Seeking advice on when and how to include project risks on corporate risk registers Saving Changes...
Sort By:
Ian CameronProgram Manager| Cameron Family Farms Inc.White City, Saskatchewan, Canada
I would suggest you start by asking some questions about the project risk.
1. Will a project risk impede the achievement of a stated corporate objective?
2. Will a project risk increase the impact or likelihood of a corporate risk occurring?
3. Is the Project risk impact large enough to affect corporate reporting on its own?
If the answer to any of these is yes. You may want to consider adding it under the affected corporate risk, or as its own in the appropriate section.
I'm certain more rigor can be applied but this is my general sense. Especially if your project is listed as required to achieve a corporate objective... such as a new CRM to increase sales by 5% or some such enterprise level project/program.
I would suggest you start by asking some questions about the project risk.
1. Will a project risk impede the achievement of a stated corporate objective?
2. Will a project risk increase the impact or likelihood of a corporate risk occurring?
3. Is the Project risk impact large enough to affect corporate reporting on its own?
If the answer to any of these is yes. You may want to consider adding it under the affected corporate risk, or as its own in the appropriate section.
I'm certain more rigor can be applied but this is my general sense. Especially if your project is listed as required to achieve a corporate objective... such as a new CRM to increase sales by 5% or some such enterprise level project/program.
Thanks Ian for the great response. Saving Changes...
To build on Ian's feedback, a lot will depend on what other risk tracking and reporting is going on in the organization.
If there is no overall portfolio-level risk management taking place, then there may be value in bringing risks which impact multiple projects in the portfolio or which might exist between projects to the corporate table.
I've found it helpful to consider mapping the relationships between key risks, whether those are within a project or to business or corporate risks.
Kiron Saving Changes...
Deepesh RammoorthyICT Project Manager ( PMP®AgilePM®Certified ScrumMaster® (CSM®))| Australian Red Cross Blood ServiceTarneit, Vic, Australia
Hi Karen
taking some pointers from what others have said , The risks you may want to highlight on the corporate register really depends on the scale and impact of the project to the corporate structure and business practices . For example, implementing a company wide CRM ,which can re-design or streamline the whole business process of interacting with customers.
Otherwise there is little value on highlighting risks on smaller individual projects unless as Kiron said, you are able to find commonalities between multiple projects in a Program of work or a Portfolio and highlight that common risk.
for example, If you find that Project Resourcing is a risk across all the projects and has the potential to affect customer service , that might spawn the need for the company to find an in-sourcing partner as a body shop for projects or outsourcing pieces of work to another company.
It may be valuable to collect such information from your Project/Program Management Office who may be able to find out common risks between multiple projects and then justify their inclusion on the corporate register. Saving Changes...
Financial corporate reporting ask that you report risk that will affect financial statement.
If you organisation project are external, project risk will impact profit, so financial statement! Saving Changes...
Anish AbrahamPrivacy Program Manager| University of WashingtonAuburn, Wa, United States
My understanding is that project risks are different from corporate risks in the sense that they refer to an uncertain condition that may affect one or more project objectives. I concur with Kiron and Deepesh on this. Saving Changes...
Stéphane ParentSelf Employed / Semi-retired| Leader MakerPrince Edward Island, Canada
The risk owner is usually an indicator of where the risk belongs. Saving Changes...
Jim BrandenSenior Project Manager| Retired from UNC Charlotte - IT Services - PPMOCharlotte, Nc, United States
Karen, Ian, Kiron and Deepesh all gave you very good pointers. Please consider my elevator speech on the three sources of risks:
#1 Risks OF the project, because the organization decided to undertake it (what is the org 'gambling' to achieve the desired results?) [These risk responses fall within the org's control.]
#2 Risks IN the project, because of the PM's, SME's and team's strengths and weaknesses. [These risk responses fall within the PM, SME / team's control]
#3 Risks TO the project, because of changes in the market, technology, etc. [These risks arise from forces beyond the org's and PM's control.]
Bottom line (summarizing all the points from the others and myself):
If a risk's potential reality will impact the organization, then the organization needs a way to recognize the positive or negative impacts, the severity, and probability at the corporate leadership level.
Jim Saving Changes...
