I’ve previously written about the need to adopt a risk management approach to the use of Web 2.0 services. This was something I started doing back in 2006, when I wrote a risk assessment page which covered use of a variety of Web 2.0 services which were used to support the IWMW 2006 event.
I’ve an interest in further developing a framework for the effective exploitation of Web 2.0 service and clearly the risks management approach should form an important part of such a framework. So I found it very useful to read the JISC infoNET Risk Management infoKit.
As pointed out in the introduction to this document “In education, as in any other environment, you can’t decide not to take risks: that simply isn’t an option in today’s world. All of us take risks and it’s a question of which risks we take“.
So we can’t avoid risk-taking. And yet the document suggests that public-sector organisations – which will include the educational sector – tend to be very risk averse, as shown in the spectrum of attitudes to risk-taking:
There is therefore a challenge which we need to face, especially if we are seeking to be innovative. And an important aspect of this challenge will be cultural change. Now many of the early adopters of Web innovations might feel that this view of being risk adverse isn’t applicable to them. But my interest is in mainstream adoption of innovative services and this requires a willingness to take risks associated with changes. And the document provides examples of people who are likely to be adverse stakeholders:
- People who fear loss of their jobs
- People who will require re-training
- People who may be moved to a different department/team
- People who may be required to commit resources to the project
- People who fear loss of control over a function or resources
- People who will have to do their job in a different way
- People who will have to carry out new or additional functions
- People who will have to use a new technology
So what should the early adopters and developers do if they wish to see innovations which they feel will benefit the organisation be adopted more widely? As the document points out “At the risk of labouring a very obvious point you don’t create risks by identifying them. You are simply revealing them so that you can do something about them”. So one thing we should be doing is being open about risks and failures (as I have done recently in describing the failure of Squirl and Pownce). But we should also be open about the failures of in-house developments and project work, too.
The JISC infoNET infoKit goes on to list five stages in its approach to risk management: risk identification; qualitative risk analysis; quantative risk analysis; risk response planning and risk monitoring and control. In further blog posts I intend to further explore approaches to risk management in a Web 2.0 context. I’d be interested to hear if anyone else is taking a similar approach within their institution.