MCM4433 Project Risk Management Chapter 8: Governing Risk Management Process

Chapter 8: Governing Risk Management Process

1.0 Introduction

A sound corporate risk governance framework is essential for establishing a strong

decision-making process and implementing consistent policies and procedures to
ensure accountability. The importance of governance in risk management has led to
the implementation of various strategies within organizations. Project governance
comprises the followings:
 responsibility and accountability
 controlling and monitoring, and
 reviewing and reporting.

2.0 Responsibility and accountability

Every member within an organization plays a role in accomplishing the

organizational objectives. Established procedures guide teams in achieving goals,
ensuring adherence to specific requirements before initiating a project.
Organizations utilize various techniques to enforce responsibility and accountability.
The RACI technique (Responsible, Accountable, Consulted, and Informed)
emphasizes the assigned person's responsibility and accountability for task delivery.
Another technique, SQEP (Suitably Qualified and Experienced Personnel), ensures
that individuals chosen for tasks possess the ability to control and manage the
project, with experience being a crucial factor.

Project management involves the delegation of responsibilities to different

individuals. For instance, in a bid process, the bid manager or bid director oversees
project management, while at a higher level, the project sponsor is responsible for
developing initial ideas and business cases for review and approval by the executive
committee. Risk management is distributed across various departments, such as
finance and the program office, rather than being solely the responsibility of a risk
manager.

Project managers play a vital role in managing risks and conducting risk reviews in
designated areas. Three management functions—Portfolio Management Office
(PfMO), Programme Management Office (PgMO), and Project Management Office
(PMO)—exist. However, the industry's application of portfolio management is not

77
MCM4433 Project Risk Management Chapter 8: Governing Risk Management Process

fully developed, leading the portfolio office to adopt the role of a PMO and
diminishing the significance of PfMO.

2.1 Programme Management Office

The Programme Management Office (PgMO) comprises dedicated positions like the
programme manager, risk manager, value manager, project manager, and
development manager. Commonly found in industries such as manufacturing,
defense, and transportation, PgMOs are established for large programs
encompassing various projects and stand-alone projects. One key objective is to
make the risk management process available to the organization. PgMO personnel,
also known as program management counsel, work to ensure program criteria are
met, focusing on sectors like civil aerospace, defense, energy, marine, and nuclear.
Specific teams for each sector, led by a program manager, aim to enhance
processes, with governance provided by a program management director to ensure
standardized procedures are consistently followed by the staff.

2.2 Project Management Office

The Project Management Office (PMO) is responsible for advising and guiding
projects in alignment with the organization's project management framework. It
controls practices, processes, and methods, aiming to standardize project
management and enhance organizational efficiency. The head of the PMO is
accountable for developing tools and processes, reviewing project manager
performance, and ensuring their assignment to different projects. Positions within
the PMO include project director, project manager, bid director, bid manager,
commercial or contracts manager, risk manager, design team, installation team,
commissioning team, and project team. The project manager, overseeing day-to-day
project operations, is crucial for project delivery and profitability.

2.3 Project Team

Project teams, responsible for project and risk management, submit regular updates
on their performance to the PMO. Organizations may establish two types of PMOs—
a central PMO and project PMO. The central PMO, often part of the finance
department, ensures investment yields desired results. Project teams can be formed
based on tasks, with steering committees for large projects, or based on function,
where the project director assumes risks for the team's delivery. Resources are

78
MCM4433 Project Risk Management Chapter 8: Governing Risk Management Process

brought in once a project is secured, following a standard framework or

manufacturing process for project management.

3.0 Controlling and Monitoring

Managing projects involves identifying and achieving objectives set at the early stage,
requiring clear communication throughout the project's duration. Controlling and
monitoring are crucial to ensuring objectives are met. Regular meetings, often
monthly, provide project updates to the PMO, reviewing budgets and seeking board
approval for variations. Before starting a project or proposing an investment, the
project's necessity is established, acknowledging inherent risks. Control and
monitoring focus on financial and time management, with objective achievement
linked to cost and time. Projects are typically driven by timely and budgeted
completion, but some, particularly delivery-focused projects, prioritize delivery at any
cost.

