Wide World of Sports Risk: An Undertaking as Large as the Winter Olympics Takes Years of Planning and Coordination. for the 2010 Vancouver Games, the Organizers Used Enterprise Risk Management to Ensure Everything Ran Smoothly
Hackett, Janice, Narvaez, Kristina, Risk Management
The world got its first look at the 2010 Winter Olympics in Vancouver during its majestic Opening Ceremonies on February 12, 2010. But as the organizers know, preparations for that day--and for everything else that transpired over the next 16 days as 258 medals were awarded--had been underway for more than a decade. Since the formation of the Vancouver Bid Society in 1998 in an attempt to bring the 2010 games to Canada, something the city won in 2003, the main objective of elected leaders and government officials was to ensure that all Olympics-related functions, services and programs were ready on time and within budget.
From the outset, they recognized the value of monitoring preparedness through an enterprise risk management (ERM) lens, asking the Risk Management Branch and Government Security Office (RMB) to lead the 2010 Winter Olympics Games ERM program on behalf of the provincial government. In the process, the Olympics risk initiative became the largest coordinated ERM effort undertaken by the province to date.
The RMB project team, which included Todd Orchard, Chris MacLean and Sharon White, compiled, collated and analyzed risks identified by dedicated staff within 29 provincial ministries, Crown corporations and central agencies. Together, they produced biweekly reports for ministry executives and financial oversight bodies and participated in weekly consultations with the Olympic Game Secretariat in its role as provider of project management oversight of the province's infrastructure and cultural commitments. They also liaised periodically with the Vancouver Organizing Committee (VANOC), which ran its own extensive and sophisticated risk management regime.
Illustrating the complexity of the endeavor, the reporting provided a rolled-up view of more than 300 risks and 400 mitigation activities. This process brought attention to critical vulnerabilities and created a mechanism to prioritize issues that required further action by the myriad government officials involved in the process.
According to Orchard, RMB was able to administer such a complex program by beginning with a clear understanding of the objectives. "All risk management efforts should link the goals and objectives of the organization to an event, project or program," he said.
The decision to focus first on objectives, before considering the risks was the key to the whole endeavor and resulted in two deviations from the way risk management had previously been handled in British Columbia. The first difference was to depart from the typical risk identification categories such as financial, reputational and legal. Instead, ministry officials were asked to organize their risks with regards to the province's core objectives, which included providing services for the games (e.g., food and water safety inspections to venues), creating Olympics-related programs (e.g., risks to community celebrations, business hosting activities), and delivering normal government service to citizens (e.g., child welfare). Instead, of starting with a risk category, they started with an objective--the service that they needed to provide--and later decided how it could be best categorized. From a risk perspective, this was a vital distinction.
The second difference was a move away from the more conventional "cause-and-effect" risk statement to a format that identified and separated the distinct elements of risk into risk event, cause and impact. Many of the initial cause-and-effect risk statements missed tying the risk to an objective, leaving officials to ask "so what?" If organizers cannot see how the risk could prevent them from achieving a specific purpose, it becomes difficult to establish why it is worth managing. But by using an "event, cause, impact" risk statement, objectives were explicitly incorporated into risk identification, allowing for an easier understanding of severity and a more natural progression to mitigation strategies. …