What is Risk Governance?

Risk governance work is extended throughout the project Risk governance and involves the oversight of the entire risk management process, ensuring that risk management activities are consistent and that they are continually improved throughout the organization. Governance is a matter of not starting from scratch on every project, but rather of benefiting from the successes and failures of projects that have gone before yours.

Roles and Responsibilities for Risk Governance

Responsibility for risk Governance may lie with the project manager, the Project Management Office (PMO), the risk management department, or the management of the company.

The project manager shall understand and be trained in risk management and manage the risk management process of the project. It will include deciding how risk management should be handled for the project and whether this initiative will follow all organizational risk management policies and procedures.

The program manager (if one exists) in the company will be interested in managing the risk management role of all projects in the program. It means ensuring that all parties are trained in risk management as well as project management, managing risk management activities within the program, and ensuring that the risk management strategy is relevant to the size and importance of the projects.

The PMO can develop certain risk management policies and procedures and act as a governance body overseeing all projects, including how projects handle risks.

Because risk management is such an essential concern, the management of the organization will also be involved in the project, helping to define risks, and making decisions about the amount of appropriate risk in the project.

Standards, Policies, Procedures, and Practices

Some of the standards, policies, and procedures that might be set up for all projects include:

• Organizational risk tolerances and thresholds
• Methods to use to identify risks
• Definitions of impact scores to be used in the process of performing qualitative risk analysis
• Standard probability and impact matrix

Policies and procedures may also include issues such as how partners should be involved in risk management activities, who should be trained in risk management ( e.g., both project managers and risk owners), how much project risks should be checked, and any other risk-related policies deemed valuable.

Such organizational standards and policies are revised using lessons learned from the implementation of these standards and policies to other initiatives. It is important knowledge to learn at the outset of the Project Risk Management process for the project manager because it can affect how he or she handles each project within the organization.

Risk governance includes not only developing these risk management policies but also ensuring that projects are prepared using appropriate risk policies and standards. And once the project is underway, risk governance means ensuring that the project is still implementing the policies. These strategies and best practices are intended to improve performance in risk management. When a risk control entity may not exist, it may be implemented by the project manager, PMO, or the organization’s management.

Lessons Learned Management

Another governance function is to ensure that lessons learned about risk management are preserved in all projects and then made available for use in other projects. Learned experiences underpin the process of quality improvement within an organization.

Imagine seeing all the risks similar initiatives have had inside the organization! Will this not help eradicate problems such as the same problem that happens over and over again within an organization? Organizations can develop much quicker and evolve, and have fewer growing pains. People should concentrate their skills and experience on expanding the limits of what is feasible when completing the project rather than struggling with the same issues faced by other projects.

lessons learned should include:
• What went right?
• What went wrong?
• What would be done differently if the project could be done again?

Learned lessons are developed by the project manager, and include team and stakeholders input. These are created during the project’s life and are completed at the end of the project. Learned lessons may be submitted to other project managers or departments who may benefit from them while they are being developed, rather than waiting until the project is finished.

Creation of Metrics

Metrics are performance standards that say how work performs against the plan until evaluated. Risk governance involves setting standards for the organization’s risk management activities.

Project managers should have a project success measurement baseline that combines specific scope , time, and cost requirements. This baseline is rarely measured on most projects, leaving the project manager unaware of the project ‘s real status between the output metrics. This is why metrics are worth-providing an additional measure of progress and warning about potential problems.

Project managers may be able to evaluate such metrics for their projects individually, but they typically end up basing certain metrics on their own values and attitudes. For example, a project manager may think nine unidentified risks are reasonable, or it’s appropriate to have the team constantly arguing.

Governance’s role in risk management is to identify appropriate metrics of performance in risk management that will be used on projects.

Examples of risk-related metrics include:
• Risk management practices will take up 1/8 of the planning time for a project.
• Projects occurring with more than five major unidentified risks must be replanned.

Therefore these metrics will become the baseline for performance in risk management on projects around the organization. So instead of only hoping things are going well, or trying to deal with major issues when evaluation time comes around, project managers will assess project success using defined standard metrics and know how things are progressing against the schedule. Rather than having to guess which metrics have meaning on the project, they can use those provided by risk governance.

There is another advantage that standard metrics do exist. Metrics allow comparing one project’s success (and I would say one project manager) against another. Projects are incredibly important to companies and the day will come when the success of a project manager can be evaluated quantitatively against another. The best project managers would then be given bonuses for excellent project management.

See Also

Project Risk Management