3.1 Mechanisms of Control and Monitoring

Projects can be controlled and monitored using various techniques, including:

 organizational frameworks,
 milestones and stage-gates,
 steering groups, and
 audit processes.

3.1.1 Organisational Framework

The organizational framework establishes guidelines for defining and funding

risks, along with the criteria for funding applications. Life cycle management,
an ongoing organizational procedure, is an example. Governance for project
management is outlined in the operational assurance statement and life cycle
management guidelines. Various terms, such as program control, project
delivery framework, and quality control, are used to denote the framework
process. Despite the varied terminologies, it is acknowledged that the control
framework sets procedures for managing risks, oversees tendering
processes, ensures accountability and consistent management systems
(regardless of business location), defines responsibility, and provides general
procedures while allowing for the inclusion of additional details.

79
MCM4433 Project Risk Management Chapter 8: Governing Risk Management Process

3.1.2 Milestones and Stage Gates

Exclusive milestones can be utilized to assess project performance against

the work program, while stage-gate processes serve as a mechanism for
control and monitoring. In the UK, organizations commonly implement stage-
gate systems. These stages or gates essentially represent an approval
process for each project. All projects inherently involve risks, and approval is
contingent on a comprehensive understanding of these risks. These
procedures outline distinct levels of review and approval, with the option to
incorporate sign-off steps, especially for complex projects. In some instances,
a small project may undergo multiple sign-offs in one step, streamlining the
process due to the simplicity of solutions. A well-crafted proposal should be
recorded in a system for budget approval and risk allocation. The decision to
approve any project hinges on a thorough comprehension of risks and the
tangible and intangible benefits, facilitated through a sign-off process.
Standardized procedures are followed to secure approval for a bid, ensuring
fairness, shared responsibilities, and mutual agreement. Feasibility studies
are advisable in the sign-off process, requiring projects to demonstrate
tangible benefits before funding is granted. The pre-study phase, which may
span six months to a year, culminates in budget allocation and resource
provisioning for the project's initiation. Achieving a balance between project
expectations and inherent circumstances is essential for successful goal
attainment.

3.1.3 Steering Group

An alternative method of control and oversight is facilitated through steering

groups, such as the risk management steering group and the planning,
monitoring, and control group. These groups offer direction to projects,
ensuring adherence to the established board rules. Typically, steering groups
are more applicable to large-scale projects, with the sign-off process
contingent on the project's scale. Conversely, small-scale projects may
involve only the customer, project manager, finance, and control personnel.
Steering group meetings are convened to scrutinize test reports or
compliance reports and assess the status of risks.

80
MCM4433 Project Risk Management Chapter 8: Governing Risk Management Process

3.1.4 Audit

The auditing process guarantees that projects align with the established
guidelines and achieve the intended objectives. The risk audit program, for
instance, forms part of corporate governance controls. The audit procedure
may resemble gateways, wherein a process undergoes scrutiny and auditing
before progressing beyond a gate.

4.0 Reviewing and Reporting

The third facet of governance involves the processes of review and reporting, which
can occur in various ways and at different project stages. These processes are
integral to management activities and have become ingrained in the system. Within
the governance framework, ongoing risk reviews are mandatory as the project
unfolds. Reporting falls under the purview of the project manager, who also provides
guidance to the risk managers. Additionally, a PMO, as part of governance
obligations, must report to the corporate office, subjecting them to higher-level
scrutiny. Budget reviews are a regular practice, typically conducted on a monthly
basis. The project manager then presents reports to management weekly, monthly,
or semi-annually. The project manager holds the responsibility for project delivery,
establishes parameters, and, significantly, is answerable for the project's profit and
loss.

4.1 Performance Criteria, Improvement, Measurement

Regular reviews are essential for project performance criteria, improvement, and
measurement. The assessment involves planned value, incurred expenses, and risk
considerations. Performance measurement focuses on the alignment of requested
funding with actual delivery, influencing funding for subsequent stages. This entails
an assurance process to validate the investment's soundness and an evaluation
process for suppliers to ensure compliance with expectations. Improvements are
driven by project profitability, prompting adjustments to procedures for enhanced
efficiency and more accurate forecasts.

