Programme & Project Risk Management

Programme risk management and project risk management are methods by which the total risk to the programme or project is identified, quantified and managed. Both form important parts of the wider Enterprise Risk Management (ERM) strategy that risk managers utilise to capture, analyse and manage the total risk to an organisation or business.

What is the difference between project risk management and programme risk management?

As their names suggest, programme risk management resides over and manages the total risk to a programme.

Where project level risk management is the process of managing the individual risk events of (individual) projects. Project level risk management is most often focused on individual risk events. Project level risk management is ultimately the responsibility of the project manager.

In contrast, a programme is not simply a large project. It consists of a number of inter-related projects that together are working towards a shared objective. The processes involved in programme and project risk management are similar but more complex due to the requirement for effective escalation. Programmes also tend to require more in-depth contingency plans for risks that cannot be managed proactively.

Programme risk management should handle the escalated individual risks identified in projects that may have the wider potential to impact the programme as a whole. Risks that have the potential to impact the strategy of the business are escalated to the strategic risk level. Risks should also be identified at the programme level itself (ie not just escalated from projects).

What do businesses and organisations need programme and project risk management processes for?

Programme and project risk management are essential, as most large complex programmes and projects fail to meet their planned objectives on time, either by failing to deliver what was promised, sliding timeframes or exceeding their budgets – or all three.

Potential risks within major change programmes are the most difficult of all to identify, and therefore to take action on, because often the sheer complexity of the programme can make it difficult to “see the wood for the trees”.

Most organisations simultaneously work on several programmes of change at any one time, and these programmes may fundamentally change the way a company or organisation conducts its business. The failure to meet deliverable deadlines and other risks that result in potential problems can have a severe adverse effect on the overall business’s objectives, profitability and reputation.

So it is important to have a programme wide risk management plan in place for proper risk identification, risk analysis and risk prioritisation. Ultimately a programme “risk register” will need to be compiled so that the necessary risk mitigation and risk response steps can be coordinated.

Project management, project managers and risk assessment

According to the Project Management Body of Knowledge (PMBOK), risk management is one of the ten knowledge areas that a project manager must be competent.

It can be difficult for project managers to utilise project risk management correctly. Project, and particularly programme risk management is more complex than, say, operational risk management as it is by definition, the management of change-risks rather than steady-state risks.

Many project managers use project risk management tools to help them achieve their objectives and communicate with team members effectively. However, an excellent risk tool without an effective risk management process is doomed to failure.

Our programme and project risk management processes and techniques

The ABCD risk management process can be used for all projects and programmes; i.e. ABCD is fully scaleable, in that it handles all the hierarchies and escalations that traditional methods normally fail to address and therefore ensures that management can “see the wood for the trees”.

The ABCD Strategic Target Analysis technique can be used to assess the percentage confidence of achieving key programme milestones and showing the specific assumptions that need to be managed in order to recover timescales back to their original plan.

The Assure web-based toolset is the most effective way of embedding the ERM process into the business. Assure is the only toolset commercially available that has built-in prioritisation and escalation rules that ensure true enterprise risk management (ERM).

risky assumption

Why the De-RISK ABCD risk management process works

Projects are often impacted by common risks that were foreseen in the minds of key individuals, but were not communicated at the right time and therefore not managed by the project team. If a way can be found of unlocking the collective knowledge and viewpoints of all the key stakeholders around the project/programme, then a valuable insight into the true risks to the objectives would result. The ABCD risk management methodology provides both the insight and the means for effectively managing risk.

Our ABCD approach to programme and project risk management provides a simple, common, positive language for the communication of risk within a team or project hierarchy. This, in turn, facilitates a simple overview of complex risks for programme and project leaders/decision-makers – all within a rigorous and proven framework.

The implementation of ABCD also allows De-RISK to work with you to make the programme risk management process as flexible and adaptable as possible, ensuring significant and specific risks to the project or programme are identified and controlled at the correct time.

Finally, our non-intrusive and non-bureaucratic approach improves management discipline across the organisation and has a track record of being readily accepted by risk owners and embraced by project teams.

Would you like to know more about risk management?

Find out how our SDA methodology has supported a transformation programme for a Global IT company.