How to Escalate Project Risks

    2=Planning, 4=Control

  •  Minute Read

Let's take a look at what it means to escalate project risks and how to escalate risks including threats and opportunities.

Escalation is one of the eight ways to treat risks.The PMBOK® Guide–Sixth Edition says: 

"Escalation is appropriate when the project team or the project sponsor agrees that a threat is outside the scope of the project or that the proposed response would exceed the project manager's authority. Escalated risks are managed at the program level, portfolio level, or other relevant part of the organization, and not on the project level. The project manager determines who should be notified about the threat and communicates the details to that person or part of the organization. It is important that ownership of escalated threats is accepted by the relevant party in the organization." 

The language for escalating opportunities is nearly identical, interchanging the term threat with opportunity.

Every organization has risks at various levels such as teams, departments, business units, and an enterprise level. Projects touch different parts of the organization. Project managers discover all kinds of risks, some that are within the scope of the project and others that are not.

What should a project manager do when a risk is identified that is outside the scope of the project? Escalate the risk. Here are three takeaways. 

Three Takeaways About Escalating Risks

  1. Risks may be managed at a project level, program level, portfolio level, or other relevant part of the organization. Per the PMBOK® Guide, a program is "defined as a group of related projects, subsidiary programs, and program activities managed in a coordinated manner to obtain benefits not available from managing them individually." How does a portfolio differ? A portfolio is "defined as projects, programs, subsidiary portfolios, and operations managed as a group to achieve strategic objectives."  Another possibility is to manage the risks in an Enterprise Risk Management (ERM) Program. The Risk Management Society (RIMS) defines Enterprise Risk Management (ERM) as “a strategic business discipline that supports the achievement of an organization’s objectives by addressing the full spectrum of its risks and managing the combined impact of those risks as an interrelated risk portfolio.”
  2. The project manager determines who should be notified. Not all project managers will know who should own the risk. Ask team members and the project sponsor to help determine the risk owner.  
  3. It's important that the ownership is accepted. Project managers often lack the authority to simply assign the risk to someone outside their projects. Project sponsors can help by engaging the appropriate people in the organization to ensure buy in. If your organization has an enterprise risk management program, the ERM Director can help with the escalation.

Escalate Your Risks

Do you have risks in your project risk register that should be escalated? Work with your project sponsor and other key stakeholders to clarify the risks, determine the true risk owners, and ensure ownership at the right level of your organization. 

You may also like

What is a RAID Log?

What is a RAID Log?
>