| The risk manager's task in present day | | | | Stage III: Conscious Competence |
| environment is to build risk awareness within the | | | | The individual understands or knows how to do |
| organization at all the levels. To proactively | | | | something. However, demonstrating the skill or |
| address risks, the risk managers have to provide | | | | knowledge requires a great deal of consciousness |
| training of risk management to the business | | | | or concentration. |
| operations team. The challenge with the risk | | | | Case III: The software developer uses a risk |
| managers is to determine the requirements and | | | | management matrix which allows him/her to |
| level of the training, and the population. | | | | check the likelihood of a specific risk occurring in |
| | | | | his/her project and develop a risk mitigation plan. |
| In some organizations standard his risk | | | | There is a rating and solution model attached in |
| management training models are provided to the | | | | case a risk does occur. A process is available on |
| business operations team. The problem with this | | | | how to deal with cost, time and quality problems |
| approach is that it does not consider the | | | | alongwith the escalation matrix. In this scenario |
| awareness and knowledge level of the | | | | the developer is educated regarding software |
| participants. The approach is one size fits all. The | | | | development risks and knows how to deal with |
| negatives of this approach are: | | | | the various risks. |
| - Trained resources maybe provided basic level | | | | Stage IV: Unconscious Competence |
| training repeatedly, thus resulting in unnecessary | | | | The individual has had so much practice with a skill |
| expenditure. | | | | that it becomes "second nature" and can be |
| - Beginners maybe provided standard level | | | | performed easily (often without concentrating too |
| training, which they might find difficult to grasp | | | | deeply). He or she may or may not be able to |
| and implement. | | | | teach it to others, depending upon how and when |
| - There is no process for improving the | | | | it was learned. |
| knowledge level of the resource to make them | | | | Case IV: The software developer is experienced |
| fully competent. | | | | in software development program management. |
| - The organization as a whole does not have an | | | | He/she understands the risk management |
| estimate on the knowledge level of the resources | | | | requirements, process and mitigation plans. With |
| on risk management practices. The organization | | | | extensive knowledge and experience on the |
| assumes that all have an understanding and are | | | | subject, the program manager is able to easily |
| equipped to deal with it. | | | | address the risk management issues of the |
| | | | program as it is second nature to him/her. He/she |
| The risk management team needs to identify the | | | | also provides training and guidance on the subject |
| training needs of employees. The Four Stages | | | | to the newcomers and junior managers. |
| of Learning Model developed by Abraham Maslow | | | | The above approach enables segregating the |
| can be used to determine the training needs. The | | | | total population in four groups depending on their |
| model evaluates on two parameters- competency | | | | competency and consciousness levels. Using this |
| and consciousness. The adjacent diagram depicts | | | | approach, the risk management team can build |
| the four stages of learning. In the following section | | | | training programs for beginners, learners, |
| I am explaining how the model can be used to | | | | managers and experts. The process is as follows: |
| identify employees in different stages of learning. | | | | Training Population |
| Let us take a scenario of an information | | | | - To identify the population the risk management |
| technology company, with employees at different | | | | team can develop a web-based technical skills |
| levels of awareness and training for risk | | | | matrix. The matrix should contain the |
| management. | | | | competencies and attributes required for the four |
| Stage 1: Unconscious Incompetence | | | | levels. |
| The individual neither understands nor knows how | | | | - The employees should then be asked to do a |
| to do something, nor recognizes the deficit, nor | | | | self assessment of risk awareness using the |
| has a desire to address it | | | | technical skills matrix. The population will get |
| Case I: A young graduate joins the organization's | | | | segmented into four groups. This will enable the |
| software development team. He/she has no prior | | | | risk managers to provide focused training to the |
| knowledge or experience in software | | | | groups. |
| development risk management processes. The | | | | - A training deployment strategy should be |
| developer does not have an understanding that | | | | formulated which covers the content and the |
| he/she is missing a critical component of software | | | | number of hours of training to be provided for |
| development process, and hence is not focused | | | | each level. |
| on obtaining training on the same. | | | | - Risk managers can determine the progress of |
| Stage II: Conscious Incompetence | | | | the group from stage I to IV. For the purpose of |
| Though the individual does not understand or | | | | effective risk management majority of the |
| know how to do something, he or she does | | | | population should be in stage III and IV. This |
| recognize the deficit, without yet addressing it. | | | | performance indicator will help in assessing the |
| Case II: The software developer on familiarizing | | | | capability of the organization for managing risks. |
| himself/herself with various software | | | | In nutshell, training business |
| development best practices models is aware of | | | | operation resources provides the key to |
| the fact that risk management of the project | | | | mitigating risks efficiently and effectively. All |
| should be done. He/she knows the three critical | | | | efforts should be made to identify the training |
| components of the project- cost, time and | | | | requirement and population. Providing proper |
| quality, risks should be addressed. However, since | | | | training is the basic building block for successful |
| the developer does not have any knowledge of | | | | risk management. |
| the risk management processes, no steps are | | | | I hope this article is useful for drawing a baseline |
| taken to actively reduce the software | | | | map for training. |
| development risks. | | | | |