This is the first of a series of articles on Project Risk Management.
In this series we will discuss various topics related to project risk management with an emphasis on organizational systems. Since this the first article in a series we dedicate it to major definitions or positions that are necessary to set the scenes.
Is a Risk Event a Threat or an Opportunity?
On the other hand, many current standards on project and risk management defines risks as threats or opportunities; with threats being the risks that have negative impact or consequence on objectives and opportunities are the risks that have positive impact.
In our series of articles, we use the latter definition, which view risks as threats or opportunities.
It is important to stress here that the impact or consequence is related to project objectives. If incidents or things that happen do not have an impact on objectives than the matter is not relevant to us. This is applicable for threats or opportunities.
Project or Organizational Risk Management
Organizational risk management (or enterprise risk management) is the bigger picture and deals with all types of organizational risks whether they are related to projects, general management, strategic management, or other business processes.
Since projects are performed by organizations, then we can state that project risk management is under the umbrella of organizational risk management.
Therefore, in this series of articles if we use the term “risk management” we would likely be referring to “organizational risk management” and we are focusing on projects we will use “project risk management“.
In mature organizations, the organizational system includes the methodology, processes, tools, techniques for the management of risks.
Organizational System or Framework
What do we mean by organizational system?
By system we do NOT mean computer or information systems (software); we mean the policies, processes, procedures and methodologies for an organizational aspect – such as risk, projects, marketing, etc.
Some might refer to organizational systems as “Framework”; for example: the risk management framework is term that refer to the organizational system for managing organizational risks. Therefore, we are likely to use these terms interchangeably.
In general, an organization need to have policies, framework, and processes for managing risks. Standards, like ISO 31000 takes this holistic view whereas standards like PMI (The Project Management Institute) focuses on the processes; assuming the organizational framework exists.
Each of the future articles will focus on one main topic that could be related to process, framework, gaps, or other related topics … but all related to project risk management.
We always welcome your input. Please share with us:
- Does your organization have risk management system?
- Do you assess risks on projects systematically or as needed basis?
- Do you consider risks to be threats only or they can also be opportunities?