image
Identify threats and opportunities [MOR4]

Theoretical activities within the process

Previously, you learnt about the Define the context and objectives process, and had the opportunity to test your understanding. Now, it’s time to focus on the process: Identify threats and opportunities.

As a reminder, there are eight processes; at the end of this step, you’ll be able to answer these questions:

  • What is the purpose of this process?
  • What are the objectives of this process?
  • What activities are performed in this process?
  • What documents support this process?
  • What are the key roles in this process?

Figure 1 illustrates the MoR4 integrated process framework, which you’ll already be familiar with.

 

The MoR4 integrated process framework, with the Identify threats and opportunities segment highlighted.

Figure 1: The MoR4 integrated process framework, with a focus on Identify threats and opportunities

Copyright: Copyright © AXELOS Limited 2022. Used under permission of AXELOS Limited. All rights reserved.

 

What is the purpose of this process?

The purpose for this process is to ensure that stakeholders share their perceptions of risks to the objectives. This will include both risk threats and risk opportunities.

What are the objectives of this process?

The objectives of this process are to:

  • Identify the known risks.
  • Consider both threats and opportunities.
  • Agree risk ownership.
  • Articulate risk to properly understand the risk cause, event, and effect.
  • Specify clear ownership and delegated limits of authority per objective.

These are all vitally important in achieving the overarching goal to identify threats and opportunities.

What activities are performed in this process?

The activities involved in this process are to:

  • Identify opportunities.
  • Identify threats.
  • Agree risk owners.
  • Describe risk.

What documents support this process?

There are three documents that support the identify threats and opportunities process.

1. Risk register (completed at the end of the process)

This document records those uncertain events that would impact on one or more objectives. The high-level content contains the following:

  • Unique identifier
  • Date identified
  • Risk description (cause, risk event, impact on objective)
  • Risk owner
  • Risk type or category (where a risk taxonomy has been used as a prompt list)

2. Issue register (where one exists)

This document records issues and the impact on objectives if not managed. It is useful to consider if issues cause new risks. The high-level content contains the following:

  • Unique identifier
  • Issue description
  • Impact on objectives if not resolved
  • Issue owner
  • Actions to resolve (ideally costed)
  • Relevant dates

3. Decision register (where one exists)

This document records decisions made at governance boards, providing an audit trail of decisions and their underpinning rationale. It is useful to consider if decisions cause new risks. The high-level content contains the following:

  • Unique identifier
  • Decision description
  • Options considered
  • Choice made and rationale
  • Decision owner
  • Relevant dates

What are the key roles for the process?

So, who does what in this process?

Using a chart, like the one shown below, will help you and others clearly see who is involved and what role they play in this process.

Figure 2 illustrates the RACI diagram for the identify threats and opportunities process.

RACI diagram. It presents a list of key roles in the first column followed by the six perspectives, each in a separate column containing involvement indicators.

Figure 2: RACI diagram for identify threats and opportunities process

Copyright: Copyright © AXELOS Limited 2022. Used under permission of AXELOS Limited. All rights reserved.

Remember that within a strategic perspective, the board members/trustees would be accountable, while the executive management/change managers would be responsible. Risk owners and risk action owners would need to be informed, while risk specialists and other stakeholders would need to be consulted.

 

Reflection

Based on the TaxDept scenario below, identify three risks. Ensure you articulate each risk by linking the risk cause, event and effect.

The TaxDept scenario runs the digital transformation programme (DTP) for two years and has planned three more years of development to realize outcomes of benefit. The TaxDept company has identified this programme as mission critical and the risks of missing the deadline it has imposed.

The change the DTP programme will offer, if successful, is strategically important, and the company is running a tight risk management process to ensure that value is protected. The objective is a successful DTP programme.

Adventure awaits

Time now to hear from one of QA’s experts about the techniques that can be used to support this process.

When you’re ready, select Next to continue.

Difficulty
Beginner
Duration
21m
Students
34
Ratings
3/5
Description

In this Course, you’ll learn about the second step in the MoR4 process cycle: Identify threats and opportunities and its framework. You’ll look at the purpose, objectives, theoretical activities, supporting documents, and the key roles in this process.

About the Author
Students
43862
Labs
168
Courses
1745
Learning Paths
45

A world-leading tech and digital skills organization, we help many of the world’s leading companies to build their tech and digital capabilities via our range of world-class training courses, reskilling bootcamps, work-based learning programs, and apprenticeships. We also create bespoke solutions, blending elements to meet specific client needs.