Risk Management – Good to Great! Part I – Practices

In our coaching practice at PM Power Consulting, Project Managers, Program Managers and Portfolio Managers (called Delivery Managers in some organizations) often ask us: “How am I doing as a risk manager?” In response to that, we present a comprehensive picture of risk management in the organization for them to better understand the position & importance of individual competencies. Here is that picture:


As you can see, individual competencies in risk management indeed have a place and importance in the big picture.

But if you want risk management practices to go from “good” to “great”, individual competencies by themselves are not sufficient. You need the right enablers in the organization as well.

You also need to have measures in place to track your progress in the journey to greatness. Measures need to cover outcomes as well as effectiveness of practices. The measures help you to identify areas of improvement and act on them covering all enablers (and disablers!).

Finally, risk management practices are in the context of a specific organization and its business. This means some of the generic risks in a project, program or portfolio are “inherited” from the organizational context. For example, within the domain of software solutions, the risk profile of an organization developing embedded software for vehicle safety would be very different from that of an organization developing a cloud-based ERP solution. So, definition of what is great needs to be defined in your organization context.

Having given you the big picture, we start by what we feel are good practices and what are truly great practices. In our experience with organizations and managers, great practices help achieve a higher level of consistency in achieving outcomes – that is the actual business / operational benefits that the customer is expecting rather than just the project goals of scope, schedule, cost and quality.

With that background, we can look at two lists of risk management practices below – the left column being the good practices and the right column the great practices.


Let us take a few examples from the above lists just to illustrate good vs. great. Item 1 in the good practices is “Comprehensive risk discovery”. By comprehensive, we mean several things – first, do you have the domain experts (say, in embedded software for vehicle safety) available either internally or external to your organization to assist in risk discovery? Are the experts helping you to identify risks specific to your project context rather than generic ones? Are they part of assessing risk probability and potential impact jointly with you?

No doubt the above good practice itself is a considerable achievement to have it in place and working well. However, a higher level practice or a great practice is to have team involvement in the entire span of risk management activities in the project starting with risk discovery. The reason is that many risks lie hidden at project start and emerge, often at the worst possible moment! A frequent risk source in the software domain is the technical/technology aspect. Team members are often able to see risks in this aspect much before they show up in managerial radars. If team member participation is encouraged from the beginning, these risks are identified earlier and better addressed – after all, there is only so much you can do in terms of contingency actions. Team participation in other risk management activities such as risk response development, implementing mitigation actions and monitoring risks improves practice effectiveness and team ownership.

I hope you are getting the drift of how we are viewing the distinction between good and great practices. You may extend this comparison to the remaining items in the two lists. Please note that it is not always a direct comparison between a practice in the good list with a corresponding practice in the great list. The two lists are not linked like that if you what I mean.

So, did you find this interesting? Watch this space for the next parts in the Risk Management: Good to Great series – on enablers, measures and so on.

In the mean time, we would love to hear your comments on this blog.

Sivakumar (ShivK).

What do you think?

Leave a Reply

What to read next