{"product_id":"the-standard-for-risk-management-in-portfolios-programs-and-projects","title":"The Standard for Risk Management in Portfolios, Programs, and Projects","description":"\u003cdiv class=\"a-fixed-left-grid\" data-mce-fragment=\"1\"\u003e\n\u003cdiv class=\"a-fixed-left-grid-inner\" data-mce-fragment=\"1\"\u003e\n\u003cdiv class=\"a-fixed-left-grid-col a-col-right\" id=\"ppdFixedGridRightColumn\" data-mce-fragment=\"1\"\u003e\n\u003cdiv data-cel-widget=\"bookDescription_feature_div\" data-csa-c-id=\"nfw2zl-6ccvkj-5gdra7-j567wk\" data-feature-name=\"bookDescription\" class=\"celwidget\" id=\"bookDescription_feature_div\" data-mce-fragment=\"1\"\u003e\n\u003cdiv class=\"a-expander-collapsed-height a-row a-expander-container a-spacing-base a-expander-partial-collapse-container\" data-a-expander-collapsed-height=\"140\" data-a-expander-name=\"book_description_expander\" data-mce-fragment=\"1\"\u003e\n\u003cdiv class=\"a-expander-content a-expander-partial-collapse-content\" aria-expanded=\"false\" data-mce-fragment=\"1\"\u003e\n\u003cdiv id=\"bookDescription_feature_div\" class=\"celwidget\" data-feature-name=\"bookDescription\" data-csa-c-type=\"widget\" data-csa-c-content-id=\"bookDescription\" data-csa-c-slot-id=\"bookDescription_feature_div\" data-csa-c-asin=\"\" data-csa-c-is-in-initial-active-row=\"false\" data-cel-widget=\"bookDescription_feature_div\" data-csa-c-id=\"ehaegn-tyd0zo-dhfeox-xpfqnx\"\u003e\n\u003cdiv data-a-expander-name=\"book_description_expander\" data-a-expander-collapsed-height=\"140\" class=\"a-expander-collapsed-height a-row a-expander-container a-spacing-base a-expander-partial-collapse-container\"\u003e\n\u003cdiv aria-expanded=\"false\" class=\"a-expander-content a-expander-partial-collapse-content\"\u003e\n\u003cdiv id=\"bookDescription_feature_div\" class=\"celwidget\" data-feature-name=\"bookDescription\" data-csa-c-type=\"widget\" data-csa-c-content-id=\"bookDescription\" data-csa-c-slot-id=\"bookDescription_feature_div\" data-csa-c-asin=\"162825565X\" data-csa-c-is-in-initial-active-row=\"false\" data-cel-widget=\"bookDescription_feature_div\" data-csa-c-id=\"8463fy-2mhfsj-rdvral-upghl6\"\u003e\n\u003cdiv data-a-expander-name=\"book_description_expander\" data-a-expander-collapsed-height=\"140\" class=\"a-expander-collapsed-height a-row a-expander-container a-spacing-base a-expander-partial-collapse-container\"\u003e\n\u003cdiv aria-expanded=\"false\" class=\"a-expander-content a-expander-partial-collapse-content\"\u003e\n\u003cspan\u003eThis is an update and expansion upon PMI’s popular reference, \u003c\/span\u003e\u003cspan class=\"a-text-italic\"\u003eThe Practice Standard for Project Risk Management. Risk Management\u003cspan\u003e \u003c\/span\u003e\u003c\/span\u003e\u003cspan\u003eaddresses the fact that certain events or conditions may occur with impacts on project, program, and portfolio objectives. This standard will: identify the core principles for risk management; describe the fundamentals of risk management and the environment within which it is carried out; define the risk management life cycle; and apply risk management principles to the portfolio, program, and project domains within the context of an enterprise risk management approach It is primarily written for portfolio, program, and project managers, but is a useful tool for leaders and business consumers of risk management, and other stakeholders.\u003c\/span\u003e\n\u003c\/div\u003e\n\u003cdiv aria-expanded=\"false\" class=\"a-expander-content a-expander-partial-collapse-content\"\u003e\n\u003cspan\u003e\u003c\/span\u003e\u003cbr\u003e\n\u003c\/div\u003e\n\u003cdiv aria-expanded=\"false\" class=\"a-expander-content a-expander-partial-collapse-content\"\u003e\n\u003ch3\u003e\u003cspan\u003eAbout the Author\u003c\/span\u003e\u003c\/h3\u003e\n\u003cdiv class=\"a-section a-spacing-small a-padding-small\"\u003e\u003cspan\u003eThe Project Management Institute provides services including the development of standards, research, education, publication, networking-opportunities in local chapters, hosting conferences and training seminars, and providing accreditation in project management.\u003c\/span\u003e\u003c\/div\u003e\n\u003ch3\u003e\u003cspan\u003eExcerpt. © Reprinted by permission. All rights reserved.