When we speak of project risks, we usually mean the risks that threaten an individual project or its objectives. However, if you look at the project landscape of a company, this is only one category of project risks. But project risk management does not only take place in projects themselves, but also at project portfolio level and at the level of corporate management. Many participants in the project environment do not think about this. In this article, you will learn which risks are relevant at each level and who is responsible for them.
Three Categories of Project Risk at Three Levels
When talking about project risk management in the company, risks can be divided into the following three risk categories:
- Project selection risks at management level
- Project risks at project portfolio level
- Project risks at project level
Every company is confronted with these risk categories during the life cycle of a project and has to consider how to handle these risks. In the next sections you will learn what these categories of risks are.
Project Selection Risks
With every project idea that comes into the prioritization process of the project portfolio, or with every project acquisition with external clients, the company management inevitably has to ask itself the question: Should we do the project or is it better not to do it? To answer this strategic question, management must ask itself the following important questions, for example:
- Is the project in line with the corporate strategy?
- Is the project economical? Is the Net Present Value (NPV) positive?
- Do we have sufficient resources for the project?
- Are the risks of the project acceptable and what opportunities does the project offer the company?
In the case of a mandatory project, which must be done for legal reasons, for example, the above-mentioned questions are of course not so important. Otherwise, however, it is very important to record the answers to these important questions in writing and incorporate them into the prioritization process of the project portfolio.
The project selection often lies in the competence of the company management, which is supported in this work by the project portfolio management, or possibly also by experienced project managers.
For a rough initial assessment of the risk situation, pre-defined risk checklists tailored to the respective company are a great help. This is particularly useful for projects acquired from external clients.
Project selection risks: Should we do the project or is it better not to do it?
Project Portfolio Risks
Risk management at the project portfolio level refers to the entirety of an organization’s projects. It is therefore different from risk management of individual projects, where each project only manages its own risks. In the case of project portfolio risks, the focus is on:
- The major risks of the individual projects
- Risks due to interdependence of projects
- Resource risks
- Risks due to unbalanced focus in the portfolio
The project portfolio manager must keep such risks in mind when monitoring the portfolio, but also during the project selection and prioritization process of the portfolio. He is responsible for implementing risk management in the project portfolio.
Project Risks
Risk management for individual projects focuses on the risks that threaten the project objectives. The project managers are responsible for the implementation of risk management in the individual projects. The PMBOK® differentiates between the following project risks:
- Individual Project Risks: Risks that have a positive or negative effect on one or more project goals when they occur.
- Overall Project Risks: Risks that have a positive or negative effect on the entire project. Such risks can also arise, for example, from individual risks that suddenly threaten the entire project, rather than just one project objective. However, there are often also risks from outside the project, e.g. stakeholder risks, environmental risks or reputation risks.
You can read a lot about risk management for projects in my blog.
The Project Portfolio Management as Interface in Risk Management
The company’s project portfolio management or PMO plays a central role when it comes to risks in projects. Not that they are responsible for the risks in projects and manage them—this is what the project team does. In terms of project risks, however, it is the interface to the projects and company management, but also to the risk management department. The risk management department often also has a function here, especially when it comes to the “big risks” of the projects that have a significant impact on the company’s success.
Managing the Overall Project Risk
Throughout the project, new risks will emerge and existing risks will change. It is therefore important that not only the individual project risks but also the overall project risks and their actions are monitored and controlled throughout the entire project duration.
In order to effectively manage the risk of a project, the project team needs to know what level of risk the project is exposed to and whether this level is still acceptable for the project. This is defined by measurable risk thresholds that reflect the risk appetite of the organization and the project stakeholders. Risk thresholds express the degree of acceptable deviation from the project goal. They are explicitly defined and communicated to the project team and are reflected in the risk level of the project.
More about Risk Appetite and Attitude
What is the difference between risk appetite, risk tolerance, risk threshold? (Article coming soon)
Here You Can Find Even More Knowledge
Would you like to learn more about how to make your projects even more successful with systematic risk management? My book “Project Risk Management” will take you an important step forward!
Do you know somebody who might be interested in this article? Then simply forward it or share it. Thank you!