Professional Documents
Culture Documents
09-Risk Governance - 12 PG's-5 PDF
09-Risk Governance - 12 PG's-5 PDF
Governance
The work of risk governance extends throughout the project. Risk governance involves
oversight of the entire risk management process, making sure the risk management
activities are consistent, and that they are continuously improved throughout the
organization. Governance is a matter of not starting from scratch on each project, but
rather from benefiting from the successes and failures of projects that have gone before
yours.
The project manager should understand and be trained in risk management, and
manage the project's risk management process. This might involve determining how risk
management will be handled for the project and how that effort will meet any company
policies and procedures for risk managem.ent.
A program manager (if one exists) in the organization would be involved in overseeing
the risk management function for all the projects in the program. This includes
making sure all parties are trained in risk management as well as project management,
coordinating risk management efforts throughout the program, and making sure that the
risk management effort is appropriate for the size and importance of the projects.
The PMO might create some policies and procedures for risk management and serve as a
governance body overseeing all projects, including how the projects manage risks.
Since risk management is such an important topic, company management may also be
involved ip the project, helping to identify risks and making decisions on the amount of
acceptable risk in the project.
Policies and procedures could also cover such topics as how sponsors should participate
in risk management activities, who should be trained in risk management (e.g., all project
managers and risk owners), how often risks should be reviewed on projects, and any other
policies relating to risk that are deemed valuable.
These organizational standards and policies are updated based on lessons learned from
applying these standards and policies on other projects. This is critical information for the
project manager to uncover at the beginning of the Plan Risk Management process, as it
will influence how he or she approaches any project within the organization.
Risk governance involves not only creating such policies relating to risk management,
but also making sure that projects are planned using relevant risk policies and standards.
Then while the project is underway, risk governance involves making sure the project
actually follows the policies. Such policies and best practices are designed to improve risk
management effectiveness. They may be enforced by the project manager, PMO, or the
management of the organization if a risk governance body does not exist.
Risk Governance
As we discussed in the Monitor and Control Risks chapter of this book., lessons learned
should include:
• What went right?
• What went wrong?
• What would be done differently if the project could be done again?
Lessons learned are created by the project manager and involve the input of the team and
stakeholders. They are created throughout the life of the project and are finalized at project
end. Lessons learned may be sent to other project managers or departments that might
benefit from them as they are created, instead of waiting until the project is closed out.
Creation of Metrics
Metrics are standards of performance that, once evaluated, tell how work is performing
against the plan. Risk governance involves the creation of metries for risk management
activities in the organization.
Project managers will have a performance measurement baseline for the project that
includes broad requirements for scope, time, and cost. On most projects, this baseline is
measured infrequently, leaving the project manager unsure of the real status of the project
between performance measurements. This is why metrics are valuable-to provide an
additional measure of progress and to warn of potential problems. I
Project managers may individually be able to determine some metrics for their projects,
but they usually end up basing these metrics on their own beliefs and attitudes. For
example, a project manager might think that nine unidentified risks are acceptable, or that
having the team arguing constantly is acceptable.
These metrics can then become the baseli~t for risk management performance on
projects throughout the organization. So instead of just hoping things are going well, or
having to deal with big problems when measurement time comes, project managers can
determine project performance using established standard metrics and know how things
are progressing against the plan. Instead of having to guess which metrics have meaning
on the project, they can use ones provided by risk governance.
The project manager could then bring concerns about company culture or company
systems to the attention of the risk governance body to explore the overall effect on the
organization, rather than the project manager trying to make an organizational change
based on the effect on just one project.
As you read this, you might think a risk governance body is far from what you will
ever see in your organization. Think again. Since the first edition of this hook was
published, more and more organizations ~ound the world have used it as their basic
risk management reference. Therefore, more and more organizations are using the tricks
of the trade and general advice this book provides from projects around the world. So
perhaps it won't be such a long time before your organization realizes the benefits of a
risk governing body.
If a project can make or break a department or even a company's future, and if a project
can cause a negative impact of hundreds of times its planned cost to companies, then it
will not be long before organizations take a more proactive role in managing the risk in
projects.
Since projects have such a huge potential for negative or positive impact, many companies
even have teams of auditors who will conduct the risk audit on a project to make sure that
the project manager and the project team have identified all the risks, that adequate plans
are in place, and that risk owners understand their roles in preventing and dealing with
threats and maximizing potential opportunities.
As project managers progress in their careers, they can move up into the roles of program
or portfolio managers, but with this chapter, I am also suggesting a new role. A project
manager can move up into a risk governance position within the company, thus securing
the assets of the organization against unnecessary expenditure.
-- -
,;r ' , ¥ d " or+ t an ees::;:;;e;.rmw t,
- . ~, ·to ' ''Sf ott· •• , ' ''., ,. ,,;;' bEe f $ .. # 0'7 ' ' ri" .... ·. .
Risk Governance
Chapter Summary
Key Concepts
• Risk governance involves making sure risk management activities are effective,
consistent, and continuously improved
• The project manager, PM 0, or company management may be responsible for risk
governance
• Risk governance includes:
• Standards, policies, procedures, and practices
• Lessons learned m anagement
• Creation of metrics
• Monitoring and controlling risks
Key Terms
• Risk governance • Lessons learned management
KeyWord
1 . Risk governance 3. Metrics
Definition
A. Standards of performance that, once C. Oversight of the entire risk management
evaluated, tell how work is performing process
against the plan
Answer Key
I. C 3. A
2. B
. _ . _ - - - --'
I. . '''ie' ' •
Risk Governance
293
i
I
i
~
'j
Risk Governance
Notes
When you are ready, please turn to page 321 to take the Final Exam. See how much
knowledge you have gained.