\u003c\/span\u003e\u003c\/h3\u003e\n\u003cp\u003e \u003c\/p\u003e\n\u003cp\u003e\u003cstrong\u003eThe Standard for Risk Management in Portfolios, Programs, and Projects\u003c\/strong\u003e\u003c\/p\u003e\n\u003cdiv class=\"a-section a-spacing-small a-padding-small\"\u003e\n\u003ch1\u003e\u003cstrong\u003e\u003c\/strong\u003e\u003c\/h1\u003e\n\u003cstrong\u003e\u003cspan class=\"a-text-bold\"\u003eBy Project Management Institute Inc.\u003c\/span\u003e\u003c\/strong\u003e\n\u003ch4\u003e\u003cstrong\u003e\u003cspan class=\"a-text-bold\"\u003eProject Management Institute, Inc.\u003c\/span\u003e\u003c\/strong\u003e\u003c\/h4\u003e\n\u003cstrong\u003e\u003cspan class=\"a-text-bold\"\u003eCopyright © 2019 Project Management Institute, Inc.\u003cbr\u003eAll rights reserved.\u003cbr\u003eISBN: 978-1-62825-565-2\u003c\/span\u003e\u003cbr\u003e\u003c\/strong\u003e\n\u003ch3\u003e\u003cstrong\u003eContents\u003c\/strong\u003e\u003c\/h3\u003e\n\u003cstrong\u003e1. INTRODUCTION,\u003cbr\u003e2. CONTEXT AND KEY CONCEPTS OF RISK MANAGEMENT,\u003cbr\u003e3. FRAMEWORK FOR RISK MANAGEMENT IN PORTFOLIO, PROGRAM, AND PROJECT MANAGEMENT,\u003cbr\u003e4. RISK MANAGEMENT LIFE CYCLE IN PORTFOLIO, PROGRAM, AND PROJECT MANAGEMENT,\u003cbr\u003e5. RISK MANAGEMENT IN THE CONTEXT OF PORTFOLIO MANAGEMENT,\u003cbr\u003e6. RISK MANAGEMENT IN THE CONTEXT OF PROGRAM MANAGEMENT,\u003cbr\u003e7. RISK MANAGEMENT IN THE CONTEXT OF PROJECT MANAGEMENT,\u003cbr\u003eAPPENDIX X1DEVELOPMENT OF THE STANDARD FOR RISK MANAGEMENT IN PORTFOLIOS, PROGRAMS, AND PROJECTS,\u003cbr\u003eAPPENDIX X2CONTRIBUTORS AND REVIEWERS OF THE STANDARD FOR RISK MANAGEMENT IN PORTFOLIOS, PROGRAMS, AND PROJECTS,\u003cbr\u003eAPPENDIX X3PORTFOLIO RISK MANAGEMENT CONTROLS,\u003cbr\u003eAPPENDIX X4PROGRAM RISK MANAGEMENT CONTROLS,\u003cbr\u003eAPPENDIX X5PROJECT RISK MANAGEMENT CONTROLS,\u003cbr\u003eAPPENDIX X6TECHNIQUES FOR THE RISK MANAGEMENT FRAMEWORK,\u003cbr\u003eAPPENDIX X7ENTERPRISE RISK MANAGEMENT CONSIDERATIONS FOR PORTFOLIO, PROGRAM, AND PROJECT RISK MANAGEMENT,\u003cbr\u003eAPPENDIX X8RISK CLASSIFICATION,\u003cbr\u003eREFERENCES,\u003cbr\u003eGLOSSARY,\u003cbr\u003e\u003cbr\u003e\u003cbr\u003eCHAPTER 1\u003c\/strong\u003e\n\u003cp\u003e\u003cstrong\u003e\u003cspan class=\"a-text-bold\"\u003eINTRODUCTION\u003c\/span\u003e\u003c\/strong\u003e\u003c\/p\u003e\n\u003cp\u003e\u003cstrong\u003eRisk is an uncertain event or condition that, if it occurs, has a positive or negative effect on one or more objectives. Positive risks are opportunities, while negative risks are threats.\u003c\/strong\u003e\u003c\/p\u003e\n\u003cp\u003e\u003cstrong\u003eThe practice of risk management includes planning the approach, identifying and analyzing risks, response planning and implementation, and ongoing monitoring of risks. Risk management is an essential aspect of all organizational activities. This standard describes the application of risk management within an enterprise risk management (ERM) context that includes the portfolio, program, and project domains. Risk management shapes the decision-making processes across the organization and within each of the domains.\u003c\/strong\u003e\u003c\/p\u003e\n\u003cp\u003e\u003cstrong\u003eThe degree to which risk management is pursued can be the difference between success and failure. PMI's 2015 \u003cspan class=\"a-text-italic\"\u003ePulse of the Profession\u003c\/span\u003e report found that for organizations that apply a formal risk management approach, 73% of projects meet their objectives, 61% finish on time, and 64% are completed within the approved budget [1].\u003c\/strong\u003e\u003c\/p\u003e\n\u003cp\u003e\u003cstrong\u003eRisk management allows an organization to:\u003c\/strong\u003e\u003c\/p\u003e\n\u003cp\u003e\u003cstrong\u003e[??] Anticipate and manage change,\u003c\/strong\u003e\u003c\/p\u003e\n\u003cp\u003e\u003cstrong\u003e[??] Improve decision making,\u003c\/strong\u003e\u003c\/p\u003e\n\u003cp\u003e\u003cstrong\u003e[??] Proactively implement typically lower-cost preventive actions instead of higher-cost reaction to issues,\u003c\/strong\u003e\u003c\/p\u003e\n\u003cp\u003e\u003cstrong\u003e[??] Increase the chances to realize opportunities for the benefit of the business,\u003c\/strong\u003e\u003c\/p\u003e\n\u003cp\u003e\u003cstrong\u003e[??] Generate broad awareness of uncertainty of outcomes,\u003c\/strong\u003e\u003c\/p\u003e\n\u003cp\u003e\u003cstrong\u003e[??] Act upon the transformations taking place in its business environment, and\u003c\/strong\u003e\u003c\/p\u003e\n\u003cp\u003e\u003cstrong\u003e[??] Support organizational agility and resilience.