Professional Documents
Culture Documents
Professional
(RMP)®
3
2.1
Key Concepts
and
Definitions
Key Concepts and Definitions
01
An individual risk is an uncertain event or condition that, if it occurs, has a
Individual Risk
positive or negative effect on one or more objectives.
02
Overall risk is the effect of uncertainty that affects organizational objectives at
Overall Risk different levels or aspects.
Opportunities are risks that have a positive effect on one or more objectives.
03 Opportunities Opportunity management helps to identify and understand possible ways in
which objectives can be achieved more successfully.
04 Threats Threats are risks that would have a negative effect on one or more objectives.
06 Risk Threshold
Risk threshold is the measure of acceptable variation around an objective that
reflects the risk appetite of the organization and its stakeholders.
07
5
Key Concepts and Definitions
Risk is an uncertain event or condition that, if occurs, has a positive or negative effect on
one or more project objectives such as scope, cost, and quality.
6
Key Concepts and Definitions
3- Opportunities 4- Threats
Opportunities are risks that have a Threats are risks that would have a
positive effect on one or more negative effect on one or more
objectives. Opportunity objectives.
management helps to identify and
understand possible ways in which Threat management involves the use
objectives can be achieved more of risk management resources to:
successfully.
Describe risks.
A consistent portfolio, program, Analyze risk attributes.
and project management system Evaluate the probability of risk
helps to: occurrence and impact as well as
other characteristics.
Identify and assess Implement a planned response,
opportunities that are often when appropriate.
linked.
Improve the organization's
ability to accept and pursue
opportunities.
7
Key Concepts and Definitions
5- Risk Attitudes
A chosen mental disposition towards uncertainty, adopted explicitly or implicitly by individuals and groups.
8
Key Concepts and Definitions
6- Risk Appetite
7- Risk Threshold
A quantified limit beyond which your organization will not accept the risk.
The risk threshold is an amount of risk that an organization or
individual is willing to accept. Say for your project, a 10,000 USD cost
overrun is acceptable to your organization, but no more.
For example, your organization cannot take a risk with an impact of
more than 10,000 USD.
9
Trigger Condition
10
2.2
Risk Management
in
Organizations
Risk Management in Organizations
The organization's governance body is ultimately responsible for setting, confirming, and enforcing risk
appetite and risk management principles as part of its governance oversight.
Both uncertain situations are risks when they could have an adverse or positive effect on the achievement of
objectives.
It is essential to address both situations within an enterprise, portfolio, program, and project risk management
process.
A risk may have one or more causes and, if it occurs, may have one or more effects.
Threats that occur are termed issues, and opportunities that occur are benefits to the enterprise.
Portfolio, program, and project managers are responsible to resolve these issues and manage them effectively.
Issues may entail actions that are outside the scope of the portfolio, program, and project risk management
process; therefore, these issues are escalated to a higher management level according to the organization's
governance policy.
12
2.3
Domains
of
Risk Management
Domains of Risk Management
14
Domains of Risk Management
15
Domains of Risk Management
The primary purpose of risk management is the creation and protection of value.
ERM is an approach for identifying major risks that confront an organization and
forecasting the significance of those risks to business processes.
The way in which risks are managed reflects the organization's culture, capability,
and strategy to create and sustain value.
ERM addresses risks at the organizational level including the aggregation of all risks
associated with the enterprise’s portfolio of programs and projects.
1 ERM provides a systematic, organized, and structured method for:
o Identifying and assessing all risks an organization faces,
Enterprise o Developing suitable responses,
Risk Management o Communicating status with stakeholders,
o Assigning responsibility to monitor and manage risks in alignment with the
strategic objectives of the organization.
16
Domains of Risk Management
1 them according to the escalation rules in place within the portfolio, program, and
project management framework;
Defining an appropriate risk management strategy based on increasing the
Enterprise probability and/or impact of positive risks and decreasing the probability and/or
Risk Management impact of negative risks (threats);
Identifying the risk owner and assigning the risk;
Implementing the corresponding strategies;
Monitoring the effectiveness and efficiency of the risk management strategies
deployed within the enterprise, portfolio, program, and project management
framework;
Ensuring alignment between portfolio, program, and project management risk
governance models and the ERM strategy.
17
Domains of Risk Management
1
Structural Risks
Structural risks are risks associated with the
composition of a group of projects and the
2 potential interdependencies among components.
Portfolio
Risk Management
2 Component Risks
Component risks at the portfolio level are risks
that the component manager escalates to the
portfolio level for information or action.
