Project Management

ATA Risk Question

From the PMI Global Insights Blog
by , , , , , , , , , , , , , , , ,
The Project Management Institute's annual events attract some of the most renowned and esteemed experts in the industry. In this blog, Global Conference, EMEA Congress and experienced event presenters past, present and future from the entire PMI event family share their knowledge on a wide range of issues important to project managers.

About this Blog

RSS

View Posts By:

Cameron McGaughy
Dan Furlong
Marjorie Anderson
David Maynard
Fabio Rigamonti
Emily Luijbregts
Priya Patra
Karthik Ramamurthy
Stephanie Jaeger
Moritz Sprenger
Kimberly Whitby
Laura Schofield
David Davis
Andrew Craig
Lorelie Kaid
LORI WILSON
Kiron Bondale

Past Contributers:

Deepa Bhide
Nic Jain
Karen Chovan
Jack Duggal
Catalin Dogaru
Kristy Tan Neckowicz
Sandra MacGillivray
Gina Abudi
Sarah Mersereau
Lawrence Cooper
Yves Cavarec
Nadia Vincent
Carlos Javier Pampliega García
Michelle Stronach
Laura Samsó
Marcos Arias
Cheryl Lee
Kristin Jones

Recent Posts

Crowd Sourced Inspiration

My parting thoughts on PMI's 50th anniversary Global Conference

My impressions from day one of "Ask an Expert" at #PMIcon19

Ask The Experts -- at the global conference

What Does an Invitation to the ‘Ask the Expert’ Panel Mean to Me? #PMIcon19 #Inspiration



ATA (Ask to Answer) for the Risk expert Mr. Maynard.

I wonder if there is a formal explanation for something I call “Organizational Accepted Risk”.  There are many risk items that I personally don’t call out in my risk mitigation strategy because the Organization automatically accepts the Risk and will deal with it when it occurs.  I mention it in my governance document, but not in my Risk Plan. Some examples of these risks are listed below:

  1. A team member leaves the organization (whatever the reason: resignation, layoffs, death, etc.)  It definitely can impact my deliverables, but.
  2. A cyber attack.  I do a lot of network projects and there is always the risk of a cyber attack taking resources (wanacry is one example).  We deal with it, but it can cause a jeopardy.
  3. Funding cut.  I treat this as an issue when and if it occurs and requires the project plan to be reviewed.
  4. Act of God – there are lots of things that can happen to disrupt the project.  Fire, hurricane, tornado, zombie apocalypse.  I don’t call these out as specific Risk items as we just accept them.  The probability is low for some areas (not too many hurricanes in Ft Wayne) 

My question: “is there an accepted best-practice for handling Organization Accepted Risk” and could you direct me to it?

Posted by David Davis on: October 10, 2017 04:29 PM | Permalink

Comments (4)

Please login or join to subscribe to this item
This is where enterprise risk management comes into play, David. Each organization should have an ERM team and processes to manage risks that are pervasive and span the whole company.

We don't have one that I'm aware of.

In my experience there is what some call business risk, they are associated with the kind of business of the organisation. Usually manage at the organisation level

Please Login/Register to leave a comment.

ADVERTISEMENTS

When someone is lying, is it true that their pants are actually on fire?

- Jerry Seinfeld

ADVERTISEMENT

Sponsors