\u003c\/strong\u003e\u003c\/p\u003e\n\u003cstrong\u003e\u003cbr\u003e\u003c\/strong\u003e\n\u003cp\u003e\u003cstrong\u003eRisk management also establishes iterative connections among portfolios, programs, and projects and links these connections with ERM and organizational strategy.\u003c\/strong\u003e\u003c\/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003cspan class=\"a-text-bold\"\u003e1.1 PURPOSE OF THIS STANDARD\u003c\/span\u003e\u003c\/strong\u003e\u003c\/p\u003e\n\u003cp\u003e\u003cstrong\u003eThis standard describes the concepts and definitions associated with risk management and highlights the essential components of risk management for integration into the various governance layers of portfolios, programs, and projects with the following major objectives:\u003c\/strong\u003e\u003c\/p\u003e\n\u003cp\u003e\u003cstrong\u003e[??] Describe the fundamentals of risk management,\u003c\/strong\u003e\u003c\/p\u003e\n\u003cp\u003e\u003cstrong\u003e[??] Support the objectives of and demonstrate the link to ERM, and\u003c\/strong\u003e\u003c\/p\u003e\n\u003cp\u003e\u003cstrong\u003e[??] Apply risk management principles, as appropriate, to portfolio, program, and project domains as described in the PMI foundational standards.\u003c\/strong\u003e\u003c\/p\u003e\n\u003cstrong\u003e\u003cbr\u003e\u003c\/strong\u003e\n\u003cp\u003e\u003cstrong\u003eThis standard fulfills a business need to provide a standard for risk management in portfolio, program, and project management that defines the essential considerations for risk management practitioners. It expands on the knowledge contained on risk management in the relevant sections of the PMI foundational standards.\u003c\/strong\u003e\u003c\/p\u003e\n\u003cp\u003e\u003cstrong\u003eThis standard can be used to harmonize practices between ERM and portfolio, program, and project management, regardless of the life cycle approach used.\u003c\/strong\u003e\u003c\/p\u003e\n\u003cp\u003e\u003cstrong\u003ePMI is committed to providing global standards that are widely recognized and consistently applied by organizations as well as practitioners. Increasingly, organizations are requiring practitioners to use risk management practices in portfolio, program, and project management as an integral part of their ERM framework.\u003c\/strong\u003e\u003c\/p\u003e\n\u003cstrong\u003e\u003cbr\u003e\u003c\/strong\u003e\n\u003cp\u003e\u003cstrong\u003e\u003cspan class=\"a-text-bold\"\u003e1.2 APPROACH OF THIS STANDARD\u003c\/span\u003e\u003c\/strong\u003e\u003c\/p\u003e\n\u003cp\u003e\u003cstrong\u003eThis standard presents the \u003cspan class=\"a-text-italic\"\u003ewhat\u003c\/span\u003e and \u003cspan class=\"a-text-italic\"\u003ewhy\u003c\/span\u003e of risk management. The following concepts are elaborated in this standard:\u003c\/strong\u003e\u003c\/p\u003e\n\u003cp\u003e\u003cstrong\u003e[??] Purpose and benefits of risk management;\u003c\/strong\u003e\u003c\/p\u003e\n\u003cp\u003e\u003cstrong\u003e[??] Principles and concepts of risk management in portfolios, programs, and projects;\u003c\/strong\u003e\u003c\/p\u003e\n\u003cp\u003e\u003cstrong\u003e[??] Risk management life cycle in portfolios, programs, and projects; and\u003c\/strong\u003e\u003c\/p\u003e\n\u003cp\u003e\u003cstrong\u003e[??] Integration of risk management within portfolios, programs, and projects.\u003c\/strong\u003e\u003c\/p\u003e\n\u003cstrong\u003e\u003cbr\u003e\u003c\/strong\u003e\n\u003cp\u003e\u003cstrong\u003eThis standard provides guidance on integrating risk management practices into all key areas of enterprise, portfolio, program, and project management. The aim is to ensure that the management of risk is an inherent, natural part of all management domains. The scope of this standard is to provide guidance and not to impose uniformity of processes across portfolios, programs, and projects. When planning and implementing risk management, it is essential that each team consider the characteristics of the organization, portfolio, program, or project. The approach presented in this standard is based on risk management principles that can be used as guidance when designing specific management or business processes adapted to the organizational environment and nature of the work.