Project Risk Management
Project risk management, as defined by Max Wideman, is "an organized assessment and control of project risks." The level of risk management that is required obviously depends on the level of risk. Riskier projects, such as new product launches, global initiatives, projects involving new technology, major regulatory-driven projects, and so forth, tend to have complex interacting elements and involve high stakes. A poor track record on similar projects is an indicator or risk. While risk management is most needed for the most risky projects, some level of project risk management must be provided in all cases.
An organization can practice risk management in several different contexts. Projects are proposed throughout the organization in response to perceived needs and opportunities. Sometimes, the identified need is reducing a risk. For example, an organization operating a hazardous facility may invest in projects to reduce health, safety, and environmental risks. In such cases, the project is itself an investment in risk management. Regardless of the need or opportunity the project is intended to address, there are three main contexts for project risk management. As shown in Figure 6, these are: project planning, project selection, and project execution.
Figure 6: Opportunities for risk management
Although many organizations have instituted risk management processes within project planning and project execution, risk management in project selection is often little more than a yes/no answer to "Should we accept the project risk?" This limited view coupled with project-by-project decision-making creates problems for risk management.