Project Management

3 Levels of Risk Management

From the The Money Files Blog
by
A blog that looks at all aspects of project and program finances from budgets, estimating and accounting to getting a pay rise and managing contracts. Written by Elizabeth Harrin from RebelsGuideToPM.com.
accounting | agile | ai | audit | benefits | Benefits Management | books | budget | business case | carnival | case study | checklist | collaboration tools | communication | competition | complex projects | consultancy | contingency | contracts | corporate finance | cost | cost management | credit crunch | data | data security | debate | delegating | earned value | events | FAQ | financial management | financial management | forecasting | future | general | Goals | green | interviews | it | measuring performance | Mentoring | methods | metrics | multiple projects | negotiating | news | organization | outsourcing | pmi | PMO | portfolio management | presentations | privacy policy | process | procurement | productivity | project closure | project data | project delivery | Project Success | project testing | prototyping | qualifications | quality | Quarterly Review | records | recruitment | reports | requirements | research | resilience | resources | risk | ROI | salaries | scope | security | small projects | social media | software | software | stakeholders | success factors | supplier management | team | timesheets | tips | training | transparency | trends | value management | vendors | video | virtual teams | workflow | show all posts

About this Blog

RSS

Recent Posts

How to learn AI the sensible way

Making sense of project cost reports

How real PM mentoring actually works

The Accidental Product Manager: What project managers need to know

How healthy are your project finances?

Categories

accounting, agile, ai, appraisals, Artificial Intelligence, audit, Backlog, Benchmarking, benefits, Benefits Management, Benefits Realization, Bias, books, budget, Business Case, business case, business case, Career Development, Career Development, carnival, case study, Change Management, checklist, collaboration tools, communication, Communications Management, competition, complex projects, Conferences, config management, consultancy, contingency, contracts, corporate finance, corporate finance, cost, Cost Management, cost management, credit crunch, CRM, data, data security, debate, Decision Making, delegating, digite, earned value, Education, Energy and Utilities, Estimating, events, FAQ, financial management, financial management, forecasting, future, GDPR, general, Goals, Governance, green, Information Technology, Innovation, insurance, interviews, it, Knowledge Management, Leadership, Lessons Learned, measuring performance, Mentoring, merger, methods, metrics, multiple projects, negotiating, Networking, news, Olympics, organization, Organizational Culture, outsourcing, personal finance, Planning, pmi, PMO, PMO, Portfolio Management, portfolio management, presentations, privacy policy, process, procurement, product management, productivity, Program Management, project closure, project data, project delivery, Project Success, project testing, prototyping, qualifications, Quality, quality, Quarterly Review, records, recruitment, reports, requirements, research, resilience, Resource Management, resources, risk, Risk Management, ROI, salaries, Schedule Management, Scheduling, scope, Scope Management, security, small projects, Social Impact, social impact, social media, software, software, software, Stakeholder Management, stakeholders, Strategy, success factors, supplier management, team, Teams, testing, testing, timesheets, tips, training, transparency, trends, value management, vendors, video, virtual teams, workflow

Date

linkedin twitter facebook Request to reuse this  

Categories: events


At the PMI Hungary Chapter international Art of Projects conference in Budapest this month, Rick Graham spoke about risk management in the globalised world. He talked about how Monte Carlo analysis is used to establish risk and how companies gather sophisticated data to make good decisions about the actions they need to take as a result of identifying risk.

Rick said that there are three levels of risk management that apply to projects.

1. Project risk

This is perhaps the most obvious. These risks do not recognise interdependencies and risks outside the scope of the project. Rick recommended doing Monte Carlo analysis at this level to identify project risk. He also talked about scenario building as a good tool for project risk identification and management, giving the example of Shell.

Shell was the only company which modelled the risk of the OPEC countries putting up the price of oil. Because of their analysis they were able to adapt their plants to deal with less refined oil and gained a two-year head start on the competition when the prices did go up.

