Project Governance and Risk Review

Considering the amount of change that most major projects deliver, many organisations seem to routinely miscalculate the business risk that comes with change.  Business cases can be detailed and heavily scrutinized, but measurement of the existing risk profile, the delivery risk, and the delivered end-state risk, are three measurements that rarely get done.  By failing to use your existing Risk Management Framework (RMF) and measure these operational risks, it is much harder to understand the impact of the project on the enterprise risk profile and its consumption of operational risk appetite (or capital).  This results in the change risk impact of many major projects being risk assessed in hindsight, and it's why many projects are deemed to have failed, at an enterprise level, even when they deliver many of the predicted business case benefits.

How we can help

We can work with existing project, PMO, and operational risk teams to help leverage existing data and RMF processes to ensure there is a more meaningful connection between the benefits each project seeks to deliver and the related change in enterprise risk profile that results.  Using the risk assessment, controls performance and risk appetite monitoring aspects of your RMF, we can help ensure that the cost/benefit foundation of your business case incudes proper recognition of the change in risk profile (before, during, after), that it is within risk appetite limits set by your board, and that the ongoing monitoring of the project risk is meaningful at an enterprise (rather than a project) level.

By better connecting project risk management to the overall RMF, senior stakeholders can have more confidence that projects are delivering agreed benefits without creating legacy risk exposures that are not evident until down the track. Improved transparency, supported by the use of other risk governance tools such as project risk scenario models, also helps regulated and listed organisations meet their regulatory and shareholder requirements.


Key areas of focus

Our team can help you:

  • Identify priority projects where the potential risk profile delta suggests the need to measure holistic enterprise risk impacts associated with the project and the change it introduces
  • Leverage existing data, RMF process, and resources, along with our tools and methods (to extent required), to complete the three risk assessments introduced above and provide ongoing visibility required
  • Provide expert advice on any additional risk processes, measurement or monitoring required to ensure sustainable project risk governance and reporting of the changing business risk profile
  • Ensure your project management methodology is sufficiently connected to your RMF and risk appetite to ensure project risks are part of your regular risk profile reporting, and not an adjunct

Report

Whichever service or support we deliver, we will provide you with a report that presents a meaningful view of your organisation's project risk management and the measures required to safeguard your business. The report includes:

  • Actionable insights based on our engagement and industry expertise
  • Where relevant, benchmarking data to call out leading or lagging behaviours
  • Overall risk rating, based on our self-assessment of your business risk