Another couple of all day workshops this week. The Executive team (me and the 3 Assistant Directors) took ourselves off to do some work on a couple of important topics. First was Risk. managing risk is extremely important to us - deciding which risks we're prepared to take, which we need to mitigate, and which we can ignore. We need to keep and maintain a risk register, and have risk management plans in place. We've already done a lot of work in the department on this, but this was a chance for us to look at it in some detail. To get a fell for the type and range of risks we need to manage, we each came up with as many different risks as we could think of, using post it notes (of course). The we tried to group them into categories. Won't go into all the details, but the range of risks was very interesting - 'technical"risks were just one category out of about 13 including reputational, political, staffing, regulatory and supplier risks. We also mapped them onto a heat map - plotting impact against probability. Like this, which given the lack of things in the top right implied we were either complacent, or had our calibration wrong.
All fairly standard stuff in risk management terms, but we then used this to start to write a risk strategy, and identify risk management plans.
We spent the second day looking at our decision making process - what sort of decisions we take, where are they taken (and more importantly, where should they be taken), and how we can make the whole thing more transparent. Adopted a similar process and had a brainstorm of the types of decision we take - everything from where to go for the Christmas party to deciding our strategic priorities :-) Used this to categorise them, look at where they are and should be taken, and began to draw up a decision matrix.
More on both of the above later as we develop the ideas and share them with the department.