Is Your PMO Risk-Ready?

Author: Carl Pritchard, PMP, PMI-RMP, principal and founder of Pritchard Management Associates

As the “risk guy” I marvel at how many project offices come to risk management late in the game, rather than a line of first resort.  In our project offices, we need to make sure that risk is integral in our day-to-day practices if the projects that we support are going to flourish in a risk-rich environment.  Every project office manager or owner should be looking at their risk practices on three fronts—the culture, the tools, and the capture.

The Culture

Do project managers in your organization know what upsets management?

Do project managers in your organization know what will cause concern in the PMO?

Do project managers in your organization document that information?

The roots of culture are in language, and amazingly, many organizations don’t have definitions for such simple terms as “high probability” or “moderate impact.”  While the PMBOK Guide strives to offer a jumping-off point for this cultural nuance, most organizations haven’t taken the next step forward to make the terminology organizationally specific.  An organization providing medical devices doesn’t have the same risk responsibility (or exposure) as an organization that builds outbuildings.  We may be able to find tangential similarities, but the devil is in the details.  Establishing a risk lexicon is crucial to creating a culture that ensures some modicum of consistency in risk-taking within an organization.  It’s a vital first step in making a PMO truly risk-ready.

The Tools

Do you have a standard format for your project risk registers?

Do you have a standard format for the project risk management plans?

Do you have instructions and guidance on how to fill in the boxes on ANY document with the word “risk” in it?

Tools matter. Expecting project managers to manage risk without the basic forms and formats is like asking a mechanic to fix your car without a socket set (or a diagnostic computer these days).  I once had a student e-mail me asking for a list of all of the cells that he should have in his Excel® spreadsheet for his risk register.  I sent the list.  Several months later, I followed up to ask how well it was working out for him, and he was somewhat crestfallen.

We never got it off the ground, he explained.  No one was putting the right information in the right cells.

In the early 1990’s I purchased the Project Management Institute’s Book of Forms (complete with 3.5” floppy disk)!  At that time, it was nothing more than forms.  No explanations.  No clarification of what the forms were for, or what information went into the boxes.  I never really got to use it well.  But it did prompt me to write The Project Management Communications Tool Kit (Artech House), which was largely a book of forms with the explanations.  That’s important.  If we’re going to give someone a risk management plan, they need to understand not only the components of the plan, but what information should be addressed by those components.  Without that information, tool utility is very, very limited.

The Capture

Do you have a repository of successful risk strategies?

Do you have a list of losers?

Risk capture is a PMO’s most significant risk responsibility.  What works?  What didn’t?  The entire time you were growing up, your parents likely gave you a list of dos and don’ts.  Don’t go swimming for 30 minutes after you eat! (MYTH!  https://www.dukemedicine.org/blog/myth-or-fact-should-you-wait-swim-after-eating).  You’ll put your eye out!  (SORT OF!  You won’t put your own eye out, but you could take out the eye of the person next to you.  Airbags may kill you!  (Depends on the brand!  http://www.consumerreports.org/cro/news/2016/05/everything-you-need-to-know-about-the-takata-air-bag-recall/index.htm)

Risks are rarely one-size-fits-all, so the PMO becomes responsible for capturing the history of which risks are genuinely worth sweating about.  Also, if they are recurrent (or worse, recurrent and frequent), the PMO should be able to look across the project landscape within an enterprise and determine that some kind of institutional solution would be appropriate.  In the early era of the automobile, drivers and passengers in an accident would often go sailing through the windows.  Seat belts weren’t even an option until the mid-50s, and didn’t become a standard feature in most cars for another decade.  Now, they are an institutionalized solution.  Smoke alarms and sprinkler systems used to be a rarity, and they’re now part of most housing codes.

The PMO should have the greatest long-term visibility on the challenges that projects face—particularly those that could be classified as “repeat offenders.”  If the PMO is tracking both the challenges and the solutions, they’re doing what should be considered one of their critical risk jobs.

Our Risk Job

The PMO is seen organizationally as the home of project oversight.  Nowhere do we need such oversight more consistently than in our risk practices.  It’s up to use to ensure that we take our risk roles seriously, and incorporate those roles in the day-to-day of our PMO practices and protocols.

Thanks for taking the time to read this article written by our friend Carl Pritchard, PMP, PMI-RMP.  You can learn more about Carl here.

If you would like to sign up to receive these blog posts right to your inbox, click here to sign up for our newsletter.

Thanks for taking the time to read this article.