Identifying Risk Management Training Requirements

The risk manager’s task in present day environment is to build risk awareness within the organization at all the levels. To proactively address risks, the risk managers need to provide risk management training to the business operations team. The challenge with the risk managers is to determine the requirements and level of the training, and the population size.
In some organizations standard risk management training models are provided to the business operations team. The problem with this approach is that it does not consider the awareness and knowledge level of the participants. The approach is one size fits all. The negatives of this approach are:  

  • Trained resources maybe provided basic level training repeatedly, thus resulting in unnecessary expenditure.
  • Beginners maybe provided standard level training, which they might find difficult to grasp and implement.
  • There is no process for improving the knowledge level of the resource to make them fully competent.
  • The organization as a whole does not have an estimate on the knowledge level of the resources on risk management practices. The organization assumes that all have an understanding and are equipped to deal with it.


The risk management team needs to identify the training needs of employees.  The Four Stages of Learning Model developed by Abraham Maslow may be adopted to determine the training needs. The model evaluates on two parameters- competency and consciousness. The adjacent diagram depicts the four stages of learning. In the following section I am explaining how the model may be used to identify employees in different stages of learning.  

Let us take a scenario of an information technology company, with employees at different levels of awareness and training for risk management.  

Stage 1: Unconscious Incompetence  

The individual neither understands nor knows how to do something, nor recognizes the deficit, nor has a desire to address it  

 Case I: A young graduate joins the organization’s software development team. He/she has no prior knowledge or experience in software development risk management processes. The developer does not have an understanding that he/she is missing a critical component of software development process, and hence is not focused on obtaining training on the same.  

Stage II: Conscious Incompetence  

Though the individual does not understand or know how to do something, he or she does recognize the deficit, without yet addressing it.  

 Case II: The software developer on familiarizing himself/herself with various software development best practices models is aware of the fact that risk management of the project should be done. He/she knows the three critical components of the project- cost, time and quality, risks should be addressed. However, since the developer does not have any knowledge of the risk management processes, no steps are taken to actively reduce the software development risks.  

 Stage III: Conscious Competence  

The individual understands or knows how to do something. However, demonstrating the skill or knowledge requires a great deal of consciousness or concentration.  

 Case III: The software developer uses a risk management matrix which allows him/her to check the likelihood of a specific risk occurring in his/her project and develop a risk mitigation plan. There is a rating and solution model attached in case a risk does occur. A process is available on how to deal with cost, time and quality problems alongwith the escalation matrix.  In this scenario the developer is educated regarding software development risks and knows how to deal with the various risks.  

Stage IV: Unconscious Competence  

The individual has had so much practice with a skill that it becomes “second nature” and can be performed easily (often without concentrating too deeply). He or she may or may not be able to teach it to others, depending upon how and when it was learned.  

Case IV: The software developer is experienced in software development program management. He/she understands the risk management requirements, process and mitigation plans. With extensive knowledge and experience on the subject, the program manager is able to easily address the risk management issues of the program as it is second nature to him/her. He/she also provides training and guidance on the subject to the newcomers and junior managers.  

 The above approach enables segregating the total population in four groups depending on their competency and consciousness levels. Using this approach, the risk management team can build training programs for beginners, learners, managers and experts. The process is as follows:  

Training Population


  • To identify the population the risk management team can develop a web-based technical skills matrix. The matrix should contain the competencies and attributes required for the four levels.
  • The employees should then be asked to do a self assessment of risk awareness using the technical skills matrix. The population will get segmented into four groups. This will enable the risk managers to provide focused training to the groups.
  • A training deployment strategy should be formulated which covers the content and the number of hours of training to be provided for each level.
  • Risk managers can determine the progress of the group from stage I to IV. For the purpose of effective risk management majority of the population should be in stage III and IV. This performance indicator will help in assessing the capability of the organization for managing risks.

 In nutshell, training business operation resources provides the key to mitigating risks efficiently and effectively. All efforts should be made to identify the training requirement and population. Providing proper training is the basic building block for successful risk management.  

 I hope this article is useful for drawing a baseline map for training. Please share your stories on how your organization is providing risk management training to employees.