What Everybody Ought To Know About Project Risk Owners

    2=Planning, 4=Control

  •  Minute Read

So, what are project risk owners and how should project managers identify and assign them? Let's talk.

Imagine that you are the project manager of a two-year, multi-million dollar project. During the execution of your project, you take a beach vacation.

One of your team members calls upset that a major risk has occurred. You cooly reply, "No problem." You text the risk owner and discover that the risk response plan is being executed and everything is fine.

Is this scenario possible? One thing is for sure. If we don't identify and recruit risk owners, this will never happen. Your project will be at greater risk.

picture of a risk owner

Risk Owner

What is a Project Risk Owner?

The PMBOK 7th Edition says a risk owner is "the person responsible for monitoring the risks and for selecting and implementing an appropriate risk response strategy." Furthermore, these individuals may aid in evaluating their risks by performing qualitative risk analysis and quantitative risk analysis

More...

Risk owner. The person responsible for monitoring the risks and for selecting and implementing an appropriate risk response strategy. —PMBOK Guide, Seventh Edition

Click to Tweet

When to Identify

While planning projects, project managers engage stakeholders and identify risks. As risks are identified, ask who might serve as the risk owner. If it's not obvious, ask for potential candidates.

If you did not identify a risk owner while identifying the risk, you will need to make that decision while evaluating the risks or before developing the risk response plan. Why? Because the risk owner, with their expertise, should develop the risk response plan. 

Only the most significant risks need a risk owner and risk response plan. When developing your Risk Management Plan, determine the risk threshold of when a risk response plan and risk owner is required.

What to Look for in Risk Owners

So, you and your stakeholders have identified a risk. Who should be the risk owner? Consider the following factors:

  • Who best understands the causes, the risk, and the impacts?
  • What individual will proactively monitor the risk?
  • Who will respond if the risk occurs?
  • Does the individual have risk management experience?

The individual may not meet all of the conditions, but the more, the better.

How to Recruit Project Risk Owners

Imagine that your team and stakeholders have identified a risk and identified a strong candidate. How does the project manager secure the risk owner? That depends on the authority of the project manager and the culture of the organization. With high authority, the project manager may simply assign the risk owner.

With low authority, you will need to use your interpersonal skills to communicate, influence, and obtain the risk owner. Here are some tips:

Risk Owners

  • Explain the project and why the project is important to your organization
  • Explain the risk that has been identified
  • Describe why they were identified as a candidate (i.e., expertise, knowledge, experience)

Who Monitors the Effectiveness of Risk Owners?

For larger projects, you may conduct risk audits during the Monitor Risk process. Part of the audit is to evaluate the effectiveness of the risk owners. Risk audits may be performed by the project manager, the project team, or an external audit team.

Create a Risk-Aware Culture

Culture eats strategy every time. People resist change. It takes time to get people to buy into risk management. Be the risk evangelist. Educate stakeholders on the value of risk ownership.

Project Risk Coach Tips

Sign up for the weekly Project Risk Coach blog posts and receive the Project Management Plan Checklist. This will allow you to deliver projects with fewer problems and greater value.

"Intelligent leadership, creative communication and depth of technical skill all describe Harry Hall." –John Bartuska, Director of HR–ONUG Communications

Powered by ConvertKit

You may also like

What is a RAID Log?

What is a RAID Log?
>