Enterprise Risk Management:
In many projects, risks are identified and analyzed in a random, brainstorming, fashion. This is often fatal to the success of the project, as unexpected risks arise, which have not been assessed or planned for and have to be dealt with on an emergency basis, rather than be prepared for and defended against in a planned, measured, manner. Very early in the preparation and planning stage, it is essential that potential risks are identified, categorized and evaluated. There are many factors that make risk management important.
Why Is Enterprise Risk Management (ERM) Important?
- Organizations start an endeavour to take a business opportunity. There is uncertainty about the organization will take the opportunity or not. So each endeavour has an associated risk. That is because ERM is important.
- Organizations need to increase their risk taking capability to cash on the opportunities that keep knocking at their doors. With robust ERM, organizations can identify and analyze risks and decide which risk is worth taking.
- Projects can only control risks and opportunities directly within their remit. Yet, the performance of a project is very much dependent upon the obstacles thrown up by the enterprise or organization and other external influences, which are outside the projects control.
- Enterprise Risk Management (ERM) is important because its success determines the health and life of the business enterprise. If an organization fails to identify risks to its existence, it will be ill prepared to face any risk events. As an example, business enterprises recognize that dependency on a sole source supplier is a high risk (if that supplier goes out of business your business will be impacted). Therefore, they identify that risk and address it by developing multiple sources so reducing that particular risk. In the same way that risk is managed in projects to increase its probability of success, risk must be managed in an enterprise to assure its success.
- ERM institutionalizes risk management procedures in the organization by standardizing the tools, methodology and people processes in monitoring individual project risks. This is important so that the impacts of individual project failures (in case failures do happen) are addressed appropriately.
Most sources of information about Enterprise Risk Management focus on the need to be proactive instead of reactive. The old saying “an ounce of prevention is worth a pound of cure” is right on target when it comes to planning for risk. To put ERM in its simplest form it means learning to expect the unexpected. It means that you, the project manager, must start your team thinking about risk situations, prevention ideas and “what if” scenarios at the start of project planning, not when an incident occurs.
Risks exist with all projects. Accordingly, you should always consider what might go wrong by identifying, qualifying and quantifying risks. The best way to do so is to work with your project team and a person or two from outside the project to brainstorm concerns about what possibly go wrong. When you have a list of potential risks, next determine risk value by multiply the total cost by the likelihood percentage, and you will get your factored risk value:
- Costs to each one of your risks
- The total cost impact if the risk occurred
- The cost to mitigate against the risk
- Probability of occurrence to each one of your risks. you can simply factor it out with a low percentage score)
The factored risk value should be added to your initial estimate. For risk items that are highly likely to occur, add those full costs to your initial estimate. There’s no point in lowering your estimate on the basis that you’re hoping for the best outcome. Here is an initial checklist of key potential risks that may relate to your project.
Requirement Risks
- Were key stakeholders not available or excluded during requirements definition?
- Is delivery of requirements being performed by an outside provider?
- Was the formal sign-off of requirements eliminated?
- Was the stakeholder analysis skipped?
- Have new requirements been identified since project kick-off?
- Can any of the new requirements affect scope?
- No WBS dictionary exists?
- Is there a high probability that the sponsor (or another significant stakeholder) could change?
Resources Risks
- Is it a key Resource?
- Is there the potential for a long-term absence?
- Do we not have suitable replacements?
- Is the resource assigned to the critical path tasks?
- Does the vendor have higher priority clients?
- Is Vendor known to deliver late?
- Is vendor located in a part of the world that is volatile?
- Are vendors resources unstable?
- Is management unaware of vacation schedules for all resources?
- Are there no replacements available?
- Will this affect schedule + deliverable’s?
- Will this affect quality?
- Is no backup equipment available?
- Can vendor replace equipment ASAP?
- Is there an alternate vendor?
- Are funds not available for repair/ replacement?
- Is replacement/implementation of new equipment not lengthy?
Budget Risks
- Is the budget based on expired estimates?
- Are resource contracts pending?
- Are resource costs volatile?
- Is scope nebulous?
- Have you failed previous audits?
- Have you neglected your internal audit system?
- Are your records out of date/incomplete?
- Have you failed to designate resources to compliance?
- Is there growing federal attention to your budget area?
- Is the budget based on expired estimates?
- Are resource contracts pending?
Schedule risks
- Is equipment overdue?
- Is installation behind schedule?
- Are there other higher priority projects?
- Does the customer have no fall back plan?
- Does vendor have higher priority clients?
- Is the vendor known to deliver late?
- Is vendor located in part of the world that is volatile
- Are vendors resources unstable?
- Do we have to order equipment from external vendor?
- Is material from sole source (or non-preferred) vendor?
- Is this new technology
- Is material delivered historically late?
- Is vendor backlogged now?
- Is project schedule estimates sound?
Include Risk Management in your everyday project thinking. Add Enterprise Risk Planning to your project meeting agendas. Work with your team and encourage them to think positively about risk. Most of us practice some form of risk management in our daily lives, so why not make it a part of your “project life cycle”.