HVR Consulting Services Banner  
Business Assurance Information
Risk Maturity ModelsRisk Maturity Models FAQRisk Maturity Models Case Study
 
Business Assurance Home
Business Assurance Publications Papers
Contact Us
Links To HVR Sites
Business Assurance Services
Due Diligence
Risk Maturity Model
Risk Management
Monte Carlo Analysis
System Dynamics
Project Portfolio Management
Risk Tools
Business Continuity
Independent Safety Authority
Governance Of Project Management
Risk Training
Proposal Scrutiny
 
Risk Maturity Model Example

The Risk Maturity Model

In 2002, the UK MoD Defence Procurement Agency (DPA) commissioned HVR to conduct a full programme of risk management capability assessments for the Integrated Project Teams (IPTs) responsible for its thirty major military equipment acquisition projects. The total acquisition value of these projects is approximately £60 billion. The projects affect all three armed services and include Eurofighter, Bowman, CVF and the Astute class submarines.

The DPA had identified a need to measure risk management capability when it recognised that project approvals had been achieved on a number of projects on which risk had subsequently proved to be too high. As a result, the proportion of projects exceeding their envelope of cost and/or schedule estimates was higher than forecast. The implications were that either risks were not being adequately managed following project approval or that the risk assessments provided at project approval decisions were not realistic.

The HVR Risk Maturity Model (RMM) was used to assess the risk management capability of each major IPT. Following each assessment the IPT received a short report summarising the findings and identifying key actions for improvement. A small proportion of IPTs were found to already be at RMM Level 4. These teams were used by the DPA as points of contact for other teams to learn from.

Risk Maturity Model Picture

As the number of assessed IPTs grew, a number of insights emerged that were important at a corporate level. In particular, some process areas started to emerge as being common points of weakness. An early example of this was evidence of weaknesses in the models used for quantitative analysis; weaknesses that were particularly significant in the context of the strategic approach to project approvals. Common areas of weakness amongst IPTs were tackled with corporate level corrective responses.

Early assessments were also used to transfer audit skills from HVR to the DPA’s own risk management specialists. As a result, most MoD assessments are now conducted by DPA internal staff. Risk Maturity Assessments are also used to provide assurance as to the integrity of risk data at key corporate governance points. Since April 2004 it has been the DPA’s policy that any Category A, B or C project (£20 million +) must have a risk maturity level 3 capability prior to seeking “Main Gate” approval.
HVR Consulting Services Limited, Selborne House, Mill Lane, Alton, Hampshire, GU34 2QJ. United Kingdom
©2005 All Rights Reserved
Home