It's not that companies don't understand the value of risk management. Most large enterprises devote a considerable amount of time and manpower to risk analysis before pulling the trigger on large projects. But there are a number of hurdles that can prevent companies from successfully integrating risk management into project and program planning and execution.
Many organizations fall down when it comes to process, particularly up-front planning.
According to a January 2011 report from the Economist Intelligence Unit, 37 percent of the 427 executives surveyed said that conducting a risk-management analysis of a project was one of their greatest challenges.
Doing risk-management due diligence is not a one-size-fits-all task, although there are certain elements that will apply regardless of project type—issues such as projected cost, resources and corporate risk.
“It often depends on the company and vertical industry it's in,” says Laura DiDio, principal analyst at ITIC, a research and consulting firm in Hopkinton, Massachusetts, USA. “The very leading-edge companies and those in high-risk fields should be looking at incorporating a solid risk-management methodology that's part of any checklist for a project. But it's not as common as it should be. While important, it's very complex.”
This is where project risk-management software can help. If companies do the up-front work of creating risk-management policies and procedures that adhere to best practices, technology can help codify processes and build them into the project management process.
“The threats from a security standpoint have never been greater,” Ms. DiDio says. If an organization fails to take action and adopt the appropriate risk-management policies and procedures, and back that up with great products, it could:
- damage its business operations
- put itself at greater risk of litigation
- place its customers', business partners and suppliers at risk for problems
- ruin its reputation
“You really have to approach this as a science— the products themselves are wonderful, but it's the humans who must implement and execute on them,” she explains.
The market for this technology is somewhat fragmented, with a lot of vertical niches and products designed to serve both large enterprise and mid-market companies, Ms. DiDio says.
It's a matter of analyzing what works best for you. For example, many companies now offer a software-as-a-service (SaaS), or web-based, version, as well as features designed to help with training and process adoption. Here's a quick look at some options:
IMPACT ERM SUITE
- » Focuses on three action items for each project's risks across the enterprise: track, prevent and improve
- » Offers a preconfigured edition for smaller organizations in specific industries
- » Is an add-on to PerTrac Analytics software
- » Creates a report that breaks down the project portfolio's risk and return components
- » Shows how the project portfolio can be expected to perform under certain crisis scenarios
ENTERPRISE RISK REGISTER
- » Tracks risk ownership
- » Monitors each risk by context, using department, division, location, project, process, asset or risk category
- » Includes optional features, such as sending alerts to risk owners
- » Includes a customizable risk matrix that shows the impact and probabilities of project risks
- » Calculates the impact of project risks and issues
- » Runs multiple risk mitigations and produces automated riskmanagement reports
- » Offers networking capabilities to connect team members