What are the Risk Management Roles in Projects and Programs?

    2=Planning

  •  Minute Read

As a project manager, you constantly juggle a million tasks at once. And you may overextend yourself, wearing too many hats. How can we find a better balance? This article will provide clear guidance on how to define and assign risk management roles and responsibilities for projects and programs.

Ensuring that all of the risks are addressed can be a daunting task, particularly for larger, complex projects. Having designated risk roles ensures that significant risks receive attention and allows everyone on the team to focus on completing the project successfully.

Project Sponsor

“PMI Pulse research shows actively engaged sponsors are by far the top driver of projects meeting their original goals and business intent” (PMI Executive Sponsor Engagement)

Project sponsors have several responsibilities. First, sponsors develop and cast the project’s vision, including goals, risk appetite, and risk thresholds. Second, project sponsors ensure that the project manager has the required resources. Third, these leaders engage high-powered/high-interest stakeholders when needed, particularly to resolve conflicts and protect the project team from distractions or annoyances.

Project Manager

What is the primary role of the project manager? He or she is responsible for achieving the project objectives. This often comes in the form of completing the project on time, within budget, and within scope. 

In a broader sense, project managers oversee all aspects of the project, including risk management. Here are some risk management tools that they may use:

  • Risk management plan

  • Risk register

  • Decision register

  • Issue register

The authority of the project sponsor and project manager should be established early in the project and is typically included in the project charter. The project charter may include specifications of the project manager’s authority over others, such as project team members and a risk manager.

the what, why, & how of project charters - Join Now!

See some examples of organizational structure types, the project manager’s authority, and the role below.

Organizational Structure Type

Project Manager’s Authority

Project Manager’s Role

Who Manages the Project’s Budget?

Functional

Little or none

Part-time; may or may not be designated job role like coordinator

Functional manager

Matrix - weak

Low

Part-time; done as part of another job and not a designated job role like coordinator 

Functional manager

Matrix - balanced

Low to moderate

Part-time; embedded in the functions as a skill and may not be a designated job role like coordinator

Mixed

Matrix - strong

Moderate to high

Full-time designated job role

Project manager

Project-oriented

High to almost total

Full-time designated job role

Project manager

PMBOK® Guide, Sixth Edition, page 47

Matrix environments are common and require careful attention. Project team members report to both a functional manager and project manager(s).

Where do project managers reside organizationally? That depends on the organization. For example, organizations may place project managers in functional areas (e.g., Information Technology) or in a Project Management Office (PMO).

Project Management Team

The project management team are “the members of the project team who are directly involved in project management activities” (PMBOK® Guide, Seventh Edition, page 16). These individuals are responsible for the day-to-day planning and execution of the project.

Additionally, the project team is “a set of individuals performing the work of the project to achieve its objectives: (PMBOK® Guide, Seventh Edition, page 16). Where the project management team is directly involved in the day-to-day activities, the project team includes individuals who are engaged at specific times in the project. For example, a subject matter expert may be brought into a risk identification session.

Risk Owners

The risk owner is “the person responsible for monitoring the risk and for selecting and implementing an appropriate risk response strategy” (The Standard for Risk Management in Portfolios, Programs, and Projects, page 168).

A risk owner may be assigned when risks are identified. There should be only one risk owner for each risk. At a minimum, risk owners should be assigned before developing the risk response plan. Why? Because the risk owner has the expertise needed for the development and implementation of the plan.

A risk owner, who may be a busy executive, may assign a risk to a risk action owner such as a manager. The risk owner develops the risk response plan; the risk action owner performs the action–monitors the risks and implements the risk response plan. 

Risk Manager

A dedicated risk manager (alias project risk manager) may be assigned to a larger, complex project or program. The risk manager reports to the project or program manager. Their responsibilities include but are not limited to:

  • Engage stakeholders to identify risks

  • Engage stakeholders to evaluate risks

  • Help risk owners develop risk response plans

  • Ensure that the risk owners are monitoring their assigned risks

  • Ensure that risk response plans are executed by the risk owners at the appropriate time

  • Facilitate risk reviews and risk audits

  • Works with the Risk Department or Enterprise Risk Management Department to ensure that the risk processes align with the organization’s risk policies

The project manager should develop the risk management plan, and the risk manager should execute the plan. If a risk manager is not assigned, the project manager or program manager is responsible for these activities.

"The cause of almost all relationship difficulties is rooted in conflicting or ambiguous expectations around roles and goals." –Steven R. Covey

Project Management Office (PMO)

The PMO oversees project management within an organization. There are different types of PMOs. Notice the level of control for each.

  • Supportive - provide support to project managers in a consultative role. Provide templates, training, best practices, and lessons learned. Control is low.

  • Controlling - requires project managers to follow a project management framework or methodology using specific tools and templates. Control is moderate.

  • Directive - projects are managed by project managers in the PMO. Control is high.

Where are PMOs placed organizationally? Some are enterprise PMOs, providing services to an entire organization. Others may be placed within a department such as Information Technology (IT), focusing on managing IT projects.

Some PMOs define and support a risk management framework to ensure consistent application of risk management across all projects and programs. Additionally, a PMO may include project risk managers that are assigned to manage risks for risky projects and programs. 

Enterprise Risk Management (ERM)

Does your organization have an ERM program? If so, how well is the ERM program aligned with the project portfolio, programs, and projects? 

ERM ensures that all risks are identified and managed across an enterprise including:

  • Financial risks

  • Operational risks

  • Strategic risks

  • Other risks

And an ERM leader develops and maintains an ERM Policy that guides the behavior and actions of risk managers (including project risk managers) within an organization.

How About You?

Risk management is critical for every project, program, or portfolio. What about agile projects? Yes, agile projects have risks too. Using an agile lifecycle can help to manage risks, but there are still risks. Whether you take a predictive, hybrid, or agile approach, tailor your risk management.

If you have been assigned a large, complex project, consider whether you may benefit from having a risk manager. It does not have to be a full-time risk manager; instead, you may use a part-time manager.

Lastly, think about the enterprise resources available to help you manage your risks better. Check out the resources and support in your ERM program and your PMO. Otherwise, ask more experienced project managers for their guidance and risk management assets. 

The PMI-RMP® Exam Prep Course

learn more!

You may also like

What is a RAID Log?

What is a RAID Log?
>