Project Management

Ask the Expert: Enterprise Risk Management in easy steps with Chris Bell

From the The Money Files Blog
by
A blog that looks at all aspects of project and program finances from budgets, estimating and accounting to getting a pay rise and managing contracts. Written by Elizabeth Harrin from RebelsGuideToPM.com.
accounting | agile | ai | audit | benefits | Benefits Management | books | budget | business case | carnival | case study | checklist | collaboration tools | communication | competition | complex projects | consultancy | contingency | contracts | corporate finance | cost | cost management | credit crunch | data | data security | debate | delegating | earned value | events | FAQ | financial management | financial management | forecasting | future | general | Goals | green | interviews | it | measuring performance | Mentoring | methods | metrics | multiple projects | negotiating | news | organization | outsourcing | pmi | PMO | portfolio management | presentations | privacy policy | process | procurement | productivity | project closure | project data | project delivery | Project Success | project testing | prototyping | qualifications | quality | Quarterly Review | records | recruitment | reports | requirements | research | resilience | resources | risk | ROI | salaries | scope | security | small projects | social media | software | software | stakeholders | success factors | supplier management | team | timesheets | tips | training | transparency | trends | value management | vendors | video | virtual teams | workflow | show all posts

About this Blog

RSS

Recent Posts

How to learn AI the sensible way

Making sense of project cost reports

How real PM mentoring actually works

The Accidental Product Manager: What project managers need to know

How healthy are your project finances?

Categories

accounting, agile, ai, appraisals, Artificial Intelligence, audit, Backlog, Benchmarking, benefits, Benefits Management, Benefits Realization, Bias, books, budget, Business Case, business case, business case, Career Development, Career Development, carnival, case study, Change Management, checklist, collaboration tools, communication, Communications Management, competition, complex projects, Conferences, config management, consultancy, contingency, contracts, corporate finance, corporate finance, cost, Cost Management, cost management, credit crunch, CRM, data, data security, debate, Decision Making, delegating, digite, earned value, Education, Energy and Utilities, Estimating, events, FAQ, financial management, financial management, forecasting, future, GDPR, general, Goals, Governance, green, Information Technology, Innovation, insurance, interviews, it, Knowledge Management, Leadership, Lessons Learned, measuring performance, Mentoring, merger, methods, metrics, multiple projects, negotiating, Networking, news, Olympics, organization, Organizational Culture, outsourcing, personal finance, Planning, pmi, PMO, PMO, Portfolio Management, portfolio management, presentations, privacy policy, process, procurement, product management, productivity, Program Management, project closure, project data, project delivery, Project Success, project testing, prototyping, qualifications, Quality, quality, Quarterly Review, records, recruitment, reports, requirements, research, resilience, Resource Management, resources, risk, Risk Management, ROI, salaries, Schedule Management, Scheduling, scope, Scope Management, security, small projects, Social Impact, social impact, social media, software, software, software, Stakeholder Management, stakeholders, Strategy, success factors, supplier management, team, Teams, testing, testing, timesheets, tips, training, transparency, trends, value management, vendors, video, virtual teams, workflow

Date

linkedin twitter facebook Request to reuse this  

Categories: interviews, risk


Chris BellEnterprise Risk Management (ERM) sounds pretty advanced, like a bigger, better version of ‘ordinary’ project risk management. So what is it and is ERM really more complicated to do than the risk management we are all familiar with? I asked Chris Bell, Chief Marketing Officer at Active Risk.

Chris, tell us a bit more about what ERM actually is.

ERM is a scalable, holistic approach to risk management that consolidates and organizes risk information from across the organization into one location so that it may be used for improved decision making. By embracing ERM and creating a risk management culture, organizations can drive business performance, innovation and growth, while protecting company reputation and shareholder value.

OK, I can see that could be a really valuable function for a PMO – to be able to have all the risk information from across multiple projects in one place. If companies want to do this, how do they get started?

Unfortunately, too many leaders still perceive risk management as a complex progress. In reality, there are six steps that need to be followed to enable organizations to optimize the strategic value of risk – regardless of the industry, vertical, size or scope of the project.

First, employees across the business identify the risks currently facing their project or organization. It is critical to identify all risks, including risks that are low probability but high impact, which may have been ignored in the past. While each employee may know several risks, getting everyone into the same room to identify risks together will quickly yield a more comprehensive, more accurate list.

Yes, that’s the same approach as we use on projects, but spread out to include everything managed by the PMO or company. What next?

