Common Risks Within A Project Portfolio

by | Mar 20, 2024 | Portfolio Assurance

Every project has its risks – it’s part of the territory. And a careful risk analysis of a project will typically surface a fair few items for a risk register to keep on the radar. It doesn’t take long then, for an organisation with multiple projects running, to become overwhelmed with understanding its business risk at any one time.

Part of managing projects as a ‘portfolio’ is about building visibility and efficiency in how risks are mitigated or managed. While different projects will have unique risks, there will be a reasonable degree of overlap too. And then there are risks associated with the portfolio itself – such as the cost of funding concurrent initiatives and how this impacts the financials broadly.

In this article we offer some of the common risks that are found in a project portfolio environment and how you might best manage these.

Strategic risks in a portfolio of projects

Any project or portfolio of projects should be directly attributable to the strategic objectives of the business. If there’s a disconnect between the organisational goals and those of the project portfolio, it’s very hard to bring about effective change.

Keeping this alignment relies upon the Board, Minister, Leadership team etc having established clear objectives in the first place. With these articulated, it’s then incumbent on leadership to ensure that their initiatives link directly to these goals. A business case should articulate exactly why and how a proposed programme or project will deliver on these goals. Once accepted and signed off, a carefully protected project scope should help keep delivery focused.

There’s a risk however, especially for longer, drawn out projects, that a delivery team or steering group can lose sight of the original strategic objective the project was designed to support. This can lead to more delays with debate around scope, business need and stakeholders’ own objectives.

These risks don’t just eventuate in single projects, either. The combination of projects can sometimes create barriers towards meeting strategic goals. It’s vital to view projects as a portfolio for this reason. Imagine a business that had projects around sustainability, new property, infrastructure and technology. The property project could prevent the objectives of the sustainability project if the two weren’t carefully managed together. There’s also the matter of competing for resources as experts in short supply are needed in multiple projects.

Good portfolio management can mean reducing the number of active projects and sequencing them in a way that makes sense, such as putting in new IT infrastructure that can support an upcoming system (another project).

Financial and budget risks

Of course, a big risk with project portfolios is taking on too much concurrent work that costs the business financially and with resources. Projects are expensive, high-stakes activities for a business to embark on. They’re also susceptible to budget overruns, especially if the estimates were rushed. There’s a very real financial risk to take on with one project’s budget as distinct from the other operations of the business. Create this risk in multiple places and the organisation can be left exposed to some very tough financial implications if multiple projects run over.

This isn’t to say that multiple projects shouldn’t be run at the same time – a well-managed project portfolio is often the key to rapid, significant transformation. But the lack of view across a portfolio of projects and the entire financial risk combined could spell disaster later down the track.

IQANZ Blog Preparing business for a project

There’s also the matter of how much budget is required for each project. The split of available budget for projects should reflect the needs of each project to deliver the agreed outcomes. This flows through into the topic of making sure a project plan is detailed enough to fully understand the hours and expertise required to complete each stage. Getting this out of whack can result in some projects being overfunded and inefficient and others being underfunded and desperately trying to meet deadlines.

Market risks to be aware of

Things change in the market that can require significant pivots in projects. This could be new technologies that the end user will simply expect or changes in the economy that make a property fit out more expensive than planned. Whatever the project, it’s susceptible to forces from outside the organisation in some way.

Changes in the market or consumer behaviours can even render a project (at least in the form it started) as seemingly redundant which can be a sobering experience for leadership teams. Indirectly, external changes can impact the day to day operations of the business or organisation, leading to less resource or money to spend on projects.

While no one has a crystal ball to tell the future of the economy or society, project portfolios can be managed more effectively when careful business and market analysis is conducted and potential risks are recorded. Even if there’s no clear mitigation strategy, leadership teams should at least know the risks involved to weigh up the feasibility of a specific project or programme.

When assessing the portfolio as a whole, it’s worth revisiting the overarching business strategy and specific objectives – are there known risks that could alter the course of the business strategy? If so, this should be reflected in the project portfolio governance and risk management register.

Legal and compliance risks

A legal department in a large organisation is often the source of bottlenecks; it’s not their fault, the nature of the work requires very careful attention to get right. Many projects involve some reliance on the legal team, whether it’s reviewing contracts with suppliers, managing large procurements or terminology within a policy document. A portfolio of projects will therefore mean more potential strain on the resources of legal staff members.

Like other resources, it’s important to make sure that project managers aren’t vying for legal input at the same time. Ways to manage this include staggering the launches and phases of projects and being deliberate about when and what legal involvement will look like.