3 Overall Risks
Overall, portfolio risk considers the
interdependencies between components and is,
therefore, more than just the sum of individual
component risks.
18
Domains of Risk Management
Portfolio As defined in The Standard for Portfolio Management [2], portfolio risk management
Risk Management ensures that components achieve the best possible success based on the
organizational strategy and business model.
The result of portfolio risk management strategy is defining and launching new
components or closing other ones. Portfolio components can be responses to
identified threats or opportunities in alignment with the organization's overall
business strategy.
19
Domains of Risk Management
Program Risks go beyond the sum of the risks from each project within the
program.
Program risk management strategy ensures effective management of any risk that
can cause misalignment between the program roadmap and its supported
objectives to organizational strategy.
3 It includes defining program risk thresholds, performing the initial program risk
assessment, and developing a program risk response strategy.
Program
Risk Management
The Standard for Program Management describes program risk management
strategy as:
20
Domains of Risk Management
4
risk management planning, identification, analysis, response planning, response
implementation, and monitoring risk on a project.
Project The objectives of Project Risk Management are to increase the probability and/or
Risk Management impact of opportunities and to decrease the probability and/or impact of threats in
order to optimize the chances of project success.
The PMBOK® Guide states that when unmanaged, these risks have the potential to
cause the project to deviate from the plan and fail to achieve the defined project
objectives.
21
2.4
Key Success Factors
Key Success Factors
6 2
5 3
23
Key Success Factors
3 6
Risk management activities are consistent Organizational commitment is established only
with the value of the endeavor to the when risk management is aligned with the
organization and with its level of risk, scale, organization's goals, values, and ERM policies. Risk
and other organizational constraints. management actions may require the approval of
or response from others at levels above the
portfolio, program, or project manager.
24
Ch-03
Framework For Risk Management
In Portfolio, Program, and
Project Management
Ch - 0 3 C on ten t s
26
3.1
Business Context of Risk
Management
in Portfolio, Program,
and Project Management
Business Context of Risk Management in Por tfolio,
Program, and Project Management
All organizations encounter internal and external factors that influence their ability to achieve
desired objectives. Achieving those objectives is rarely ensured. All organizational activities
involve risk.
Portfolio, program, and project managers are responsible for risks associated with their
endeavors. These managers are responsible for working with stakeholders at various levels of
the organization and applying a systematic, integrated approach to risk management.
28
Business Context of Risk Management in Por tfolio,
Program, and Project Management
29
Business Context of Risk Management in Por tfolio,
Program, and Project Management
ORGANIZATIONAL FRAMEWORK
Risk management includes all domains of the organization: enterprise,
portfolio, program, and project.
ERM is an approach to managing risk that reflects the organization's culture,
capability, and strategy to create and sustain value. It covers the policies,
processes, and methods by which organizations manage risks (both threats
and opportunities) to advance the mission and vision of the organization.
Portfolio risk management derives its policies, processes, methods, and
tolerance from the ERM framework and tailors it for the management of
portfolios.
Similarly, programs and projects adopt their respective risk management
practices from the portfolio framework.
The governance board typically oversees ERM with significant and proactive
management engagement.
The portfolio, program, and project managers manage and monitor
communications with internal and external stakeholders, which is required to
instill the importance and values of risk management, expected culture and
behavior, and risk attitude.
30
Business Context of Risk Management in Por tfolio,
Program, and Project Management
ORGANIZATIONAL CONTEXT
By understanding the context in which the organization exists, portfolio, program, and
project managers can tailor the optimal approach to risk management for their endeavors.
Many factors can also impact the extent of risk management practices. Some of these
factors include:
o Capital Availability
o Competitive Landscape
31
Business Context of Risk Management in Por tfolio,
Program, and Project Management
32
Business Context of Risk Management in Por tfolio,
Program, and Project Management
Portfolio management serves as the bridge that connects strategic planning with business
execution. By focusing on selecting the right portfolio components (e.g., programs, projects,
and operational initiatives), portfolio management enables organizations to achieve alignment
with strategy and to invest their resources wisely and effectively.
Program and project management are then responsible for the implementation.
33
3.2
Scope of Accountability,
Responsibility,
and Authority
Scope of Accountability, Responsibility, and Authority
01. Accountability
is individual by nature and derived from a position held in the
organization. Accountability is related to authority in that one is
usually held accountable within one's limits of authority.
