When managing a program or portfolio of multiple projects, risks have to be managed at a level appropriate for each individual project. With the right organisational structure and software in place, you can also view, monitor and manage risks across all projects at program level.
At any one time, a large organisation may have a significant number of ongoing projects, of varying types, stages and sizes, with different stakeholders, customers, suppliers and deliverables. Managing risks on these projects by treating them as a program can bring significant benefits in a number of areas:
- Cost savings by identifying systemic risks and mitigating these at program level
- Program wide risk visibility
- Effective resource allocation
- Reduced contingency budgets
This article gives practical examples of how program risk management can be implemented in each of these areas.
Systemic risk identification
Systemic risks are risks that occur repeatedly across an organisation. It is much easier to identify such risks when using a central database, rather than trying to search across multiple, inconsistent project risk registers in spreadsheets. Looking at all these risks across a program allows individual project managers to focus on running their project, with the responsibility and contingency budget for systemic risks resting with the program manager or function. Managing risks centrally this way is another way of driving down overall costs.
Identify top risks across the program, not just individual projects
Identifying the ‘Top 10’ risks across a program is a common requirement, to enable management to focus on the most important risks. This is often achieved by asking each Project Manager to provide their top 2 risks. However, as shown in figure 1, this could result in the program manager missing the fact that the 4th risk in a project has more impact than the top 2 in another project. Not only does this mean that the wrong risks are being looked at, it can also hide a large amount of potential impact.
This is another area where a program manager can make a real difference. Imagine a scenario in a construction company where four similar builds have very different risk registers. Factors such as planning risks, site access, and weather conditions can have an effect, but what about individual risk managers? Perhaps one of them has a different approach to risk identification, or uses a different definition of uncertainty, or has different experiences affecting their view of risk. All of these things affect the contents and total value of the risk register. Identifying and acting on inconsistencies such as this can potentially drive down the overall contingency budget.
Focusing resources on program risks and not individual project risks can be instrumental in driving a business forward and securing its reputation. For example, a construction business with a number of major projects underway will typically manage resources across those projects at a program level. However, it is not so common at program level to consider the risk of schedule delay on one project having an adverse impact on another project, because resources are tied up longer than planned. Such problems can also get in the way of new projects starting, having an overall effect on a company’s cash-flow and reputation. In this case the program risk manager could opt to put mitigation budget towards avoiding the delay or proactively finding alternative resources. This is particularly important when managing projects with late delivery penalty clauses.
Risk analysis at a program level can play a role in driving down the level of contingency required, while maintaining confidence levels for delivery on time and to budget.
For example, project risk analysis shows that to give each individual project, say, an 80% confidence of being within their risk budget, may require the sum of the individual project contingency budgets to be £10m. However, analysing at a program level and maintaining an overall 80% confidence level could require a contingency budget of £9m, potentially freeing up money for alternative initiatives. This of course means that each individual project will get a lower contingency budget and that their confidence level of being within their budget is now less than 80%. This leads to an interesting dilemma for the program risk manager. How to balance the motivational factors around the likelihood of the project managers feeling less able to deliver, given the lower confidence, which could lead to reduced performance and freeing up contingency to benefit the company as a whole? Risk management at this level is an art not a science.
The benefits are even greater if similar projects are managed together, allowing for a database of lessons learned, stored in a risk tool such as Risk Decisions’ Predict! to be applied to each project, resulting in a further reduction in contingency.
Program risk management in practice
It is clear the benefits for program risk management can be significant. To be effective however, risk still has to be managed appropriately at project level. This requires each project to have a risk scoring system relevant to its size and business significance, and risk categories (for example, lists of suppliers and contractors) appropriate to the project. But these necessary differences cause problems when trying to get a consistent view across projects. When it comes to risk scoring. at program level, you’ll want each project’s risks to be recalibrated, so that they can be reviewed against program level criteria, while leaving the project level to view risks using the original scores (for example, to avoid smaller projects having all their risks weighted as being of minimum impact). For categorisation, the program manager needs to decide which categories of risk need to be reviewed across projects. For example, where one supplier is the cause of a large number of risks across different projects and program or function level action is required. This can only be achieved if all projects use a consistent set of supplier names and codes.
The trouble with spreadsheets
Many organisations manage their project risks in individual MS Excel spreadsheets, and while that works for small, isolated projects, it’s really hard to consolidate and aggregate risks held in different spreadsheets across a program or business. Using a risk management software tool such as Risk Decisions’ Predict! allows risks to be managed at a level appropriate to the size and complexity of individual projects, whilst giving the program manager a cross project view at a level appropriate to them. This requires no additional input, or manual aggregation of disparate and inconsistent spreadsheets.
Another advantage of a risk management tool is that it records an audit trail and allows for access by multiple users concurrently. It is difficult to control who edits a spreadsheet, especially with multiple users. It is estimated that some 90% of spreadsheets have errors or inconsistencies in them, something that can be avoided by using a risk tool.
However, while the business benefits of such an approach are clear, this also requires a culture of openness, where sharing information on risks is encouraged, not frowned upon. Good communication between the project managers, the program risk manager and company management will deliver the most effective results.
Program risk management has a number of benefits, including reduced contingency budgets, the ability to focus resources on top risks for the program and not just for individual projects, identifying inconsistencies, identifying systemic risks, and, last but not least, cost savings by mitigating risks at program level. Using a risk tool such as Predict! allows you to manage all projects in a central place, incorporate lessons learned and eliminate many of the challenges MS Excel presents by allowing for concurrent use and avoiding errors in spreadsheets with built in reports and analysis tools.