Is it time to look again at risk management in your business? Is it really being done across all project teams with the accuracy and efficiency you would like?
Often we see project teams who do carry out risk management on projects, but they do so in a way that is fragmented. Project managers learn about risk techniques on training courses and through learning from their peers. But there comes a point when the PMO needs to step up to implement standardized approaches so that everything is being managed in a consistent way.
If that’s where you are right now, or where you think you will be soon, we have some help for you! In this article, we’ll discuss the seven questions to ask before embarking on a risk management program across your project delivery teams.
Let’s dive in.
1. How are we going to track risk?
This is the big question. As a PMO leader, you need to think about your risk management framework and processes for the project teams who will eventually use them. Come up your strategy for risk management for projects. This should align to the corporate risk management methodology. Processes and standard documentation will drop out of this.
You may need to get your approach signed off by business leaders, so take that step if necessary before you start to implement your strategy.
2. What risk management software are we going to use?
Doing risk management on a corporate scale does mean using software to record, analyze and track risks. You can’t do this level of management and reporting through making notes on a white board.
Your business may already have tools that are adequate for managing risk. You may be able to extend your existing suite of tools to switch on a module for risk management. Or you might need to invest in something completely new.
If you are already conscious that you need to equip your teams with better tools to manage their projects, now would be a great time to look at software products that can meet all your needs, including risk management.
3. What are our risk classifications going to be?
What is a ‘major’ risk? What does ‘minor impact’ mean? Do we need different classifications for strategic projects, or large projects?
Take some time to work out the framework for risk management. Be inspired by industry-standard models for risk management and what other businesses do, but don’t be afraid to create a risk management matrix that perfectly aligns to your organization. You may already have one that is used to manage enterprise risk. You should be able to easily adopt that into your project risk management framework for the PMO if you feel it is appropriate to do so. Add some notes or a guidance document to help project managers apply it to their projects.
4. How are we going to report risk?
You may have come up with a standardized way of helping project teams identify, track and manage risk, but how is that going to be incorporated into your business reports?
Tools like Adrega PI can be integrated with your existing tools to surface risks in a dashboard-like format. You may need to update reporting templates to use your new risk classifications.
5. How are we going to train project teams?
Carrying out risk management training should factor into your plans. You need to run workshops to tell people how they are expected to manage risk and to support them in doing so. They will need to understand the processes and why they are doing the processes. The risk analysis matrix and the classifications used might also be new to them (or at least different to how they were assessing risk before).
Your team may also need specialist training in the software they are going to use. They may be experienced in using a tool like Primavera P6, but they might not have used the Primavera Risk Analysis tool for managing risk in the way you want them to. Make sure they have access to support so they can use the new processes and software.
6. How are we going to train business leaders?
For any new initiative to be successful, you need senior business leaders on side. Risk management is no different. Your risk management plans should consider how you are going to get leadership buy in for the work you want to do.
Talking to the leadership team about leveraging risk management to make better investment decisions is a good starting point! Tailor your communications to the executive levels and highlight the business benefit of implementing robust and standard ways to manage risk across the enterprise.
7. How are we going to build risk management maturity?
Risk management shouldn’t be a one-time activity. Yes, you may launch a new process, tools and some reports to go alongside. But that isn’t the end. You can listen to feedback on how the process is working, make improvements and tweak reports until you get something that is truly useful to your organization. And as organizations evolve over time, you’ll also have to evolve the way you manage risk to keep up.
Start with the expectation that you will continually improve your processes. Think about how risk management maturity should be measured in your organization and perhaps carry out a maturity assessment. This is something you can repeat at a later date to see if you have managed to improve your team’s ability to manage risk in a mature way.
Before you start to implement a risk management improvement program across the business, think about the questions above. As you work through each area you will probably come up with more questions to ask and answer. This is all good – you can be that the project managers and their teams will be asking these questions in the future, so it’s great to come up with the answers now!
By thoroughly planning how you are going to manage project risk, you can make sure that it is approached in a mature and robust way. You can build maturity over time, but you’ll know you are starting from a solid foundation.