Managing Risk is a very important task for the project manager and PMO. Unfortunately, in many cases, effort is spent at the beginning of the project to identify and document the potential. Then the Risks are filed and never reviewed. Whereas what the project manager and PMO should be doing is constantly reviewing the Risks (both existing and identifying new ones). Doing this gives the best chance of stopping Risks becoming Issues and impacting the delivery of the project.
As managing Risks is so important and provides significant benefit, it is crucial to get the Risk Management routine up and running as quickly as possible. As with most behaviours, the more you practice, the more likely they become “second nature”.
PMO Risk Review Routine
Firstly, it is worth taking a moment to understand what is meant by routine. A routine is the frequent and repeated review of risks. The important words in this statement is “frequent” and “repeated”. For the process to give the highest probability that the impact of risks are minimized, a process needs to be put into place so that all risks are reviewed on a frequent basis and that this review is repeated throughout the duration of the project.
Project Routine
It is important that the routine is documented and understood by all project teams, PMO and other stakeholders. For example, the framework may dictate that all risks must be reviewed and updated by the project teams by close of business each Friday. This means that project teams are expected to review existing risks, identify new risks and update in the designated tool by the close of business each Friday. This includes flagging any risk to be escalated.
PMO Routine
The PMO will then take an extract of all of the risks above a pre-defined tolerance level each Monday. The reason for setting a tolerance is that the PMO should not be reviewing the risks that are set at a level to be managed within the project. The only exception may be for any risks that are rated as high probability, high impact.
The PMO will review the risks and, where necessary, discus with the project manager. This will ensure the risk is understood and for the appropriate action to be taken. It will also allow for the risks highlighted for escalation to be checked to ensure that they do indeed need to be escalated.
Escalation Routine
There will be instances where risks need to be escalated using the established governance. This normally is in the form of escalation to the steering committee or management meeting. It is important that it is understood when in the regular cycle, the cut-off point is for being presented into these forums.
Before, including risks in these forums, it is advisable to review with the programme director and / or sponsor. It may also be necessary to discus with the accountable representative who will be present at the meeting so that they do not feel they have been exposed.
It is very important that any risks to be escalated are reviewed to ensure that they clearly articulate the risk, action taken and what is being asked of the committee. For risks that have already been presented, there must be an update on status / action taken. If not senior management will become concerned that risk is not being managed.
Summary
- A “frequent”, “repeated” risk review framework must be implemented and followed
- Project teams review and escalate risks
- PMO reviews risks, discusses with project manager and agree actions / escalations
- PMO prepare risks to be escalated including programme manager / sponsor
- PMO ensures that risks are clearly articulated and updated
Implementing a robust PMO Risk Review Routine will help reduce the impact of risks on the delivery of projects.
