Many organizations have adopted enterprise risk management (ERM) to make better decisions, achieve stronger operating results, and meet regulatory requirements. These same organizations may have program and project managers managing scores of projects. However, few organizations have yet to unite the enterprise and project risk management efforts.
Consequently, efforts are disjointed, projects need more strategic alignment with the organizational objectives, and resources need to be adequately utilized. Unfortunately, these organizations are not realizing their full potential.
What is Enterprise Risk Management?
The Risk Management Society (RIMS) defines ERM as “a strategic business discipline that supports the achievement of an organization’s objectives by addressing the full spectrum of its risks and managing the combined impact of those risks as an interrelated risk portfolio.” Why is ERM important?
If you were planning to buy a house, you would have a home inspection completed. The inspector would not only look at each room in the house, they would climb on the roof, crawl under the house, walk through the attic, and analyze the electrical, heating and air, and other systems. You would receive an inspection report listing all of the issues and risks.
An organization’s risk champion (e.g., the Chief Risk Officer) ensures that risks are identified and evaluated at different organizational levels. The risk information is captured in an enterprise risk register and analyzed qualitatively and quantitatively, resulting in a risk profile. This process fosters collaboration, as risk owners are assigned to the most significant risks to develop and execute risk response plans as needed, making them feel more connected and part of a team.
This proactive approach allows an organization to see the full spectrum of risks and make better decisions. Rather than reacting knee-jerk to the latest problem, senior leaders are better positioned to prioritize their efforts and responses, making them feel more prepared and less reactive.
What is Project Risk Management?
The Project Management Institute (PMI) defines project management as “the application of knowledge, skills, tools, and techniques to project activities to meet the project requirements.”
Project risk management includes the processes of identifying, evaluating, developing response plans, implementing responses, and monitoring project risks. The essence of good project risk management is making better choices to achieve the project objectives.
While ERM Champions and Committees seek to identify and manage significant enterprise risks, project managers seek to identify and manage significant project risks. What are the things that may help or hinder the team’s ability to achieve the project objectives?
Project managers capture the risk information in a project risk register and periodically perform risk reviews to reassess current risks and identify new risks.
Project Risk Management Processes
Process | Description |
Plan Risk Management | Defining the approach to identifying, evaluating, developing response plans, implementing responses, and monitoring risks. |
Identify Risks | Identifying individual project risks and overall project risks. |
Perform Qualitative Risk Analysis | Prioritizing risks by assessing the probability and impact of individual risks. |
Perform Quantitative Risk Analysis | Numeric analysis of individual and overall project risks. |
Plan Risk Responses | The selection of risk strategies (e.g., mitigate, transfer) and plans to respond to individual and overall project risks. |
Implement Risk Responses | The actual responses to the risks. |
Monitor Risks | Continual monitoring of risks through risk reviews; evaluating the effectiveness of the risk management processes. |
How to Unite Enterprise and Project Risk Management
Strategic risk management, a critical component of ERM, is the process of identifying, evaluating, and managing risks that are most vital to achieving an organization’s strategies and goals. It starts with defining the organization’s vision, mission, and values.
Next, we define goals. Imagine an insurance company with this goal: “Increase profit by 5% by 12/31/XX.”
We can improve profits by increasing revenue. Therefore, we may plan to increase our insurance rates and provide our agents with incentives. The company may undertake a project to increase its auto insurance rates and another project to implement a profitability bonus program for the agents.
Another way to improve profits is by decreasing losses. We can reduce our losses by increasing the policy deductibles and managing the concentration of risks.
It's important to note that risk management is not a one-time task. It's an ongoing process that requires continuous monitoring and adjustment. Once again, we leverage project management to implement the homeowner deductibles and a process for managing the property exposure/concentration.
Monitoring Your Project Success Rate
In many organizations, the project success rate (e.g., coming in on budget, on schedule, and meeting the requirements) is one out of three. Organizations must improve their project success rate to better manage their enterprise risks. Amazingly, many companies need to measure their success rate but do not know whether they are progressing.
Next Steps for You and Your Organization
What strategic projects are you undertaking? Strategic opportunities. Customer requests. Technology advances. Meeting regulatory requirements. Market demands.
High-performing organizations have learned to respond to enterprise risks through projects. They have improved their project success rate by identifying and managing their project risks. These organizations measure and monitor their project success rate and look for ways to gain a competitive advantage through better project management.
You may be thinking, "This all sounds great, but I’m not in a position within my organization to do anything about these matters." However, your role is crucial in managing project risks. Consider sharing this article with executive leaders, risk champions, and individuals who direct or manage project management offices (PMOs). Your contribution is essential for the success of your organization.