Use of Risk Maturity Model to Benchmark Project Health, 26 May 2016

Save for later


Posted by APM on 7th Jun 2016

Atkins were the host of this event at their Hub Offices, Aztec West, Bristol. Our speaker, Mark Lee, is a Principal P3M Consultant at QinetiQ. His presentation focussed on how maturity in risk management can assist with successful project delivery, to time and cost.

Mark introduced the principles of risk maturity assessment and why it is important to control schedule and cost.  National Audit Office, (NAO), data from MoD projects showed that where risk maturity was uncontrolled, average schedule overruns were 56% compared with only 4% where risk maturity was at level 3+, and for cost  8% overruns compared to 3% under spend.  Risk maturity can help protect an organisation’s reputation and avoid lurid headlines in the media about project failure.  A prime cause of project failure is the failure to define risks and opportunities.  The key point is that we have to get better at managing risk.

Uncertainty is an inherent characteristic of all projects. Customers change their minds, which can impact both schedule and cost, and things just go wrong.  No matter how good it is, no plan survives contact with the enemy for very long.  In an attempt to control Defence projects, the Defence Reform Act, was introduced in 2014. This introduced a regulatory framework for pricing of all single source contracts. Prices have to be backed up with robust evidence that people have confidence in.  Confidence is a major driver for human behaviour and decision making, and for projects, this often means confidence in our ability to manage the inherent uncertainty.

Tools, such as the QinetiQ Risk Maturity Model, (QRMM), can help provide a level of confidence in a project’s ability to manage uncertainly: both risk and opportunities. Use of QRMM establishes an independent, objective and evidence-based baseline measure of risk maturity. It can identify both strengths and weakness in risk management, and it can be used as a benchmark against others. It can provide a level of confidence in the quality of underpinning data, e.g. for business cases.  Mark provided a comparison between QRMM and other common risk maturity models.

QRMM is a maturity framework covering 6 risk management perspectives: Risk Identification; Risk Analysis; Risk Mitigation, Project Management; Stakeholders; Culture. It has 4 levels: 1. Naive, 2. Novice, 3. Normalised and 4. Natural.  Level 3, Normalised, represents an acceptable level of maturity. Examples of indicators for the 4 levels were discussed. 

The assessment process is based on 50 questions over the 6 perspectives and starts with a documentation review to identify evidence. This is followed by a facilitated risk maturity assessment workshop with key stakeholders. A system of anonomised electronic voting is used to ensure a robust unbiased assessment using the Delphi technique. The results are analysed and the results reported, including the benchmark maturity level, L1-L4. Finally, prioritised recommendations are made for an improvement plan to improve the risk maturity level.

Mark then discussed several case study examples to highlight the benefits of the QRMM approach.

In summary, there is inherent uncertainty in all projects and programmes and controlling risk management maturity is a key enabler for ensuring successful project delivery. Risk management maturity assessment tools, such as QRMM, can increase confidence in how a projects risk management approach is effectively managing uncertainty. 

The presentation slides are available on the APM web site.

Martin Gosden
SWWE Branch Chairman

Comments on this site are moderated. Please allow up to 24 hours for your comment to be published on this site. Thank you for adding your comment.

{{item.AuthorName}} {{item.AuthorName}} says on {{item.DateFormattedString}}:

Share this page

Recommended events

Recommended blogs

Recommended news

Save for later


Southwest PM Flashmob held at George's Meeting Place, Exeter

29 September 2017

Following an earlier APM event held in Exeter (Avoiding conflict before it arises) several of us met on 7 September 2017 and chatted about the possibility of trying out a different, more informal type of event. Although APM regularly hosts talks, usually in Bristol and Plymouth, that do allow for networking opportunities we felt that an alternative format and venue could attract a different audience with more space for interaction.

Save for later


Join APM

Sign up to the APM Newsletter.