Several tools are used at the project level to identify, analyze and accept/mitigate risks. The risks that could impact a program/portfolio are picked from the project list based on potential loss exceeding a certain threshold and few risks that could not be handled at the project level and appropriate corrective actions are identified and implemented. This kind of approach is primarily focused on dealing with the project risk and does not highlight the potential impacts at the organization as well as leverage the organization resources for risk management effectively. 2010 Deep water Horizon accident in Gulf of Mexico is one example of how a project risk can cause huge loss to the enterprise, if not handled effectively.
A model of risk impact proposed by Prof. Hans Thamhain(Managing risk in Complex Projects, Hans Thamhain, Project Management Journal April 2013 page 20-35(may require membership of PMI)) helps us get better insight into the nature of risk management at the enterprise level based on major field study of 35 major product developments in over 17 high tech organizations. The model is based on a key observation that successful risk management is only achieved when project environment is conducive to effective cross functional communication and collaboration among all stake holders. This model categorizes risks into four groups. Cat-1 risks are those that do not impact project performance yet. Cat-II risks impact project tasks and subsystems. Cat-III impacts project performance, Cat-IV impacts project and enterprise performance. The key idea is that a risk can move from Cat-1 and Cat-IV during its life, if it is not managed well. A nice example for this is the Toyota's accidental acceleration problem which led to the recall of several vehicles thus impacting the enterprise.
This model helps in understanding the role of work process, organization environment and people in managing the risks. Some of the learnings for effective risk management in complex projects from this research include a)Unchecked contingencies tend to cascade and penetrate wider project areas b) Cross functional collaboration is an effective catalyst for collectively dealing with threat to project environment c)Senior Management has a critical role in creating a conducive organizational environment d)People are main sources for uncertainty as well as resources for reducing risk.
A model of risk impact proposed by Prof. Hans Thamhain(Managing risk in Complex Projects, Hans Thamhain, Project Management Journal April 2013 page 20-35(may require membership of PMI)) helps us get better insight into the nature of risk management at the enterprise level based on major field study of 35 major product developments in over 17 high tech organizations. The model is based on a key observation that successful risk management is only achieved when project environment is conducive to effective cross functional communication and collaboration among all stake holders. This model categorizes risks into four groups. Cat-1 risks are those that do not impact project performance yet. Cat-II risks impact project tasks and subsystems. Cat-III impacts project performance, Cat-IV impacts project and enterprise performance. The key idea is that a risk can move from Cat-1 and Cat-IV during its life, if it is not managed well. A nice example for this is the Toyota's accidental acceleration problem which led to the recall of several vehicles thus impacting the enterprise.
This model helps in understanding the role of work process, organization environment and people in managing the risks. Some of the learnings for effective risk management in complex projects from this research include a)Unchecked contingencies tend to cascade and penetrate wider project areas b) Cross functional collaboration is an effective catalyst for collectively dealing with threat to project environment c)Senior Management has a critical role in creating a conducive organizational environment d)People are main sources for uncertainty as well as resources for reducing risk.