What has your organization learned about risk management over the years? Probably more than you think! As an organization matures, people learn and collect valuable information about managing risks… information and assets that can be leveraged while institutionalizing a powerful risk management capability. As a learning organization, you can and should apply your risk management lessons learned and historical data to build an effective organizational risk management strategy.
This presentation discusses how to use your organization’s risk management experiences to develop a CMMI Level 3 compatible risk management process. It discusses the differences between CMMI Level 2 risk management (which consists of just two specific practices PP SP2.2 and PMC SP1.3) and the Level 3 risk management process area which calls for an organization wide comprehensive risk management strategy. A formalized risk management process will be received better if it is based on real data from your organization, as opposed to a methodology copied from another, perhaps dissimilar organization.
A step-by-step approach for transitioning from Level 2 to Level 3 risk management is provided. The steps given are not tool specific and can be used in any size organization to move risk management to the next level and provide useful improvements even if your organization is not pursuing a CMMI maturity or capability level rating.