As organisations increasingly recognised the need to proactively manage risk, questions arose about the most effective approach to actually doing it. The majority of organisations understood the need for a mechanism or process capable of capturing risk information from across the organisation, and the requirement to document and distil captured information in order to facilitate an effective response.

For most organisations, this saw the emergence of a paper based risk management system, combining an extensive set of meetings, forms, and written reports to capture risk from across the organisation, escalate it, and allow the organisation to coordinate its risk management response.

With the rise of personal computing, spreadsheets increasingly came into play, eventually becoming the key tool for recording and analysing risks data. Risk management spreadsheets, combined with some basic coding evolved to do more and more, including neat little features like changing cell colours in response to risk scores to produce a Red, Amber, Green (RAG) status. They also allowed risk data to be filtered and analysed. However this step forward, didn’t resolve the broader challenges of risk management.

Unless you've been living on Mars for the last year, you will have been unable to miss the fact that the global economy has gone through the largest economic downturn since World War Two. Regardless of the cause behind the downturn, the effect is that many nations are now considerably in debt and are proposing severe austerity measures in order to repay and reduce the debt burden.

The scale of the proposed measures are such that, if imposed, they are likely to have considerable impact on UK public sector bodies, forcing choices that expose them to a higher degree of risk.

If you are a risk management professional working in the public sector, this is likely to significantly pressure test the robustness and value of your organisation's risk management programme.

In a typical project environment, project risk is usually captured within the project and managed locally, being viewed entirely from the project own insular perspective. Project risk is reported by the project manager, typically to the Project Board (often made up mid or senior level organisational personnel). But whilst this approach may meet the projects needs, it does a poor job of considering the broader needs of the organisation.

Strategic Fit hasn't really received much by way of coverage in risk management literature, yet it plays a fundamental role. Within risk management circles, not everyone will be entirely familiar with the term ‘Strategic Fit', although the concept is highly relevant, and quite easy to grasp. So what is it?

Strategic Fit concerns itself with how the organisation engages with two critical areas:

• The organisation's external environment
• The organisation's internal environment.

Consider your own situation; your organisation has a primary purpose for existing which it is required to realise. Yet your organisation exists within an external environment, an environment that presents both opportunities and threats that could support or derail this purpose.