In the analyze step, teams evaluate each risk individually. How likely is the risk to occur? Who/what will be affected if it does occur? What are the business implications of the risk (e.g. schedule, budget, and scope)? Most risks have more than just a financial impact, so all business implications should be considered. This analysis should start to bring to light the interconnectivity of risks, and some of the connections may be surprising. For example, several different project teams may be relying on the same supplier or the same piece of equipment to meet different schedule and budget requirements, taken together that might cause a problem. At the end of this process, the team should have a comprehensive list/database of risks that can be organized by probability and impact to the project or organization.

ERM procesThen the team agrees on the best course of action to manage each risk. This is where strategy is key. Often, the team will need to consider the business impact of the risk occurring versus the business impact and cost of controlling or mitigating the risk. If it makes sense to mitigate the risk, the team will discuss steps for risk reduction, risk transfer, insurance, and other options. At the end of this step, leaders should have a clear picture of all relevant risks, how they interrelate to each other, and how they will be managed moving forward.

The PMO would be a good place to keep this information, although it would have to be kept up to date regularly with assigned owners.

That’s correct. The monitor step is about accountability. A person or team should be assigned to each risk, so that they are responsible for monitoring and executing the mitigation plan.

So that’s where it ends?

No. There’s another step for organizations to streamline and enhance their ERM process and risk culture. Are the right people involved? What new risks can be identified? How can we improve the way we’re managing existing risks? Organizations should reward – not penalize – those who share risk information. The earlier a risk is identified, the easier and cheaper it usually is to stop it happening or reduce its impact.

Well, that’s true. How do project leaders get information about the risks that have been identified?

A best practice is to build reporting into the management cycle of meetings so that the right information is available in the right format at the right time. Having a reporting system readily available also ensures that ad-hoc questions from senior management can be answered at any time, with confidence.

Do you have any examples of companies currently using this ERM process on their projects?

A current example of a company that follows the six step process is Crossrail. Crossrail is Europe’s largest infrastructure project, constructing a new rail line across London with 21km of tunnels underneath the center of the city. The project, which has a budget of £14.5 billion, will increase London’s rail transport capacity by 10% by 2019.

Risk management is now an integrated part of Crossrail’s culture – tied into key progress indicators (KPIs) and therefore directly affecting employee bonuses.  The Company has also insisted that its most critical contractor and supplier partners implement the same risk management process and system, sharing real time risk data with Crossrail’s project managers. With the six steps in place, Crossrail has seen benefits including improved business performance and stronger, more effective partner relationships as they work on this very important project.

Given the amount of building work in London at the moment to support Crossrail, I think it’s great that they are integrating risk management and mitigation into their project plans. Thanks, Chris, that’s really insightful!

 

About the expert:

Chris Bell is the Chief Marketing Officer at leading ERM software provider Active Risk. Chris brings life and energy to technology and business topics such as Enterprise Risk Management (ERM), Project Portfolio Management (PPM), and Governance Risk & Compliance (GRC). He is also a published author of many articles, white papers and books, including EVM for Dummies, and contributed to Active Risk’s ERM Readiness Guide. 

Elizabeth Harrin is Director of The Otobos Group, a project management communications consultancy. Find her on and Facebook.


Posted on: January 09, 2013 04:49 AM | Permalink

Comments (4)
Please login or join to subscribe to this item
avatar
fosco frongia Senior project manager| ENTE PATRIMONIALE CHIESA GESU' CRISTO SUG Fino Mornasco, Como, Italy
Very interesting and effective approach.
Many thanks for sharing this article

avatar
Kevin Coleman Subject Matter Expert, Author, Speaker and Strategic Advisor| - Insights Pa, United States
Interesting piece - and perspective.

avatar
Craig Valade Manager, EPMO| Elections Ontario Toronto, Ontario, Canada
Hi Chris,
I manage a small PMO that has naturally fleshed itself out to be an EPMO that is now responsible for Enterprise Risk Management for the entire organization. My team is very small and we struggle with our daily deliverables; as such, do you have any other guidance to assess, implement and monitor enterprise risk management, i.e., any white papers you'd recommend, etc?

avatar
Ayman Safeeldein Alwakrra, Wa, Qatar
thanks

Please Login/Register to leave a comment.

ADVERTISEMENTS

"Life is a great big canvas; throw all the paint you can at it."

- Danny Kaye

ADVERTISEMENT

Sponsors







Vendor Events

See all Vendor Events

Newsletters

Jun 3: The Career Problem Facing New PMs
May 20: Your PM Career as a Project Life Cycle
May 13: The Big Lie After Layoffs

See all newsletters