\u003c\/strong\u003e\u003c\/p\u003e\n\u003cstrong\u003e\u003cbr\u003e\u003c\/strong\u003e\n\u003cp\u003e\u003cstrong\u003e\u003cspan class=\"a-text-bold\"\u003e1.3 PRINCIPLES OF RISK MANAGEMENT\u003c\/span\u003e\u003c\/strong\u003e\u003c\/p\u003e\n\u003cp\u003e\u003cstrong\u003eThere are specific core principles that underlie the process of risk management. The seven principles provided in Sections \u003cspan class=\"a-text-bold\"\u003e1.3.1\u003c\/span\u003e through \u003cspan class=\"a-text-bold\"\u003e1.3.7\u003c\/span\u003e guide the risk management processes and are integral to effective risk management.\u003c\/strong\u003e\u003c\/p\u003e\n\u003cstrong\u003e\u003cbr\u003e\u003c\/strong\u003e\n\u003cp\u003e\u003cstrong\u003e1.3.1 STRIVE TO ACHIEVE EXCELLENCE IN THE PRACTICE OF RISK MANAGEMENT\u003c\/strong\u003e\u003c\/p\u003e\n\u003cp\u003e\u003cstrong\u003eRisk management allows organizations and teams to increase the predictability of outcomes, both qualitatively and quantitatively. This principle is about reaching the appropriate level of organizational process maturity (the ability of an organization to apply a certain set of processes in a consistent manner) and the optimal level of performance. Excellence in risk management is not achieved by the strict and exhaustive application of related processes. Rather, excellence can be achieved by (a) balancing the benefits to be obtained with the associated cost and (b) tailoring the risk management processes to the characteristics of the organization and its portfolios, programs, and projects. Process excellence in risk management is itself a risk management strategy.\u003c\/strong\u003e\u003c\/p\u003e\n\u003cstrong\u003e\u003cbr\u003e\u003c\/strong\u003e\n\u003cp\u003e\u003cstrong\u003e1.3.2 ALIGN RISK MANAGEMENT WITH ORGANIZATIONAL STRATEGY AND GOVERNANCE PRACTICES\u003c\/strong\u003e\u003c\/p\u003e\n\u003cp\u003e\u003cstrong\u003eThe practice of risk management in organizations is developed and evolved in coexistence with other organizational processes, such as strategy and governance. The nature of portfolios, programs, and projects is such that circumstances may change frequently. Adjustments become necessary as the organization evolves, for example, when changes to decision-making processes, timing, scope, and speed are made.\u003c\/strong\u003e\u003c\/p\u003e\n\u003cstrong\u003e\u003cbr\u003e\u003c\/strong\u003e\n\u003cp\u003e\u003cstrong\u003e1.3.3 FOCUS ON THE MOST IMPACTFUL RISKS\u003c\/strong\u003e\u003c\/p\u003e\n\u003cp\u003e\u003cstrong\u003eSuccessful organizations are able to effectively and efficiently identify the risks that directly influence goals and objectives. The challenge for most organizations is making the best use of resources by focusing on the right risks. This depends on the characteristics of the organization, its environment, internal maturity, culture, and strategy. Determining the most impactful risks can be difficult. Organizations develop and improve by refining the processes for risk prioritization.\u003c\/strong\u003e\u003c\/p\u003e\n\u003cstrong\u003e\u003cbr\u003e\u003c\/strong\u003e\n\u003cp\u003e\u003cstrong\u003e1.3.4 BALANCE REALIZATION OF VALUE AGAINST OVERALL RISKS\u003c\/strong\u003e\u003c\/p\u003e\n\u003cp\u003e\u003cstrong\u003eRisk management seeks to find the proper balance between the exposure to risk and the expected business value creation or realization. Initiatives presenting a low level of risk may not create a sufficient level of value and performance. On the other hand, initiatives presenting a high, expected performance may expose the organization to an unacceptable level of threat.\u003c\/strong\u003e\u003c\/p\u003e\n\u003cstrong\u003e\u003cbr\u003e\u003c\/strong\u003e\n\u003cp\u003e\u003cstrong\u003e1.3.5 FOSTER A CULTURE THAT EMBRACES RISK MANAGEMENT\u003c\/strong\u003e\u003c\/p\u003e\n\u003cp\u003e\u003cstrong\u003eRisk management is an inherent and essential part of the portfolio, program, and project management framework. The practice of risk management is propagated, recognized, and encouraged throughout the organization. A culture of risk management encourages (a) the identification of threats rather than ignoring them and (b) the identification of opportunities by cultivating a positive mindset within the organization — one that is more open to accept and harness the positive changes impacting the various initiatives.