As most buildings have fire marshals to usher people out in case of an emergency, a good risk register has a place for risk owners. But are we using these folks to their full potential?
Planning for risks in most project follows an established and clear framework composed of key processes. Each of these processes culminates in the hope that we have generated and put in place what is needed to take care of risks as they might come along. We have also generated by that time a risk management plan that sets out our approach to managing risks on the project as well as started populating a risk register; which will keep us on track with our efforts to document and keep everything in plain sight.
Risk identification is by far the most time-consuming process and to me, the one that I enjoy the most as it sets the tone and provides insights into both the organization and projects alike. That’s where you get to work with cool tools like the Delphi technique, or you get to probe people in one-on-one interviews. Once identified, risks are or should be analyzed to provide a look at the probability and impact of each risk. Additionally, it will show us, through the use of a matrix and prioritizing system the range or extent of our risks for our project. Some people will only analyze this far while others may also pay attention to the risks that can impact time and cost. They may also further analyze risks to properly quantify what might be at stake as well as the potential impacts to our project baselines.
The next major process is to determine what our options or responses should be if the risks were to occur. I’ve discussed in a previous article some aspects of the risk response strategies and the preparation that goes into ensuring that short of a crystal ball we can set good plans in place for our potential risks. Another key factor that gets documented at this stage is the ownership of those risks. This is what I would like to discuss more in this article. For some, the use and documentation of risk owners is the filling of a column in the risk register while for others it can have a much larger meaning and purpose.
What does being a risk owner mean?
I found that it depends on the organization one works for and, the risk culture established there. I will start by eliminating the one thing that it should not be so that we start out with a clear understanding. It should not mean having the project manager or the team listed as owners for every risk in a risk register.
Sylvie Edwards, PMP, MCPM, STDC, CMP has 25 years of project management experience spanning various industries and is the owner of SRE Solutions, catering to clients in need of project management course development, education, project risk management, PMO setup/evaluation or recovery services. She has worked with one of the top five consulting firm, where she led projects in the information technology, banking, government, and securities sectors as well as being a manager in the risk management practice. Sylvie writes about risk management, communication, and PMO.