Escolar Documentos
Profissional Documentos
Cultura Documentos
whitepaper
Portfolio Risk Management: aligning projects with business objectives to deliver value
by Val Jonas CEO Risk Decisions Group and Susheel Chumber Professional Services Manager, Risk Decisions Ltd
www.riskdecisions.com
management solutions
whitepaper
Portfolio Risk Management: aligning projects with business objectives to deliver value
Abstract
Organisations are taking up the challenge to improve risk management at all levels from project and operations to Enterprise Risk Management. The focus is to ensure that business objectives are met. However, there tends to be a gap in the hierarchical structure of organisations where a strategic approach to risk management is required the portfolio level. This paper places the portfolio perspective in context, providing some practical insights into how portfolio risk management can deliver significant financial and non-financial benefits. By embedding portfolio risk management into your risk framework, its complementary approach supports risk management maturity across the organisation. In todays climate of increasing pressure, organisations must focus on managing risks to meeting objectives. Portfolio risk management can provide a quick return; so start now theres no time to waste. change over time. Projects are approved with defined scope and cost / time / performance targets; but the environment within which they are executed is constantly evolving. For example:
External political, environmental and market conditions alter Sponsors come and go with regular management reorganisations Customer expectations change over time
There are also internal challenges:
Projects compete for resources and management attention Projects are often interdependent, having impact on each other
These challenges are both external and internal to a projects context, and are all sources of risk to the projects ability to deliver value. So no matter how good your organisation is at keeping projects on track, they may often be overtaken by events beyond their control.
The challenge
At any one time, a large organisation may have a significant number of ongoing projects, of varying types, stages and sizes, with different stakeholders, customers, suppliers and deliverables. One thing is certain these projects will have a significant amount of budget and resources assigned to them; what is uncertain is exactly what benefits they will deliver. Therefore, organisations align their projects with business objectives, in order to ensure they will deliver value. Then, after the business case has been signed off, focus switches to successful project delivery. However, what is often forgotten is the importance of maintaining the alignment of projects with business objectives, which frequently
Figure 1. Environmental risks impact on projects ability to deliver against business objectives
www.riskdecisions.com
whitepaper
External Context
Busines Objectives
Shareholder, Stakeholder Value
Governance
(Risk, Controls Compliance)
even if they do this, the follow-on decision-making process is often slow, contributing to continued inefficiencies. Responsibility for identifying such issues is often left up to programme and other middle managers; however, they rarely have sufficient oversight of the business or independent objectivity to provide a balanced view. So, there needs to be some infrastructure in the organisation with responsibility for monitoring and managing risk to business objectives in a proactive and robust way.
Project and programme managers are focused on the balance of time, cost and performance; juggling resources, managing scope and budgets, identifying opportunities, controlling change, as well as handling the interface with the customer and other projects. Their role is to meet the hard targets set as their deliverables.
Cost
(Budgets)
Time
(Schedule)
Performance
(Quality, Scope)
Deliverables
A major role of the portfolio manager is to assess and approve business cases. However the responsibility does not stop there it extends throughout the life of the project. If, at any time, some uncertainty, influence or event threatens the validity of the original business case, then a review should be triggered. If the business case can no longer demonstrate business benefits (independently or relative to other business opportunities) then an appraisal of the options, with recommendations for action, must be reported to senior management for decisions to be made. Focussing on individual business cases would result in a view of projects and programmes that is too narrow. So the portfolio level is responsible for optimisation across a set of projects, with focus placed on balancing risk and reward, in line with business risk appetite. Organisations should see risk taking as a good thing, as long as it is properly understood and managed. This measured approach is the ongoing focus of portfolio risk management. A major role of the portfolio risk manager is to provide two-way communication of key risk information, and hence assurance that delivery of business benefits is secure.
Unfortunately, there tends to be a major disconnect between project/programme and senior management perspectives, which needs to be bridged for the organisation to perform effectively.
Business Case
(decision making)
Optimisation
(maximise ROI)
Balance
(risk and reward)
Benefits
www.riskdecisions.com
whitepaper
A periodic review may show that a project is no longer able to deliver the required benefits and drastic action might be recommended, even though the project is currently performing very well against its original targets. The result will not necessarily be project closure; it may just need to be adjusted to address the risk or match new business needs.
Figure 6. Bridging the gap between top-down and bottom-up Risk management
Different parts of the enterprise may use different risk guidance, for example PMBoK (PMI) or PRAM (APM) for projects, M_o_R (OGC) or ISO3100 for wider strategic or business risk. From a portfolio perspective, it doesnt matter that there are different dialects of risk management across the organisation, as they essentially follow the same basic process as can be seen below.
www.riskdecisions.com
whitepaper
Managed
Repeatable
Initial
Ad Hoc
Monotor review
Culture
www.riskdecisions.com
whitepaper
References
Association for Project Management (2004) Project Risk Analysis & Management Guide, 2nd Edition, Association for Project Management, High Wycombe, Bucks, UK; ISBN 1-903494-03-5 Association for Project Management (2002) Earned Value Management: APM Guideline for the UK, Association for Project Management, High Wycombe, Bucks, UK; ISBN 1-903494-03-6. Project Management Institute (2004) A Guide to the Project Management Body of Knowledge (PMBoK), 3rd edition, Project Management Institute, Philadelphia, US; ISBN 1-930699-45-X Association of Project Management (2008) Interfacing Risks and Earned Value Management, Association for Project Management, High Wycombe, Bucks, UK; ISBN 10: 1-903494-24-9; ISBN 13; 978-1903494-24-0
Now
Progress
Benefits
Risk?
www.riskdecisions.com
whitepaper
Appendix 2: Glossary
Where source is in brackets, minor amendments have been incorporated to the original definition.