\u003c\/strong\u003e\u003c\/p\u003e\n\u003cstrong\u003e\u003cbr\u003e\u003c\/strong\u003e\n\u003cp\u003e\u003cstrong\u003e1.3.6 NAVIGATE COMPLEXITY USING RISK MANAGEMENT TO ENABLE SUCCESSFUL OUTCOMES\u003c\/strong\u003e\u003c\/p\u003e\n\u003cp\u003e\u003cstrong\u003eManaging risks is an essential part of reducing and handling the complexity within organizational initiatives. The ability to identify and manage risks is directly dependent on the level of complexity of the initiatives. Concentrating efforts on clarifying the objectives, requirements, and scope of initiatives facilitates the identification of risks and enhances the ability to manage them, thus lowering the exposure of these initiatives to unforeseen situations. The more organizations navigate complexity using risk management, the more they will be able to optimize the use of resources, increase the return on investments, and improve overall performance and business results.\u003c\/strong\u003e\u003c\/p\u003e\n\u003cstrong\u003e\u003cbr\u003e\u003c\/strong\u003e\n\u003cp\u003e\u003cstrong\u003e1.3.7 CONTINUOUSLY IMPROVE RISK MANAGEMENT COMPETENCIES\u003c\/strong\u003e\u003c\/p\u003e\n\u003cp\u003e\u003cstrong\u003eThe nature of risks to which an organization is exposed and the available technology to manage those risks are changing. Technology allows organizations to manage risks more effectively and to better focus on the risks' impacts. Through continuous improvement of risk management competencies, organizations and individuals can develop sustainable competitive advantages that contribute to overall organizational performance.\u003c\/strong\u003e\u003c\/p\u003e\n\u003cstrong\u003e\u003cbr\u003e\u003c\/strong\u003e\n\u003cp\u003e\u003cstrong\u003e\u003cspan class=\"a-text-bold\"\u003e1.4 STRUCTURE OF THIS STANDARD\u003c\/span\u003e\u003c\/strong\u003e\u003c\/p\u003e\n\u003cp\u003e\u003cstrong\u003eThis standard can be used to review portfolio, program, and project management processes from a risk management perspective. It is organized as follows:\u003c\/strong\u003e\u003c\/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003cspan class=\"a-text-bold\"\u003eSection 1\u003c\/span\u003e — Introduction\u003c\/strong\u003e\u003c\/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003cspan class=\"a-text-bold\"\u003eSection 2\u003c\/span\u003e — Context and Key Concepts of Risk Management\u003c\/strong\u003e\u003c\/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003cspan class=\"a-text-bold\"\u003eSection 3\u003c\/span\u003e — Framework for Risk Management in Portfolio, Program, and Project Management\u003c\/strong\u003e\u003c\/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003cspan class=\"a-text-bold\"\u003eSection 4\u003c\/span\u003e — Risk Management Life Cycle in Portfolio, Program, and Project Management\u003c\/strong\u003e\u003c\/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003cspan class=\"a-text-bold\"\u003eSection 5\u003c\/span\u003e — Risk Management in the Context of Portfolio Management\u003c\/strong\u003e\u003c\/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003cspan class=\"a-text-bold\"\u003eSection 6\u003c\/span\u003e — Risk Management in the Context of Program Management\u003c\/strong\u003e\u003c\/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003cspan class=\"a-text-bold\"\u003eSection 7\u003c\/span\u003e — Risk Management in the Context of Project Management\u003c\/strong\u003e\u003c\/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003cspan class=\"a-text-bold\"\u003eAppendix X1\u003c\/span\u003e — Development of \u003cspan class=\"a-text-italic\"\u003eThe Standard for Risk Management in Portfolios, Programs, and Projects\u003c\/span\u003e\u003c\/strong\u003e\u003c\/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003cspan class=\"a-text-bold\"\u003eAppendix X2\u003c\/span\u003e — Contributors and Reviewers of \u003cspan class=\"a-text-italic\"\u003eThe Standard for