Earn Up to 15 PDUs at Gartner Summit
Aligning Project and Corporate Risk Management
by Carl Pritchard, EVP, PMI-RMP, PMP
Which is worse: losing a team member on a critical project or losing $100,000 across your organization? It’s really not a fair question. And the answer could be “either.” The challenge comes in the definition of terms, and the understanding of projects in a greater organizational context.
A PMI Risk Management Professional (PMI-RMP)® credential holder recently posed the question to PMP Passport, asking for the distinction between project risk management and corporate risk management. The reality is that while they are happening at different levels (and thus with different levels of sensitivity), there is an inherent need for alignment between the two.
Those risks that concern management at an organizational level should also concern project managers at the individual project level.
Most discussions on corporate risk management tend to hinge around the financial aspects of risk. Tragically, many projects don’t even have cost-tracking systems, and thus don’t create risk visibility for one of management’s greatest concerns.
Corporate risk managers also tend to focus on shareholder value. Project managers (often serving as the de facto project risk managers) in many cases cannot tie their projects back to the direct or indirect influence on shareholder value. These failures in alignment matter.
Reflect the Culture
While project risk management must, by its nature, focus on the threats and opportunities at the project level, the context for that information must be rooted back to what the organization is truly passionate about.
If the organization’s image and reputation are paramount, project managers should be conducting their qualitative risk assessments at the project level with attention to those details. If cost is king, then project managers should be able to evaluate risks from a cost context. If customer satisfaction is the heart and soul of the organization, then project risks need to be assessed with that in mind.
Most of this alignment is addressed in A Guide to the Project Management Body of Knowledge (PMBOK® Guide’s) Plan Risk Management and Perform Qualitative Risk Analysis sub-processes.
In these areas, there’s an expectation that the project manager will set tolerances and thresholds and evaluate risks against them. Those tolerances and thresholds, while project-specific, need to be a reflection of organizational culture.
Make It Happen
In order to bridge the gap between the project and the organization, project managers can take a long, studied look at the escalation procedures (or if no procedures exist, at the escalation history) of their organization. When does management get involved? When do they take serious umbrage at risks realized? Those can serve as bellwethers for the thresholds at the project level.
For example, if management consistently raises red flags when customers threaten to take their business elsewhere, that should be a key concern for the project risk manager as well. Any action that might cause the customer to make such a threat becomes a high-impact risk. Thus, the organizational thresholds can become the determinants of high impact for a qualitative analysis.
Evaluated consistently and over time, the lines between project risk management and organizational risk management eventually begin to blur. That’s a good thing. If it becomes harder to see the distinction, it means that project (risk) managers are serving as effective stewards of organizational resources within the organizational risk context.
Carl Pritchard, EVP, PMP instructs the e-SeminarsWorldSM course, Managing Multiple Projects. He is president of Pritchard Management Associates, a presentation, training and consulting firm that firmly believes that project management should be fun and memorable. Mr. Pritchard is also a PMI SeminarsWorld® leader and a chapter author for A Guide the Project Management Body of Knowledge (PMBOK® Guide)—Fourth Edition. He has taught risk and project management around the world since 1993, and invites your questions or comments.
