In a multiproject company with big projects, you must align business goals and strategies with project performance. This is reflected in all knowledge areas, including risks. Considering this I ask:
How do you provide a link between project level risks and corporate level risks? If you have a lot of projects, how do you determine key risks for the company based on the individual risk registers? Saving Changes...
There needs to be integration and alignment between project, program, portfolio and enterprise risk management domains. This topic is covered in the upcoming revision to PMI's Risk Management Standard.
One example of how this might be addressed is what I experienced when running the PMO for a government agency. I sat on the enterprise risk committee and part of my role was to curate key risks across the portfolio I was overseeing to bring those to the attention of the rest of the committee. I also was expected to bring any operational issues or risks discussed at that table back to my team of PMs and PgMs for them to assess whether there were project or program implications.
Thank you, Kiron and Rami for your input. I'm currently undertaking a job of translating project risks for individual projects and a corporate, integrated set of risks. I'm doing both a top down and a bottom up approach, given that both needed updates and improvements.