Program Risk Management - Managing Risk before it Manages You

By Rob Llewellyn \\ August 2009

Face it - risks are part of the development process. While project conditions change and expectations shift, program risk management can help you jump on opportunities and minimize downsides.

If you have approached your project or program well, you will have developed a Risk Plan/Strategy document. Risk needs to be proactively managed, as opposed to allowing it to manage you and the environment around you.

Many people are afraid of risk management and some Project and Program Managers are often reluctant to publicize risk to executive management. The reality is that things change, assumptions become false, expectations are not met and suddenly you can find yourself facing a very different looking environment. For a risk plan to really help (and play its role) it needs to be accompanied by a 'proactive' approach by applying Risk Avoidance, Transference, Mitigation and Acceptance.

Most well run organizations will have risk managed at four distinct levels which are:

Corporate or Strategic Level;
Program Level;
Project Level;
Operational Level.

To do this effectively, a framework for program risk management needs to be designed and implemented to address the following list of 9 hows:

how risks are identified;
how information about their probability and potential impact is addressed;
how risks are quantified;
how options to deal with them are identified;
how decisions on risk management are made;
how all these decisions are implemented;
how actions are evaluated for their effectiveness;
how appropriate communication mechanisms are set up and supported;
how stakeholders are engaged on an ongoing basis

But this is just the beginning because it's all very well having a thorough framework documented and sitting pretty on the shelf with a tick in the box, but risk management needs to instilled within the people of the organization. A healthy culture of risk management needs to exist and for this to happen, everyone involved needs help in appreciating and understanding risk within the organization.

This often requires sponsorship from the top down and if leaders at the corporate level understand this too, they will take the time to ensure that risk is taken seriously and subsequently managed well. Setting up a good risk culture is a real challenge and the UK OGC suggests that it involves at least the following:

strategic planning;
legal requirements;
agreements and contracts;
communication techniques and information management;
staff matters, including how staff can be motivated and involved;
education opportunities and continual professional development;
continuous improvement and/or analytical techniques;
how the organization is monitored and evaluated;
resource management, including equal opportunities and delegation.

Email:
Password:
Confirm:
First Name:
Last Name:
Company:
Job Title:
Website:
Please enter the text you see below: