Carl ProChief Operations Officer| ProCHEM LLCMonroeville, Pa, United States
What is the appropriate "Responsibility/Accountability/Authority" position of Project Risk Management within your PMO or Project Management Group?
I contend that Risk Management is the oversight group of the PMO and as such should have the "Responsibility/Accountability/Authority" much like a World Class Quality Assurance group has.
Projects are the application of known knowledge, tools, and techniques with a measure of risk to advance the current state to a new more advanced state thereby increasing the known knowledge, tool and techniques through the management of the unknowns or risk.
A world class risk management organization ensures project success through the application of analytical tools such as advanced mathematical analysis of cost estimation, schedule (time)estimation, project threats and project opportunities while maintaining quality and fulfilling requirements management. The key to project success is the managing the unknowns of risk management.
So where does Risk Management report in your organization to enable the independent project oversight and authority to ensure project success? Saving Changes...
Excellent question Carl, in one organization I worked for they had a department and C level executive alongside IT etc. More commonly though, the risk management is absorbed by the team and from what I've seen, shouldered by the Project Manager. In many instances as well, I've supported the creation of the RACI matrix and risk register as a subcontractor because no one else was doing it outright and to me, the project was too much at risk without it. The role of a risk manager is too often overlooked or just combined with another role. Saving Changes...
micheline loganDirector| M Logan & AssociatesJohannesburg, Gauteng, South Africa
Risk management should be managed at enterprise level and should be pervasive throughout the organization. I am fascinated by organizations that have little risk silos dotted all over the place. How can operational risk be divorced from the rest of the business? A major operational POF can break the business; Saving Changes...
Sergio Luis ConteHelping to create solutions for everyone| Worldwide based OrganizationsBuenos Aires, Argentina
We have a corporate group focused on risk. At PMO level (I belong to the EPMO - enterprise PMO - LATAM Division) we take the policies and rules and adapt them to projects (just in case it applies) and follow them. But the driver are all related to risk at corporate level. Saving Changes...
With my most recent full-time employer (a large Canadian bank), risk was tackled using a multi-layered approach. Our enterprise risk appetite statement set the foundation for each independent area. Operational risk management was concerned with operational/business risks, each line of business PMO looked at the delivery & execution risk within their portfolios and our EPMO was responsible for providing enterprise risk oversight for projects over a certain complexity and cost threshold. Then, we had internal and external project audit which would independently assess delivery and execution risk for a subset of our projects.
Kiron Saving Changes...
Stéphane ParentSelf Employed / Semi-retired| Leader MakerPrince Edward Island, Canada
Risk management happens at different levels in our organization: project, program and enterprise.
Each level has a specific scope for their risk management. The levels may overlap as necessary. Saving Changes...
In large organisation there must be a CRO or similar.
A risk manager need to report within the business unit (full line) project manage, PMO, etc and to the CRO ( dotted line). Saving Changes...
Depending on project volume and risk category it is basically divided into business area, country and global corporate level with own risk monitoring organisation behind. Saving Changes...
