In an era of digital transformation with increasing levels of complexity and new threats, organizations must go beyond agility and commit to three risk principles to Increase trust and resilience among people, processes and technologies. Regulatory compliance is not enough, according to Gartner analysts.
Sometimes major threats or opportunities create situations in which work is required unexpectedly. Much more than scope changes, these urgent projects require a different approach than typical planning processes, and though they are rare by nature, organizations can still prepare for them, according to Stephen Wearne, award-winning professor and co-author of “Managing the Urgent and Unexpected.” [27:35]
Project risk analysis is about more than determining the probability of finishing on time and on budget. It should also be used to decide whether a project is a viable “go” in the first place. The more diligence we apply in this initiation or pre-planning stage will pave the way for less risky projects during execution.
Our 12-part series on organizational risk management concludes with a call to action — it starts with assessment and identification … leads to investment, buy-in and ownership … and makes use of tools and concepts like the risk profile, capacity and constraints hierarchy.
The PMO may not have direct accountability for the execution of organizational risk processes, but it remains a key stakeholder, providing critical support in a number of areas that impact risk, including process ownership, faciliting change and influencing the project culture.
How do strategic or organizational risk processes integrate with project-level risk management without causing duplication of effort or confusion? Let’s consider three categories of interaction between the organization’s portfolio and its individual projects.
Can the practice of stress testing improve the way we manage risk on our projects and programs? Yes, and here are two ways we can use this important approach, from identification of risk to organizational readiness.
A portfolio can drive changes into a program and vice versa, thus creating risks, changing existing ones or indirectly impacting them through other constraints. This requires a close working relationship between portfolio and program managers. It also presents a challenge of weight decisions about today’s problems versus tomorrow’s.
The program stands in the middle of organizational risk management, executing down through projects and considering impacts up to the portfolio. Here are key factors when determining if risk management should be “downloaded” to the project level or “uploaded” to the program level.
You can't build realistic forecasts without taking into account potential risks. So when it comes to creating project schedules, why is risk so often addressed as a separate exercise? To properly accommodate for uncertainty we need to embed and intertwine these processes within our tools. We need risk-adjusted scheduling.