The APM defines risk management as

a process that allows individual risk events and overall risk to be understood and managed proactively, optimising success by minimising threats and maximising opportunities”.  (Source APM BoK 7)

Following the uncertainty of 2020, the industry has seen a rise in the interest in effective risk management in organisations.  

This rise is echoed in our latest State of Project Management Report, which shows an increase of 4% in the number of organisations that engage in risk management. Additionally, the value of risk management has seen a sharp rise, placing it only second behind Stakeholder Engagement (which has also shot up the value chart, demonstrating the need for better engagement in our projects). 

Stakeholder Engagement - The State of Project Management 2021

New Rules for Risk Management

Axelos Management of Risk guidance provides seven principles that underpin an effective process, and we can utilise those to take a pragmatic view of our own risk management to modernise how we identify, assess, respond, and measure risk.

1 Risk Management aligns continually with organisational objectives

Considering the current environment for projects and organisations, it is important to understand the current aspirations. Are we less risk-averse because of the level of risk our organisations have been forced to deal with, or has the last year opened the doors to a ‘what’s the worst that could happen’ attitude? Has the organisation fundamentally changed its operating model, or has it battened down the hatches until the uncertainty blows over? Our risk approach needs to flex to the current reality of the organisation, its objectives, and its strategic view of the future.

Rule: Review the current appetite for risk management and identify the areas where you need to expand or contract touchpoints.

2 Risk Management is designed to fit the context

The amount of risk management delivery teams are expected to do may have grown from uncertainty or diminished due to the lack of consistency in the availability of key players over recent times. This is, therefore, a perfect time to review our approach to risk management and align it better to our level of maturity, risk capacity and appetite. Like with governance, consider if different types of change activities need a different approach to risk.

Rule 2: Create a scaled approach that allows more complex activities to benefit from enhanced risk management while others need less, creating a dynamic process.

3 Risk Management engages Stakeholders and deals with differing perceptions of risk

Because stakeholders play a wide range of roles, there may be disparate views of the need for and approach to risk management. The key here is to focus on consensus during risk identification. Ensuring it is thorough and that differences are understood and resolved ensures that money and time are not wasted on unnecessary or over-engineered responses to risks.

Rule 3: Develop a community of practice that educates and supports those taking part in risk activities so that they have available tools and techniques to gain consensus and obtain one view during the assessment.

4 Risk Management provides clear and coherent guidance to Stakeholders

Part of creating a coherent language around risk management is ensuring that the risk management approach is logical, consistent, and orderly. This requires information and education to be available to delivery team members (as well as others) so that there is a joint understanding of what risk is and how it is responded to and managed across the organisation.

Rule 4: Develop your PMO or PPM information systems to contain clear user guidance, are easily accessible, and are supported by learning events.

5 Risk Management is linked to and informs decision-making across the organisation

Risk management must help decision-makers understand the relative merits, threats, and opportunities. This means that the information collected and collated should be consistent and supportive of the governance arrangements of the change initiatives. The main mechanism to achieve this is to understand the risk tolerance thresholds and apply them to the risk assessment process, as when exceeded, they will trigger an escalation.

Rule 5: Develop risk tolerance thresholds with the senior team so that they understand their role in decision-making for risk events and set their expectations appropriately.

6 Risk Management uses historical data and facilitates learning and continual improvement

Actual data is key to risk management because it supports the inception of new initiatives and because historical records allow us to analyse and judge whether something can be improved. If it can be improved, lessons can be learned, planning and estimating can be improved (both of which continue to be challenges for organisations), and delivery teams can feel, see, and communicate positive outcomes.

Rule 6: Create a mechanism to feed risk information into the improvement loops of the project organisation, enabling clear change that benefits delivery in the long term.

7 Risk Management creates a culture that recognises uncertainty and supports considered risk-taking

Axelos say that zero risks are neither possible nor desirable. An acceptable level of risk is needed by organisations to understand their wins and losses, so creating a culture that transcends ‘tick-box compliance to risk management enables an open exchange, balance, and transparent control of risks, ensuring that it can attain the full value of the investment in the process.

Rule 7: Make risk management part of the day job. Every project board meeting allows new risks to be discussed so that team members don’t feel self-conscious when bringing up potential situations.

The PMO Perspective

Over the last year, we have seen organisations take time to understand what they can do better utilising the medium of maturity assessments. One of the consistent outputs of these reviews has been the need to improve risk management.

The PMO is pivotal in designing and disseminating risk management in organisations. It provides not just the framework but also demonstrates the attitude to risk that ensures it is taken seriously by the Senior Stakeholders. Why? As a function that enables success, it is often overlooked when reviews of value-adding business functions occur, meaning that many PMOs live daily with the uncertainty that their role will not remain in the organisation for the long haul.

For the PMO, bringing to life the seven rules for risk management for the modern world will enable them to be seen in this arena and provide a measurable way to demonstrate that they add value and can support the mechanism to preserve Shareholder confidence in their organisations.

Since the identification of the need for this key process to be better established, Wellingtone has developed and piloted an Introduction to Risk Management course that provides the starting point for teams to bring the principles to life in a way that will support their organisations no matter what change is on the horizon.

Risk Management Training

Typically, it is a 1-day course designed to address the growing need for effective risk management in organisations. This course combines theory, practice, and customisation to provide a complete picture of how to benefit from best-practice practical risk management. This course is for project management professionals delivering, assuring or implementing risk management.

On This Page

Monthly Newsletter

By: Emma Arnaz-Pemberton

Emma Arnaz-Pemberton
Consulting Director FAPM, MCMI, MPMI, MIoD PMO-CC, MoR, MSP, PRINCE2

Published: 28 April 2021

Book onto an Event