Risk Management in Portfolios, Programs, and Projects\u003c\/span\u003e\u003c\/strong\u003e\u003c\/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003cspan class=\"a-text-bold\"\u003eAppendix X3\u003c\/span\u003e — Portfolio Risk Management Controls\u003c\/strong\u003e\u003c\/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003cspan class=\"a-text-bold\"\u003eAppendix X4\u003c\/span\u003e — Program Risk Management Controls\u003c\/strong\u003e\u003c\/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003cspan class=\"a-text-bold\"\u003eAppendix X5\u003c\/span\u003e — Project Risk Management Controls\u003c\/strong\u003e\u003c\/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003cspan class=\"a-text-bold\"\u003eAppendix X6\u003c\/span\u003e — Techniques for the Risk Management Framework\u003c\/strong\u003e\u003c\/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003cspan class=\"a-text-bold\"\u003eAppendix X7\u003c\/span\u003e — Enterprise Risk Management Considerations for Portfolio, Program, and Project Risk Management\u003c\/strong\u003e\u003c\/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003cspan class=\"a-text-bold\"\u003eAppendix X8\u003c\/span\u003e — Risk Classification\u003c\/strong\u003e\u003c\/p\u003e\n\u003cstrong\u003eCHAPTER 2\u003c\/strong\u003e\n\u003cp\u003e\u003cstrong\u003e\u003cspan class=\"a-text-bold\"\u003eCONTEXT AND KEY CONCEPTS OF RISK MANAGEMENT\u003c\/span\u003e\u003c\/strong\u003e\u003c\/p\u003e\n\u003cp\u003e\u003cstrong\u003eRisk is inherently present in all organizations. Risks present organizations with challenges but may also offer a competitive advantage when both threats and opportunities are managed proactively. Risk management provides a comprehensive and integrated framework for addressing and managing risk at all levels of the organization, from portfolios through programs, projects, and operations.\u003c\/strong\u003e\u003c\/p\u003e\n\u003cstrong\u003e\u003cbr\u003e\u003c\/strong\u003e\n\u003cp\u003e\u003cstrong\u003e\u003cspan class=\"a-text-bold\"\u003e2.1 KEY CONCEPTS AND DEFINITIONS\u003c\/span\u003e\u003c\/strong\u003e\u003c\/p\u003e\n\u003cp\u003e\u003cstrong\u003eAll organizations face the uncertainty of both internal and external events. Uncertain present and future challenges can be dealt with by formulating and applying a sound business strategy toward realizing a set of objectives and managing risks. Risk management provides insight into risks that need to be addressed in support of reaching those objectives and takes advantage of opportunities. When opportunities occur, they are called benefits.\u003c\/strong\u003e\u003c\/p\u003e\n\u003cstrong\u003e\u003cbr\u003e\u003c\/strong\u003e\n\u003cp\u003e\u003cstrong\u003e2.1.1 RISK\u003c\/strong\u003e\u003c\/p\u003e\n\u003cp\u003e\u003cstrong\u003eAn individual risk is an uncertain event or condition that, if it occurs, has a positive or negative effect on one or more objectives. Overall risk is the effect of uncertainty that affects organizational objectives at different levels or aspects. Risk arises from all sources of uncertainty, including individual risks in the portfolio, program, and project domains. These risks represent the exposure of the organization and its stakeholders to the consequences of uncertainty on the realization of the organization's strategy and business objectives. Once the risk occurs, it is then managed within the various governance layers (enterprise, portfolio, program, and project) by driving the resulting outcomes.\u003c\/strong\u003e\u003c\/p\u003e\n\u003cp\u003e\u003cstrong\u003eUncertainty is inherent in the nature of portfolios, programs, and projects. Risk arises out of uncertainty and generates uncertainty. The more risks one can identify, the more uncertainty is indicated. One of the key factors that determines the ability to identify risks is ambiguity. When ambiguity is low, the level of information available is high, which allows the identification of risks. Uncertainty and ambiguity are factors where assessment and open evaluation drive risk management efforts. Assessments and open evaluations allow for the determination of the proper risk management strategy and define how risks will be managed throughout the portfolio, program, and project management life cycles, the iterations of these life cycles, and their interactions.