Risky business – How we manage risks
October 15, 2019
Working with different clients you see lots of different methods of managing risk, and we always get asked our opinions. So I thought we should share how we manage risk on our internal projects.
Here at Siso we use both the ROAM and RIDA methods combined.
What is ROAM?
ROAM is a method for managing risks that categorises them based on their status. The traditional acronym stands for:
- R – Resolved – The risk has been eliminated or is no longer a problem
- O – Owned – The risk has been assigned to someone and has not been resolved
- A – Accepted – The risk can not be resolved and it has been agreed that no action needs to occur
- M – Mitigated – An alternative has been found to stop the risk from occurring
We however don’t use Owned. We instead use Open.

The reason for us using Open is that we believe all issues should have an owner. Otherwise, what happens if a mitigated risk doesn’t fully help, or a resolved risk reappears. Who looks after it? What is the escalation route? Making sure all risks have owners we know the answer to these questions and are less affected by a risk reoccurring.
The second part to the puzzle is RIDA. RIDA stands for:
- Risks
- Issues
- Dependencies
- Assumptions
We use RIDA to determine how each item should be categorised. Some organisations only allow a single item to be allocated to one category. We allow multiple categories to be chosen. Whenever this occurs we make sure the item is discussed to see if it needs to be broken down into separate items.

When recording the risk and issues we use a RIDA card. We have designed our own RIDA card that helps capture the most important data.
On the cards you will see there is a “Date Moved” field. This is used to set the date the card is moved to resolved or closed. When we review the cards during our risk check in (which we do twice weekly) we see if any cards can be removed from the board. We only remove cards that moved over a month ago and the impact is no longer applicable.
I hope that gives you a good insight into how we manage risk.