Project Risk Management and Assurance

Why do so many organisations embark on high-risk projects without demanding robust project assurance?

Projects fail for many reasons. Recent global studies indicate that inadequate risk management is a common cause.

Successful project managers aim to resolve high levels of exposure before they occur, via systematic risk management processes.

Many projects are inherently exposed to myriad risks and are often significant in scale, complexity and ambition. Delivering large-scale projects can often be adversely impacted by a bias towards being over-optimistic.

Imperfect, insufficient or inadequate data increases exposure that often results in over-estimating benefits and under-estimating costs.

Managing macro and micro-level events related to achieving project deliverables, whilst balancing the needs of many stakeholders, has become increasingly important.

Assessing risks at both portfolio and work-stream levels helps increase confidence that risks are understood.

Projects are often prioritised relevant to their levels of perceived exposure and one has its own risk profile.

Project Risk Management

Project risk management focuses on identifying, analysing and responding to project events.

It should be designed to systematically identify and manage levels of uncertainty and potential threats to delivering project objectives successfully.

Risk management processes should be iterative throughout a project’s life-cycle and embedded in project management planning and activities. Smaller projects often require minor work and periodic monitoring.

Complex projects need formalised processes to analyse, manage and report risks.

Good reporting relies on clear descriptions of all exposure, their impact on the projects, and potential costs for mitigation and inaction.

This helps ensure project personnel understand the potential impact risks may have on projects’ success and have prepared strategies to minimise negative consequences.

Problems occur when there is limited visibility of risks at project and portfolio levels or approaches to risk-management are ad-hoc and inconsistent.

Further problems can arise when risks are identified but recorded at a very high level accompanied by highly subjective risk ratings, rather than being the result of more substantive risk assessment.

When these problems arise, an organisation would benefit from clearer, more formal and wide-spread processes for capturing and monitoring risks.

Project and Portfolio Risk Assessments

Project and portfolio risk assessments should be undertaken to understand their risk profiles and associated threats in achieving business objectives.

Assessments should identify the action plans to address the risks identified and allocate executive responsibility to manage them. Additional risk assessments should be carried out on selected projects (perhaps by prioritising them by value or complexity).

Risk management processes should be on-going and monitored throughout a project’s life-cycle.

Regular risk reports would provide Project Sponsors, Senior Responsible Officers and Steering Groups with better visibility of projects’ risk profiles.

Whether you’re responsible for overseeing or managing a project, robust project assurance will help you address the risks that threaten its success.

Mark Gwilliam FCCA CA is the founder and Director of Business Advisory Services.

From humble beginnings, the firm has grown from strength to strength.

It has matured from a small accounting and tax services practice to one that helps small business owners, entrepreneurs and executives navigate complex challenges; including strategy, risk management and internal audit, managing shared-service centres and operations.