\u003c\/strong\u003e\u003c\/p\u003e\n\u003cstrong\u003e\u003cbr\u003e\u003c\/strong\u003e\n\u003cp\u003e\u003cstrong\u003e2.1.2 OPPORTUNITIES\u003c\/strong\u003e\u003c\/p\u003e\n\u003cp\u003e\u003cstrong\u003eOpportunities are risks that have a positive effect on one or more objectives. Opportunity management helps to identify and understand possible ways in which objectives can be achieved more successfully.\u003c\/strong\u003e\u003c\/p\u003e\n\u003cp\u003e\u003cstrong\u003eMoving beyond the traditional view of risk as a value destroyer to seeing risk as a potential value enhancer requires creativity and vision, and a system that allows these opportunities to flourish and lead to organizational success.\u003c\/strong\u003e\u003c\/p\u003e\n\u003cp\u003e\u003cstrong\u003eA consistent portfolio, program, and project management system helps to:\u003c\/strong\u003e\u003c\/p\u003e\n\u003cp\u003e\u003cstrong\u003e[??] Identify and assess opportunities that are often linked, and\u003c\/strong\u003e\u003c\/p\u003e\n\u003cp\u003e\u003cstrong\u003e[??] Improve the organization's ability to accept and pursue opportunities.\u003c\/strong\u003e\u003c\/p\u003e\n\u003cstrong\u003e\u003cbr\u003e\u003c\/strong\u003e\n\u003cp\u003e\u003cstrong\u003e2.1.3 THREATS\u003c\/strong\u003e\u003c\/p\u003e\n\u003cp\u003e\u003cstrong\u003eThreats are risks that would have a negative effect on one or more objectives. Threat management involves the use of risk management resources to:\u003c\/strong\u003e\u003c\/p\u003e\n\u003cp\u003e\u003cstrong\u003e[??] Describe risks,\u003c\/strong\u003e\u003c\/p\u003e\n\u003cp\u003e\u003cstrong\u003e[??] Analyze risk attributes,\u003c\/strong\u003e\u003c\/p\u003e\n\u003cp\u003e\u003cstrong\u003e[??] Evaluate the probability of risk occurrence and impact as well as other characteristics, and\u003c\/strong\u003e\u003c\/p\u003e\n\u003cp\u003e\u003cstrong\u003e[??] Implement a planned response, when appropriate.\u003c\/strong\u003e\u003c\/p\u003e\n\u003cstrong\u003e\u003cbr\u003e\u003c\/strong\u003e\n\u003cp\u003e\u003cstrong\u003eSimilar to managing opportunities, managing threats is a staged process. Both use a structured life cycle framework to ensure that the process is robust and complete as described in \u003cspan class=\"a-text-bold\"\u003eSection 4\u003c\/span\u003e. Should threats occur, they are called issues and are listed in the issue log.\u003c\/strong\u003e\u003c\/p\u003e\n\u003cstrong\u003e\u003cbr\u003e\u003c\/strong\u003e\n\u003cp\u003e\u003cstrong\u003e2.1.4 RISK ATTITUDE\u003c\/strong\u003e\u003c\/p\u003e\n\u003cp\u003e\u003cstrong\u003eRisk attitude is a disposition toward uncertainty, adopted explicitly or implicitly by individuals and groups, driven by perception, and evidenced by observable behavior. Risk attitude represents an organization's approach to assess and eventually pursue, retain, take, or turn away from risk. Risk attitudes can range from risk averse to risk seeking.\u003c\/strong\u003e\u003c\/p\u003e\n\u003cp\u003e\u003cstrong\u003eOrganizations seek to establish a consistent method for evaluating and responding to risk across the enterprise. One obstacle to developing that consistency is an individual's different or inconsistent attitudes toward risks — and those attitudes may vary according to the circumstance.\u003c\/strong\u003e\u003c\/p\u003e\n\u003cp\u003e\u003cstrong\u003eIn summary, risk attitude is an individual's or group's preference to evaluate a risk situation in a favorable or unfavorable way and to act accordingly. However, risk attitudes are not necessarily stable nor homogeneous.\u003c\/strong\u003e\u003c\/p\u003e\n\u003cstrong\u003e\u003cbr\u003e\u003c\/strong\u003e\n\u003cp\u003e\u003cstrong\u003e2.1.5 RISK APPETITE\u003c\/strong\u003e\u003c\/p\u003e\n\u003cp\u003e\u003cstrong\u003eRisk appetite is the degree of uncertainty an organization or individual is willing to accept in anticipation of a reward. Risk appetite guides the management of risk and the parameters the organization uses in deciding whether or not to take on risk. In addition, risk appetite defines what types of risks an organization pursues.