However, one still may be held accountable beyond one's The Accountability,
authority to act. Responsibility, and Authority
Management are shared by
02. Responsibility
stakeholders involved in
resides in an individual by the assignment of a function or task.
portfolio, program, and project
By accepting the assignment, an individual takes on the
associated responsibility. The fact that others higher in the
management.
organization may also be held responsible or accountable does
not diminish the responsibility held by the individual. The
assigning individual still is held accountable for the delegated
task, but responsibility is passed to the assigned individual.
03. Authority
like responsibility, may be delegated and gives an individual the
ability to make decisions within defined bounds.
35
Scope of Accountability, Responsibility, and Authority
36
Scope of Accountability, Responsibility, and Authority
The objective of risk management is to apply knowledge, skills, and good practices to
manage the area of focus within the risk threshold that is acceptable to the organization,
whether at the enterprise, portfolio, program, or project level.
The purpose is to minimize the impact of threats to protect the organization from loss and to
embrace opportunities that translate to value.
The management of risk across the continuum of portfolios, programs, and projects requires
collaboration throughout the enterprise, and the recognition that failure to allocate the
appropriate amount of resources could jeopardize the organization's strategic objectives.
Portfolio, program, and project management are responsible for supporting management
policies, defining roles and responsibilities, setting targets, and overseeing implementation.
The managers of the work are responsible for keeping senior management apprised of
ongoing risk exposure and corresponding actions.
37
Scope of Accountability, Responsibility, and Authority
In some cases, portfolios may exist for brief periods; however, portfolios often exist for as
long as the organization itself exists. As a result, portfolio managers may oversee activities
or authorize components that may take several years for the organization to realize the
value of the investment.
Portfolio risk management considers risks that could impact unrelated components and
operational activities within the portfolio.
As a result, portfolio managers address several challenges when managing risk because
portfolio-level risks encompass both external and internal factors by bridging organizational
strategy to implementation.
38
Scope of Accountability, Responsibility, and Authority
At the program level, the risks that are evaluated span the related components and, if
triggered, could have a positive or negative impact on one or more other components.
Working with the component managers, it is the responsibility of the program manager to
identify and manage these risks. Rather than manage these risks individually within the
component, program managers ensure that program risks are managed through coordination.
Within the program, risks can affect the delivery of specific components. The program
managers advise their component managers of any shared risks and response plans that
relate to individual components.
There may be economies of scale and scope in that the shared risks may be managed by
initiating one risk response at the program level.
39
Scope of Accountability, Responsibility, and Authority
Project managers are accountable for evaluating, reporting, and managing both individual
and overall project risks within the constraints of the project. They may escalate certain risks
to, or receive guidance from, the program manager, portfolio manager, project management
office, governance board, and other leadership entities, depending on the complexity of the
initiative and organizational inputs.
All project team members have the responsibility for managing risk, for example:
o The identification of risk during initiation,
o Clarification of the trigger events,
o Awareness of potential new risks that could affect the endeavor.
40
3.3
General Approaches
to
Risk Management
General Approaches to Risk Management
Probability
The chance of a risk occurring can range from slightly
above 0% to just below 100%.
Impact
Risks, should they occur, can have either a positive or
negative consequence for the organization.
42
3.4
Risk Management
Life Cycle
Risk Management Life Cycle
44
Question 1
• Members of a project team are not taking their risk management responsibilities
seriously.Uncertainty Complexity
They do not consider risk management as primary to the project's success
Program vs Project
and do not believe that the benefits are significant. What should the risk manager do?
A. Ensure that risk management responsibilities are clearly identified in the risk
management plan.
B. Schedule a meeting to review and develop realistic risk thresholds with the project
team.
C. Motivate and influence the project team with risk engagement activities like
workshops.
D. Ensure that the risk language used by all stakeholders is consistent with the risk
management plan.
46
Question 2
• A risk manager faces resistance as they try to implement the project's risk
Uncertainty
strategy.
Complexity
Some members of the project team believe that it is a waste of time
Program vs Project
and money. What should the risk manager do?
47
Question 3
A. Accept the fact that there is a risk associated with this new technology.
48
Question 4
E. A business unit agreed that top project risks with more than US$100
million impacts would be escalated.
49
Question 5
• Andrew is a risk manager facilitating risk planning activities with the team.
Uncertainty
The team is documenting all the checkpoints along the way that might
Complexity
Program vs Project
indicate delays on critical deliverables. What is this an example of?
A. Risk Triggers
B. Risk Responses
C. Risk Categories
D. Risk Registers
50
Thank you!