Management of Risk (MoR): Guidance for Practitioners is a new guide by the Office of Government Commerce (OGC), UK, the same people who publish PRINCE2 with which many readers will be familiar. By way of introduction, the Foreword tells us:
"All of us manage risks in our daily lives almost unconsciously - assessing the speed of traffic when crossing the road, taking out insurance policies, making everyday decisions, weighing up options. However, in business, risk and risk management can sometimes be seen as specialist subjects, requiring expertise outside 'normal' management experience. In other circumstances, risk can be ignored altogether or the view taken that risk can be avoided by maintaining the status quo. Spending time developing risk management strategies is sometimes perceived as mere pointless bureaucracy. In this rapidly changing world, a status quo is unrealistic, and failure to identify and explore new opportunities is a risk in itself.
This guide provides an accessible framework for taking informed decisions on managing risk throughout the organization, from designing policy and strategy to dealing with threats and opportunities in your day-to-day operations and services."
So, at first glance, both from the title and the Foreword, one might think that this publication is not relevant to project management on this web site. Indeed, in the Table of Contents, only the final chapter even mentions programs and projects. However, throughout the text, as well as risks to the Line of Business operations, the authoring team clearly had "projects" very much in mind whether at the project, program or portfolio levels.
For example, "Risk" itself is defined as "An uncertain event or set of events that, should they occur, will have an effect on the achievements of objectives." That sounds to us very much like a project. In many places the content follows traditional project risk management philosophy, including such risk tools as Issue Log, Risk Register, and reference to the project life cycle. Even "stakeholder" is defined as: "Any individual, group or organization that can affect, be affected by, or perceived to be affected by, an initiative (program, project, activity or risk)."
So, in fact this text is a solid "How-to" treatise on managing risks associated with an organization's initiatives (aka projects). And as such, taking into account the perspective from which it is written, it might well have been better titled as "Management of Project Portfolio Risk". Either way, we believe that this book is one of the first of its kind, and something that we have been looking for. For those who might want to draw a comparison with the Project Management Institute's ("PMI") publications, remember that this Management of Risk: Guidance for Practitioners is a "How-to", whereas PMI essentially publishes standards, i.e. "What-is".
The MoR framework is based on four core concepts namely: Principles; Approach; Processes; and Embedding & Reviewing. These are shown arranged diagrammatically in Figure 1.
Figure 1: The MoR framework
Thus, according to the MoR guide:
"It provides a route map for risk management, bringing together principles, an approach, a set of inter-related processes and pointers to more detailed sources of advice on risk management techniques and specialisms. It also provides advice on how these principles, approach and processes should be embedded, reviewed and applied differently depending on the nature of the objectives at risk."
As an interesting footnote, but completely true to form, the authoring team treated the very production of this MoR document as a project - complete with a quality assurance and change control panel.
1. Management of Risk: Guidance for Practitioners, Office of Government Commerce (OGC), UK, 2007, p vii
2. Ibid, p156
3. Ibid, pp1, 155
4. Ibid, 30-32, 157
5. Ibid, p91
6. Ibid, p158
7. Ibid, Figure 1.1 on p1
9. Ibid, p viii