\u003c\/strong\u003e\u003c\/p\u003e\n\u003cp\u003e\u003cstrong\u003eA risk appetite determination represents the start of embracing risk. \u003cspan class=\"a-text-bold\"\u003eFigure 2-1\u003c\/span\u003e shows the interrelationship of risk appetite and its direct influence on business strategy, the risk management framework, and the underlying policy and processes. The resulting risk appetite determination defines the amount and type of risk that the organization is willing to take in order to meet its strategic objectives.\u003c\/strong\u003e\u003c\/p\u003e\n\u003cp\u003e\u003cstrong\u003eRisk appetite expresses the level of risk the organization is willing to take in pursuit of its portfolio, program, and project objectives. Portfolio, program, and project risk is not a singular, but rather a multifaceted concept.\u003c\/strong\u003e\u003c\/p\u003e\n\u003cp\u003e\u003cstrong\u003eAs organizations grow, expand, and evolve, so do the risks they face. The type, prominence, and appetite for risks change at different points in the life cycle of an organization and during the life cycle of its programs and projects.\u003c\/strong\u003e\u003c\/p\u003e\n\u003cstrong\u003e\u003cbr\u003e\u003c\/strong\u003e\n\u003cp\u003e\u003cstrong\u003e2.1.6 RISK THRESHOLD\u003c\/strong\u003e\u003c\/p\u003e\n\u003cp\u003e\u003cstrong\u003eRisk threshold is the measure of acceptable variation around an objective that reflects the risk appetite of the organization and its stakeholders. A key element of risk strategy is the establishment and monitoring of enterprise, portfolio, program, and project risk thresholds. Examples of risk thresholds include:\u003c\/strong\u003e\u003c\/p\u003e\n\u003cp\u003e\u003cstrong\u003e[??] Minimum level of risk exposure for a risk to be included in the risk register,\u003c\/strong\u003e\u003c\/p\u003e\n\u003cp\u003e\u003cstrong\u003e[??] Qualitative or quantitative definitions of risk rating, and\u003c\/strong\u003e\u003c\/p\u003e\n\u003cp\u003e\u003cstrong\u003e[??] Maximum level of risk exposure that can be managed before an escalation is triggered.\u003c\/strong\u003e\u003c\/p\u003e\n\u003cstrong\u003e\u003cbr\u003e\u003c\/strong\u003e\n\u003cp\u003e\u003cstrong\u003eEstablishing risk thresholds is an integral step in linking portfolio, program, and project risk management to strategy alignment and is performed as part of early planning. Based on the risk appetite of the organization, governance may also be responsible for ensuring that risk thresholds are established and observed, and when the risk should be escalated to a higher governance level.\u003c\/strong\u003e\u003c\/p\u003e\n\u003cstrong\u003e\u003cbr\u003e\u003c\/strong\u003e\n\u003cp\u003e\u003cstrong\u003e\u003cspan class=\"a-text-bold\"\u003e2.2 RISK MANAGEMENT IN ORGANIZATIONS\u003c\/span\u003e\u003c\/strong\u003e\u003c\/p\u003e\n\u003cp\u003e\u003cstrong\u003eThe organization's governance body is ultimately responsible for setting, confirming, and enforcing risk appetite and risk management principles as part of its governance oversight. An organization's governance also determines which risk management processes are appropriate in terms of organizational strategy, scope, context, and content.\u003c\/strong\u003e\u003c\/p\u003e\n\u003cstrong\u003e\u003cbr\u003e\u003c\/strong\u003e\n\u003c\/div\u003e\n\u003c\/div\u003e\n\u003c\/div\u003e\n\u003c\/div\u003e\n\u003cdiv id=\"globalStoreInfoBullets_feature_div\" class=\"celwidget\" data-feature-name=\"globalStoreInfoBullets\" data-csa-c-type=\"widget\" data-csa-c-content-id=\"globalStoreInfoBullets\" data-csa-c-slot-id=\"globalStoreInfoBullets_feature_div\" data-csa-c-asin=\"162825565X\" data-csa-c-is-in-initial-active-row=\"false\" data-cel-widget=\"globalStoreInfoBullets_feature_div\" data-csa-c-id=\"5jiwxr-hf55l2-j5llg0-n0wdv\"\u003e\u003cbr\u003e\u003c\/div\u003e\n\u003c\/div\u003e\n\u003c\/div\u003e\n\u003c\/div\u003e\n\u003c\/div\u003e\n\u003c\/div\u003e\n\u003c\/div\u003e\n\u003c\/div\u003e\n\u003c\/div\u003e\n\u003c\/div\u003e","brand":"Bookread","offers":[{"title":"PDF","offer_id":56754670043467,"sku":null,"price":29.99,"currency_code":"USD","in_stock":true}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/1031\/1204\/8971\/files\/611wv8DYurL.jpg?v=1773063482","url":"https:\/\/bookread.io\/products\/the-standard-for-risk-management-in-portfolios-programs-and-projects","provider":"bookread","version":"1.0","type":"link"}