute to the organization's objectives and begin to offer incentives/rewards for achievement of those objectives.
- Outcome
- There is emerging visibility of how risk management activities and the achievement of strategic objectives may be linked.
- Metrics
- % of employees with awareness of how risk management contributes to strategic objectives.
- % of employees receiving incentives/rewards.
- Practice
- Provide senior IT management support for a number of key risk management activities.
- Outcomes
- There is growing commitment by IT senior management to improving risk management practices.
- Broader stakeholder buy-in and ownership of risk management activities are emerging as a result of visible managerial sponsorship.
- Metrics
- % of senior IT management who sponsor risk management initiatives.
- % of senior business unit management who sponsor risk management initiatives.
- % of risk management initiatives with adequate sponsorship.
- 3Intermediate
- Practice
- Promote a common understanding across most areas of how risk management activities contribute to the achievement of strategic objectives and consistently incentivize achievement of those objectives in those areas.
- Outcomes
- Awareness of the importance of risk management and acceptable behaviours grow among individual employees.
- Many employees are better motivated to support the realization of objectives.
- Metrics
- % of employees with awareness of how risk management contributes to strategic objectives.
- % of employees receiving incentives/rewards.
- Practice
- Provide senior IT and business management sponsorship for risk management activities.
- Outcomes
- Fundamental sponsorship requirements for risk management are in place.
- Employees in most areas demonstrate strong buy-in, ownership, and commitment to risk management activities, and are motivated to contribute to them.
- Metrics
- % of senior IT management who sponsor risk management initiatives.
- % of senior business unit management who sponsor risk management initiatives.
- % of risk management initiatives with adequate sponsorship.
- 4Advanced
- Practice
- Promote organization-wide understanding of how risk management activities contribute to the achievement of strategic objectives, and incentivize achievement of those objectives across the organization.
- Outcome
- Employees across the organization are fully aware of the importance of risk management and are strongly committed to working together to realize objectives.
- Metrics
- % of employees with awareness of how risk management contributes to strategic objectives.
- % of employees receiving incentives/rewards.
- Practice
- Establish organization-wide senior management sponsorship, and empower and encourage desired employee behaviours for risk management.
- Outcomes
- Employees across the organization demonstrate strong buy-in, ownership, and commitment to risk management activities.
- The activities are universally recognized as underpinning the success of broader organization-wide activities.
- Metrics
- % of senior IT management who sponsor risk management initiatives.
- % of senior business unit management who sponsor risk management initiatives.
- % of risk management initiatives with adequate sponsorship.
- 5Optimized
- Practice
- Proactively collaborate with relevant business ecosystem partners to help realize strategic objectives through undertaking risk management activities.
- Outcome
- Risk management activities are regarded as being part of everyone's job, both within and external to the organization.
- Metric
- % of employees with awareness of how risk management contributes to strategic objectives.
- Practice
- Encourage formal sponsors to continually review the status of risk management initiatives for further improvement opportunities.
- Outcome
- Senior management is fully engaged in driving risk management activities.
- Metric
- Frequency of review cycle.