5.0 Setting Up Project Management Procedure

The implementation of a standardized project management process enables the

organization to adhere to a clear and uniform approach, ensuring the delivered
outcomes align with specifications. This standardized approach facilitates task

81
MCM4433 Project Risk Management Chapter 8: Governing Risk Management Process

delivery in line with project expectations. Conversely, a generic process is more

suitable for organizations with diverse projects. The adoption of a standardized
process is motivated by historical challenges in project management and the
recognition of expertise. In regulated industries like railways, external accreditation
benchmarks the process. Processes may vary between organizations, developed
internally or adopted from best practices. The current standardized processes
include:
 Internal project management manuals, management systems, or quality plans
 Published guidelines
 Other gateway processes
 Life cycle management
 Six Sigma techniques and tools for process improvement
 Balanced scorecard

6.0 Challenges of Project Governance

Challenges within project management governance encompass the following issues:

Personal Attitudes: The governance of projects can be hindered by personal

attitudes, such as egotism among team members. For instance, a project manager
might face difficulties in managing a risk manager.

Rule Enforcement Failure: The failure to enforce rules can adversely affect projects,
leading to increased total costs. Weak governance may result in projects deviating
from budgets, incurring additional expenses despite the need for timely and
specification-compliant delivery.

Poor Capabilities: Inadequate skills among key personnel or ineffective project

management practices can have severe consequences, potentially leading
organizations to financial distress or bankruptcy. Ensuring the efficiency of project
managers is crucial, emphasizing the necessity for proper training in project
management processes.

Dynamic Environment Challenges: In dynamic environments, organizations must

excel in periodic forecasting and delivering projects that align with the ever-changing
demands of clients.

Excessive Administrative Load: Organizations burdened with excessive

administrative tasks may suffer from poor governance. Large organizations tend to

82
MCM4433 Project Risk Management Chapter 8: Governing Risk Management Process

accumulate administrative load and bureaucracy, potentially leading to overreaction

to low-probability events within a massive portfolio. This results in increased
management efforts, adding more administration and functional accountability
without necessarily creating added value.

Complex Contracts: Complicated contracts, particularly in private finance initiatives

(PFI), may be prone to misinterpretation or lack of clarity compared to well-
documented traditional contracts.

7.0 The Concerns of Project Governance

Project governance raises three major concerns: human, technical, and

environmental.

Human Issues: Addressing individual attitudes and responses to instructions is

crucial in project governance. Moreover, the shortage of capable project managers
compared to the workload poses a significant challenge.

Technical Issues Inconsistent reporting and rule enforcement due to governance

deficiencies are prevalent issues in project management. Managing projects with
intricate contracts, such as PFI, is complicated, given their ambiguous nature and
difficulty in interpretation.

Project Environment Big projects grapple with inherent problems like administrative
load and bureaucracy, leading to unnecessary tasks focused on managing politics
rather than adding value. The dynamic project environment often results in the
manipulation of project delivery to meet operational demands, consequently inflating
overall project costs.

83
MCM4433 Project Risk Management Chapter 8: Governing Risk Management Process

Self-Assessment Questions
1. How does the implementation of a standardized project management process
contribute to the organization's overall strategic goals and objectives?

2. In what ways do the challenges in project governance impact the long-term

strategic sustainability of the organization?

3. What role do steering groups play in ensuring effective communication and

collaboration, especially in large-scale projects?

4. How can organizations balance the need for timely and budgeted project
completion with a focus on performance measurement and continuous
improvement?
5. In what ways do regular reviews, including planned value, expenses, and risk
considerations, contribute to the ongoing improvement of project management
processes?

6. How can organizations enhance their capabilities for periodic forecasting and
adaptability to meet the ever-changing demands of clients in dynamic project
environments?

7. What strategies can be employed to minimize the impact of personal attitudes

and egotism on project governance in dynamic and rapidly changing scenarios?

8. How can organizational frameworks, milestones, stage-gates, steering groups,

and audit processes be balanced to provide effective control without stifling the
flexibility needed for innovation and adaptability?

84