How can we help?

Popular topics: CSC Quick Find Portal Building a Personal CIF Record

PMO Project Risk Management Procedure

Project Management Office (PMO)

Capital City Bank Group (CCBG)

Overview

The purpose of this procedure is to define the process for managing the risks during CCBG Projects, managed by the PMO.

Risks are potentialities, and in a project management context, if they become realities, they then become classified as “issues” that must be addressed with a risk response plan. Risk management is the process of identifying, categorizing, prioritizing, and planning for risks before they become issues.

A structured risk management framework leads to:

  • The overall impact on the project objectives, like scope, time, cost, and quality
  • Loss of identification of secondary or new risks arising from the already identified risks

 

Setting up an effective risk management framework ensures:

  • Conscious and focused risk identification and management
  • Project progress as desired, with the least amount of deviations or surprise, and in line with project and organizational objectives
  • Early and effective communication of project issues to organization and project stakeholders
  • An effective team building tool, as team buy-in and acceptance is assured
 
 

Scope

Timely risk management helps projects succeed by identifying and mitigating potential risks before they become actual issues. A CCBG project manager is responsible for identifying and assessing risks all throughout their projects.

Risks can be internal (within the control of the project team) or external (outside of the project team's control). 

 

Some risks and examples include:

  • Financial risks 
    • Costs, inaccurate budget forecasts, increases in labor and materials, low sales, and challenges in securing funding
  • Strategic risks 
    • Result from errors in strategy, such as basing efforts on a company culture that needs updating, experiencing high employee turnover, or investing in technology that is difficult or expensive to use
  • Performance risks 
    • Result from team members' missed deadlines, delays, undefined goals, and KPIs and scope creep (when initial goals expand or shift away from a project’s original intentions).
  • External risks 
    • Occur outside of the control of the project team, such as changing laws and regulations, market volatility, inclement weather, vendors' missed deadlines, and supply chain issues
  • Positive risks (opportunities) 
    • Unexpected but have a positive effect on the project, such as finishing tasks earlier than expected or under budget, outperforming original goals, becoming more efficient with a new tool, or benefitting from a policy change
 
 

Responsibilities

Role

Description and Responsibilities

PMO

Review this procedure periodically for continued suitability for CCBG and recommend any revisions.

 

Define process to approve any exceptions to this procedure.

Project Manager

Owner of the Risk(s) throughout the project lifecycle.

 

Document and monitor the risks across the project life cycle.

 

Communicate and manage the risks with the project team

 

Escalate the risks and issues if/when needed

Project Sponsor

Work with Project Manager to mitigate the high risks

 

Act as Risk Management solution partner to PM

Project Team

Report any Risk(s) they define to Project Manager

 

Work as a team to implement the mitigation plans

 
 

Process Flow

 
 

Procedure Steps

CCBG PMO embraces a simple and streamlined risk management process to predict the uncertainties in the projects and minimize the occurrence or impact of these uncertainties. This improves the chance of successful project completion and reduces the consequences of those risks.

There are 6 essential steps of the Risk Management Process:

  1. Identify the risks
  2. Assign ownership 
  3. Analyze
  4. Prioritize
  5. Respond
  6. Monitor

 

Project Managers are responsible for managing the project risks throughout the project. PMO does not regulate the PM’s choice of medium for recording risks. PM can choose to manage and monitor the project risks in PPM Pro Project Log, or use PMO RAID template or any other tool. In general terms, this is called a risk register. The risk register is a chart that contains all the risks associated with a project, as well as their priority levels, mitigation plans, and other important details. A risk register might also be called a risk matrix.

Identify the Risks

Risks are to be identified and dealt with as early as possible in the project. Risk identification is done throughout the project life cycle, with special emphasis during the key milestones.

Risk identification is one of the key topics in the regular project status and reporting meetings. Some risks may be readily apparent to the project team—known risks; others will be more difficult to uncover.

Think about what can go wrong in the project and list all the ways a potential project risk can grow and even check past projects' data. It is important to keep all of the collected data in a risk register, so you can reflect on the past and improve future projects.

Analyze 

Risk analysis involves examining how project outcomes and objectives might change due to the impact of the risk event. This includes analyzing the likelihood, severity, and response plan for each risk you have found. While determining project risks' severity it is important to consider how the risk will affect the project's goals, can it cause a delay in its completion, undermine the budget or other resources. For that reason, the best option is to include the opinions of a project team or key stakeholders in this step. The response plan you come up with for each risk is what the project team will use when the risk arises to quickly address it.

Prioritize

This step includes prioritizing project risks according to urgency and the severity of the impact they could cause. By categorizing your list of risks as high, medium and low you can know which ones deserve to be more thoroughly investigated and which ones are not that serious. With a clear perspective like this, you can begin to plan for how and when these risks will be addressed. Some of them require immediate action because they can derail the entire project, while other risks, not unimportant, but not threatening the successful completion of the project.

Assign Ownership

This step includes assigning each identified risk to a team member who will be charged with overseeing that threat or opportunity. Then that person is responsible for overseeing risk as well as leading the work towards its resolution. Every risk should have a person responsible for it. That way, every potential threat to the project's success is covered.

Respond

For each identified risk, there should be a response plan in accordance with the risk management approach, either by taking steps to prevent the risk event from occurring or to minimize the impact if it does occur. 

There are four common ways to mitigate risks:

  • Avoid: Not all risks can be avoided, but it can be a good idea to do so when you can. Avoid a risk if there is a high chance that a risk will happen. For example, has a partner vendor gained a reputation for providing low-quality work? Try to find a different one. 
  • Accept: Accepting risks can make sense if they have a low chance of happening and will have low impact on your project. Ultimately if the risk does happen, it shouldn’t derail your project.
  • Reduce: Reducing risk means changing elements in your plan to minimize the risk’s probability of happening or potential impact on your project. Medium and high risks are good candidates to reduce. Reducing usually requires some effort or investment.
  • Transfer: Transferring risks entails shifting the risk to another party outside of your project. This can mean obtaining an insurance policy, or outsourcing parts of the work to a third party. The risk might still occur, but the direct impact on your project will be absorbed by somebody outside of your project. 

Once the strategy (preventative or contingency plan) is developed, the next step is to manage risk according to its priority. The project manager communicates with the risk owner and together they decide which action plan to use to resolve the problem.

Monitor and Report

This step includes tracking the progress of the initiative chosen for risk resolution. Whoever is in charge of the risk will also be responsible to monitor and report its progress towards resolution. Project managers have to stay updated and have an accurate picture of the project’s overall progress. This enables them to identify and monitor new risks. 

High level project risks also reported/documented in weekly PMO project status reports.

 
 

 

Was this article helpful?