Rick recommended “building limited models around sensitive areas”: in other words, not spending time on modelling when the risk is low or when it isn’t worth doing. Models and analysis help explain the risk you are taking at the project level in comparative terms, which helps set them in context for team members and stakeholders.

2. Project selection risk

At this level the question relates to how risk plays a part in making decisions about which projects should be started. The challenge here is whether the business just says yes or no to a project without looking at the overall position and the wider business requirements.

For example, a risky project may not be inherently bad for the business. If you always say no to risky projects you end up with a portfolio full of low risk but also probably low benefit projects that present reduced opportunities for the company.

This level links to the strategic objectives and how the deliverables will be achieved in the organisational context.

It should also include the risk of not doing or deferring the project, as that decision presents a different path forward for the business with its own challenges.

3. Project portfolio risk

This is where you start to look outside the projects as individual initiatives and start to gather rich data about the organisation’s approach to risk management as a whole.

Rick recommended doing Monte Carlo analysis at programme level to identify risks across dependent streams of work. He then talked about using this output to identify the right combination of projects to work on at portfolio level.

The problem I found with this model is that there isn’t any level that I can see where risks fit that fall outside the project but that are managed in some shape or form by the project manager. For example, dependencies on other projects – the risk that the other project may not deliver on time. Or the risk that the company might go bust – this is out of scope of the project but something like this could feasibly be on your risk register.

This model also assumes that you have a process to apply risk management to.

Rick said that you can only do portfolio level risk management if there is one single repository of project data. This isn’t the case in many businesses where project managers are based in functional silos and even if there is a PMO it serves one business unit and not the enterprise as a whole.

A spreadsheet is good enough for this: no need to invest in anything more complicated, he said. You can start to put some science behind your spreadsheet once you have everything documented in one place.

Do you measure and manage risk at these three levels? Let us know how it works for you in the comments.


Posted on: November 08, 2014 10:59 AM | Permalink

Comments (4)
Please login or join to subscribe to this item
avatar
Michael Adams Solutions Architect| LANL Los Alamos, Nm, United States
Hi Elizabeth, I enjoyed reading this...I hadn't really thought of risk on those levels, though it seems obvious. I suppose on some level, people must do some risk analysis at all levels, but in reflecting on my employer, I've concluded that we seem to do some risk analysis at the portfolio level, but not so at the project level. I'm not clear how projects are chosen, so I can't say if or how risk factors into that.

The direction I see us take leaves me with the impressions that there is portfolio risk analysis taking place, but with regards to project risk, and we have some big risky projects, we continually find ourselves with a black eye, because there seemingly wasn't even a rudimentary risk analysis, nor any feasible risk management plan.

I see from your profile, that you are a consultant, I'm curious what you see in organizations? Are there many who practice risk management and analysis at all three levels?

avatar
Elizabeth Harrin Director| RebelsGuideToPM.com London, England, United Kingdom
Michael, I'm not that sort of consultant! I work with businesses to improve the way they communicate about projects and most of that is externally facing i.e. via their websites or social media.
But if you'll accept my non-expert opinion then no, I don't think many organizations do work at all three levels. In contrast to your experience I see project managers applying best practice risk management at the project level and then not much else happening, although the proliferation of enterprise PMOs is probably seeing that change.

avatar
Bindu Pillai Manager - IT| Lödige Systems Middle East Doha, Qatar
Even though its obvious that risks exists in all these levels - Not sure if any Small - Medium sized organizations do manage risks at these 3 levels? 1. and 2. is followed commonly and as Elizabeth stated most portfolios are based on functional verticals and will have less visibility to organizational level.

avatar
Ayman Safeeldein Alwakrra, Wa, Qatar
thanks
nice article

Please Login/Register to leave a comment.

ADVERTISEMENTS

"Very deep. You should send that into Reader's Digest, they've got a page for people like you."

- Douglas Adams

ADVERTISEMENT

Sponsors







Vendor Events

See all Vendor Events

Newsletters

Jun 3: The Career Problem Facing New PMs
May 20: Your PM Career as a Project Life Cycle
May 13: The Big Lie After Layoffs

See all newsletters