The parties involved in establishing an organization's PRMC include those who might champion the initiative, the individual or project team responsible for making it happen, those who use the associated risk management systems and procedures, and those who subsequently support and maintain the PRMC. Outside parties may also be influential, such as banks or major customers. The experience, seniority, and role of the PRMC project manager is obviously of critical importance. That such a manager is appointed with these responsibilities is a basic tenet of effective project management.
Effective development of PRMC requires a recognition of where and how risk management processes already occur in the organization, decisions about where attempts to develop PRMC should be made, and further decisions about who should be involved. Such decisions might adopt a 'logical incrementalist' approach (Quinn, 1978), first targeting areas of the organization where the benefits from risk management will be greatest, and using this experience as a learning process before attempting more widespread deployment. For example, in a project based organization, an obvious starting place is at project manager level, working down into project components and then teams. Further development of risk management might be targeted at the function based units that provide support to projects.
Example 17.1 An example of evolution in risk management support
In the late 1970s an oil major began the development of its PRMC with a single risk analyst undertaking analysis late in the plan stage of the PLC. Initially he had extensive and almost continuous external consulting support (from Chapman), but over time consulting support became less intense and was largely concerned with generic methodology for new considerations. Very soon a group of analysts were working in the same way, to cover all projects, often earlier in the PLC. This group of analysts reported direct to the project managers for the most part, as a service function for project managers independent of the design, planning, and costing functions. After a few years, a more senior person was made head of the risk analysis function and the planning function, effectively integrating planning and risk management formally. Then a still more senior person was made responsible for risk management, planning, and costing, extending the integration. As time went on analysis was undertaken earlier and earlier in the PLC, although to our knowledge it did not get back to the design stage, which had separate risk analysis support, with a somewhat different (safety, reliability, and availability based) focus.
Developing PRMC for many organizations should include facilitating and monitoring PRMC in other 'partner' or 'agent' organizations. For example, an organization contracting with suppliers on an extensive and regular basis ought to be concerned with the potential for risk transfer between the contracting parties. The nature and extent of RMPs operated by suppliers should have some influence on the nature and extent of risk management undertaken by their business partners. In particular, a client organization might seek to manage risks by implicitly transferring them to a contractor via a firm, fixed price contract, but this implicit transfer might be no guarantee that the contractor will identify all relevant risks or accept responsibility for managing them. This is one reason why some client organizations, such as the UK Ministry of Defence, require offering contractors to demonstrate PRMC by requiring them to submit risk management plans along with their fixed price tenders.
Was this article helpful?