Term
Budget Change Control (Management) Control Account (CA) Definition The resource estimate (in /$s or hours) assigned for the accomplishment of a specific task or group of tasks. Identifying, documenting, approving or rejecting and controlling change. A management control point at which actual costs can be accumulated and compared to earned value and budgets (resource plans) for management control purposes. A control account is a natural management point for budget/schedule planning and control since it represents the work assigned to one responsible organisational element on one Work Breakdown Structure (WBS) element. The comparison of costs before and after taking an action, in order to establish the saving achieved by carrying out that action. Assessment and synthesis of the cost risks and/or estimating uncertainties affecting the project to gain an understanding of their individual significance and their combined impact on the projects objectives, to determine a range of likely outcomes for project cost. The structure used to consolidate risk information across the organisation, to identify central responsibility and common response actions, with the aim of improving top down visibility and managing risks more efficiently. Source Risk Decisions (PMBoK) APM EVM guideline
Risk Decisions
Enterprise Risk Management (ERM) The application of risk management across all areas of a business, from contracts, projects, programmes, facilities, assets and plant, to functions, financial, business and corporate risk. Left Shift Management Reserve (MR) The practice by which an organisation takes proactive action to mitigate risks when they are identified rather than when they occur with the aim of reducing cost and increase efficiency. Management Reserve may be subdivided into: Specific Risk provision to manage identifiable and specific risks Non-Specific Risk Provision to manage emergent risks Issues provision The amount of budget / schedule / resources set aside to cover the impact of emergent risks, should they occur. An upside, beneficial Risk Event. An approved scope/schedule/budget plan for work, against which execution is compared, to measure and manage performance. The objective measurement of progress against the Baseline An action or set of actions to reduce the probability or impact of a threat or increase the probability or impact of an opportunity. If approved they are carried out in advance of the occurrence of the risk. They are funded from the project budget. An action or set of actions to be taken after a risk has occurred in order to reduce or recover from the effect of the threat or to exploit the opportunity. They are funded from Management Reserve. The amount of risk exposure an organisation is willing to accept in connection with delivering a set of objectives. An uncertain event or set of circumstances, that should it or they occur, would have an effect on the achievement of one or more objectives. The difference between the total impact of risks should they all occur and the Risk Provision. Functionality in Risk Decisions Predict! risk management software that enables users to organise different groups of risks to form a single, enterprise-wide risk map. The amount of budget / schedule / resources set aside to manage the impact of risks Risk provision is a component part of Management Reserve Activities carried out to implement a Proactive Risk Response. Assessment and synthesis of schedule risks and/or estimating uncertainties affecting the project ability to meet key milestones. The schedule component of Management Reserve. The amount of budget / schedule / resources set aside to cover the impact of known risks, should they occur. It is not advisable to net opportunities against threats and so a separate value is calculated for each. A downside, adverse Risk Event The spread in estimates for schedule, cost, performance arising from the expected range of outcomes. Often termed estimating error.
Non-specific Risk Provision Operational Risk Opportunity Baseline Performance Measurement Proactive Risk Response
APM EV/Risk working group PRAM (PMBoK) APM EV/Risk working group (PRAM)
The different types of risks managed across an organisation, typically excluding financial and corporate risks. Risk Decisions
Reactive Risk Response Risk Appetite Risk Event Risk Exposure Risk Management Clusters Risk Provision Risk Response Activities Schedule Risk Analysis Schedule Reserve Specific Risk Provision Threat Uncertainty
(PRAM) APM EV/Risk working group PRAM APM EV/Risk working group Risk Decisions working group APM EV/Risk working group APM EV/Risk working group (PRAM) APM EV/Risk working group APM EV/Risk working group PRAM APM EV/Risk Working Group
www.riskdecisions.com
whitepaper
For further information visit: www.riskdecisions.com or contact Alex Leggatt at: Risk Decisions Ltd, Whichford House, Parkway Court, Oxford Business Park South, Oxford, OX4 2JY Tel: 01865 718666 Email: alex@riskdecisions.com
European HQ For enquiries from the UK and mainland Europe. Risk Decisions Ltd Whichford House Parkway Court Oxford Business Park South Oxford OX4 2JY United Kingdom For general enquiries: Tel: Fax: Email: +44 (0)1865 718666 +44 (0)1865 718600 enquiries@riskdecisions.com
For help desk support: Tel: Fax: Email: +44 (0)1865 395698 +44 (0)1865 718600 support@riskdecisions.com
www.riskdecisions.com
management solutions