IQANZ Blog Preparing business for a project
Of course the resource challenge with legal is simply the tip of a much larger iceberg; not having adequate legal and compliance in place for projects can run more serious risks of a project’s outputs failing regulatory compliance checks or worse, putting the business or organisation in legal jeopardy. This is simply part of the balancing act between timely delivery, staying within budget and ensuring compliance at the same time. No one said this was easy!

Technical risks to actively manage in a project portfolio

While some technology-related risks are project-specific, there are many aspects that rely on the organisation wide infrastructure. A new system or integration can bring with it vulnerabilities around security or stability which can compromise more than just the project it relates to. This is why it’s important to include IT personnel from the organisation that will help consult around impacts and dependencies within the tech stack.

Best practice risk management and mitigation should mean that proposed solutions are reviewed carefully for their ability or not to work alongside existing systems. One of the bigger headaches around technical projects is the integration between legacy and new platforms.

Does the project require the migration of sensitive data from old to new?

This can also be an organisational-wide risk to capture and minimise. It’s not just the leaking of data to the wrong place; simply moving data without the right steps can lead to corruption or loss entirely which gets very expensive to remedy.

Another common risk to work through is dependency on third-party providers. It’s common practice for organisations to engage vendors to implement a technical project through expertise and platform knowledge. The risk to the business grows when that knowledge and understanding is not adequately transferred internally to the business by means of training and documentation. A portfolio of projects and their outcomes shouldn’t depend long term on these vendors entirely. When reviewing the portfolio, recurring instances of depending heavily on partners could indicate a need to bolster internal IT resources.

Creating a risk register at the project portfolio level

Each project should have its own risk register, with reporting on how each risk could pose an issue, level of severity and mitigation strategies. Categorising these is an important step to ensure the project team, steering group and stakeholders know what to focus on. So too, is the ownership of each of these risk response strategies.

Taking this up a level to the project portfolio – the same ethos applies here, although the focus is more for a leadership team to mitigate the risks that exist across all or multiple projects. Because the portfolio’s risk register is only as complete as the quality of the risk reporting at project-level, it’s simply a must for good governance practices to be in place. This is why we work closely with organisations’ leadership to embed reporting and governance that’s clear and effective.

IQANZ Blog Preparing business for a project

Reducing or mitigating these risks

The mitigation or elimination of risks depends greatly on the context – is it financial, compliance, technical or otherwise? This will help determine who needs to be included in the response strategy. At the portfolio level, risk mitigation involves identification, assessment and planning – no matter what the risk.

Some of the common responses to perceived risk in a portfolio include:

Diversification of activities and risk

Having multiple projects of a similar nature that present similar risks could amplify the impact. It’s also a good idea to protect the business more from the failure of one particular initiative.

Prioritising risks

It’s not always possible to respond and mitigate every risk presented in the portfolio at once. Leadership should regularly review the reporting and status of each project and determine where action needs to be taken immediately.

Governance

The way an organisation reports and communicates on project performance can influence how capable it is to mitigate and manage portfolio risks. A good risk register is the bedrock to understanding what shape the portfolio is in.

Managing resources

One of the really beneficial parts of maintaining a good project portfolio governance structure is that leadership teams can quickly see where potential resource strains on the business might exist. This can help not only make decisions that reduce this risk, but build a portfolio that is manageable to deliver. Having a close eye over resource requirements can also help schedule the timing of initiatives. Some may have a higher chance of success if they chronologically come after others.

Communicate and collaborate

So much of effective project portfolio management comes down to the communication within the organisation. Professional, empathetic and positive communication leads to stronger relationships, better trust and ultimately, much better results delivered by projects.

Creating a culture of constructive communication is far from an overnight process. For project risk management to really work well, everyone involved needs to actively practise communicating well. This includes project teams collaborating with business units and leaders, and the steering group working closely with the project manager.

IQANZ Blog Preparing business for a project

Be intentional about project portfolio changes

If there’s action needed to mitigate a risk within a portfolio, the implementation needs to be clear, communicated and carefully done. Significant re-prioritisation or change in the portfolio can impact progress by the delivery team, alignment with the organisation strategy and even see staff lose confidence. That is, if it’s not handled properly.

It’s best to do the in depth analysis before a decision is made; once it has, move swiftly and ensure it’s embedded correctly. If you’re stuck on how to institute change within a portfolio, IQANZ can help.

Identify risks and manage your portfolio of projects better with IQANZ

We’re an assurance provider that offers support to organisations to deliver better projects and programmes. Part of our work involves the effective prioritisation of business initiatives. You can learn about our portfolio assurance services, or reach out to us today if you’re keen to chat more about how we can help.

You may also like