I had some interesting discussions with a client about Change Management the other day. There was considerable focus around the risk matrix; after all, the risk of a change dictates approval flow….change is about managing risk right?
From a change management perspective, maximizing positive risk is focused on acceleration and velocity. In order to do this, we need proven repeatable procedures. Building a library of proven change models will not only provide higher quality (via repeatability), but a rich source of information for automation that can further increase velocity (and time to value). Standard changes are an easy and logical place to start building this library.
The focus on minimizing negative risk, and a desire to perfect the risk matrix, can divert attention to the process. Don’t get me wrong, we do want a consistent way to assess risk across all stakeholders, but tuning the risk matrix will not build repeatability into the process and will not by itself reduce risk.
It’s the actions taken by change management practitioners – change managers, CAB Members and change analysts – that can increase the velocity of change while reducing risk. This is accomplished by fine-tuning a library of predefined procedures for known types of changes.
So if the powers that be seek to slow the process down by formally reviewing more and more changes, don’t focus on the risk matrix — at the end of the day the powers that be will decide what needs to be reviewed (think change freeze, major incidents) and it won’t matter what the risk matrix looks like.
The risk matrix is a guide that should direct all staff to do look at how changes can be more effectively modeled. As the library of repeatable changes increased, as automation is enabled, risk can be managed at higher velocities. Start with standard changes and move up from there; the risk matrix is likely to take care of itself.