The Institute of Enterprise Risk Practitioners (IERP®) is the world’s first and leading certification institute for Enterprise Risk Management (ERM).

Image Alt

IERP® International Institute of Enterprise Risk Practitioners

  /  Articles   /  Can ERM Knowledge Be Applied To Managing Project Risk?

Can ERM Knowledge Be Applied To Managing Project Risk?

Risk permeates everything, and extends far beyond cost, affecting workers’ safety, the firm’s security in respect of its operating systems, even its governance and the effects of its operations on the environment. More companies are beginning to proactively apply ERM principles to the management of their risks, and are finding it highly effective. Thus, it is being increasingly incorporated into strategy and, more importantly, the processes that support the firm’s decision-making. But managing risk at enterprise level, and managing it at project level may vary quite extensively. Project risk management relates directly to risks that arise from, or because of, the project.

It includes the identification and evaluation of project risks; the development of appropriate plans to mitigate those risks; implementing these mitigative measures and monitoring throughout the project period. All this is geared towards making better decisions so that the project’s objectives may be achieved. ERM, with its scalability and focus on understanding issues, processes and procedures, will go a long way towards the risk management of individual projects. One of ERM’s pillars is understanding the kind of risk that challenges the firm; it applies the same level of analysis to all enterprise risk including operational, financial, governance, strategic and compliance risk.

It is not difficult to “scale down” and apply this to determining the potential risk in project management. ERM enables risk-based corporate decision-making that drives strategy for the firm. This is a practical implementation approach that can be used to identify which projects to select, based on cost-benefit and the highest probability of success. There is also risk-based corporate decision-making, another tool in the ERM arsenal; highly effective when properly applied as it produces an accurate picture of the results of strategic decisions, together with the costs involved. The organisation is able to zero in on the project’s problem areas, and set up mitigation measures as required.

Contingency planning is always a vital aspect of project risk management, and should take into account low-probability, high-impact risks which could impact adversely on the project. It is worth noting, however, that many risks and uncertainties that arise during projects are actually beyond the control of the project manager. Bearing in mind that such pitfalls exist, their impact can be anticipated to a certain extent, and unpleasant surprises may be avoided. Even the most fundamental of ERM applications will allow the organisation to optimise risk management at enterprise level; at project level, these are likely to be even more impactful.

For instance, under ERM, risk registers identify risks and mitigative measures for the whole organisation. Project risk registers, which identify all risks that need to be controlled at project level, will be able to function in a similar capacity. It is the project manager’s job to identify, prioritise, manage and mitigate project risks. But risks change as projects move from one stage to another. Risk reviews and reassessment, and identification of possible new risks, have to be ongoing activities when it comes to project risk management. This also relates directly to the overall success of the project, how well it stays within budget, and on schedule.

Part of project risk management is careful monitoring, measurement and reporting. Projects should be measured for success and failure because both of these have a bearing on the performance of the organisation. Additionally, effectively managing project risks ultimately helps the organisation in its efforts to manage its overall or enterprise risks as this will indicate where project resources should be allocated for optimum use. Many companies may not realise that not measuring the success rates of their projects also hinders them from determining whether they are progressing, if they are competitive, and if their processes and procedures are sustainable.

There are many areas where ERM and project risk management intersect but generally, project risk managers may apply the same principles of ERM when managing their projects. In both areas, for instance, identifying risks is crucial. Any project risk analysis and management guide will put this first and foremost. Qualitative and quantitative risk analysis needs to be performed; risk strategies and responses must be developed and implemented; and there must be continual monitoring via reviews, evaluation and feedback from stakeholders. ERM involves, for example, risk associated with accidental losses, finance, strategy and operations; project risk involves the same, but at project level.

It follows, therefore, that project risk managers should look to ERM for pointers when it comes to setting measures that work, and to ensure they are in place. They should, firstly, have a documented risk management strategy in place, and develop support at all levels. Certain levels of expertise are required. For project risk management to be effective, the right people have to be in the right positions. Project management teams should have the necessary skillsets, including experience of managing project-related risks. Project risk management actually carries on beyond the duration of the project; detailed documentation is therefore necessary to add to the organisation’s knowledge and experience.

Documenting failure is just as important as celebrating a project’s milestones. It is a long-term measure that helps the organisation identify pitfalls to be avoided, for future projects. Problem areas can be pinpointed, and mitigation measures can be improved based on documented evidence. This will save the firm both time and money, and contribute directly to building risk awareness at each level of the organisation.

    Name (required)

    Email Address (required, business email address only)

    Mobile Number (required)

    Company (required)

    Designation (required)

    Preferred Contact Method: (required)

    CallEmail

    What is the biggest challenge in your job/industry

    Which modules are you interested in? (required)

    Managing ESGMechanics of ESGEnterprise Risk Management

    Message

      Name (required)

      Email Address (required, business email address only)

      Mobile Number (required)

      Company (required)

      Designation (required)

      Preferred Contact Method: (required)

      CallEmail

      What is the biggest challenge in your job/industry

      Message

        Name (required)

        Email Address (required, business email address only)

        Mobile Number (required)

        Company (required)

        Designation (required)

        Preferred Contact Method: (required)

        CallEmail

        What is the biggest challenge in your job/industry

        Which modules are you interested in? (required)

        Evaluating Risk and Internal ControlCorporate GovernanceEstablishing a Cybersecurity FrameworkEnterprise Risk Management

        Message

          Name (required)

          Email Address (required, business email address only)

          Mobile Number (required)

          Company (required)

          Designation (required)

          Preferred Contact Method: (required)

          CallEmail

          What is the biggest challenge in your job/industry

          Message

            Name (required)

            Email Address (required, business email address only)

            Mobile Number (required)

            Company (required)

            Designation (required)

            Preferred Contact Method: (required)

            CallEmail

            What is the biggest challenge in your job/industry

            Which modules are you interested in? (required)

            Digital Risk Management and DisruptionMechanics of CyberSecurityEnterprise Risk Management

            Message

              Name (required)

              Email Address (required, business email address only)

              Mobile Number (required)

              Company (required)

              Designation (required)

              Preferred Contact Method: (required)

              CallEmail

              What is the biggest challenge in your job/industry

              Which modules are you interested in? (required)

              Evolution of BCM Standards, Policies and FrameworksBIA & BCMS Frameworks and StrategiesRisk, Sustainability, Metrics and Crafting Effective Business Continuity Plans

              Message

                Name (required)

                Email Address (required, business email address only)

                Mobile Number (required)

                Company (required)

                Designation (required)

                Preferred Contact Method: (required)

                CallEmail

                What is the biggest challenge in your job/industry

                Which modules are you interested in? (required)

                Emergency Preparedness, Response, BC Awareness and trainingBCMS Performance, Metrics and Audits, Disaster Recovery Plans and Lean MethodologiesCrisis Management

                Message

                User registration

                Reset Password