Portfolio Assurance Resources

Managing Risks In A Project Portfolio

The information in this guide is intended for general purposes only. For more specific guidance around your organisation’s projects, please get in touch with our team.

In this section, you will find:

Risks are just part of life. In a business, every day presents risks, both big and small – a project is one of the types of business activity where there are a lot of potential challenges, roadblocks and threats to progress. Businesses shouldn’t put unrealistic pressure on themselves to avoid risks entirely – doing so is, in our view, virtually impossible. 

Instead, being ready for risks with good preparation and planning will help a business get through these issues. It will also help to spot issues well before they grow into serious threats. Risk management is even more valuable if your business is juggling many projects within a portfolio.  

In this guide, we talk about risk management within a portfolio and how to keep a close eye on the various challenges that may occur.

Managing risks in a project portfolio IQANZ

Doing the risk assessment work up front on each project

Risk management becomes easier the more lead-in time you have before the project actually kicks off. While risk management doesn’t finish until the project’s done, the upfront work makes a huge difference. Before any significant progress is made on each project, a thorough risk process will unearth potential problems such as:

 

  • Market factors
  • Financial risks
  • Operational risks
  • Compliance risks
  • People risks
  • Security risks
  • Technology risks
Understanding what the risks look like for a project before work begins in earnest is worth the effort – preventing a bad thing from happening to a project because you can see it coming is far preferred to having to react and respond in the heat of the moment. .

As a project portfolio is built over time (we’d suggest against launching too many projects at the same time, but that’s a topic for another day), risk assessment on each project can be thorough and specific to its own scope. Conducting risk analysis of the project should be summarised in an actively managed risk register. With good systems in place, the biggest risks for each project can be ‘laddered up’ into a central risk repository where a leadership team or portfolio role can assess all projects together.

Mitigating risks at the project level

Risk mitigation is a more apt description for positive proactive management than ‘removal’. Reducing the severity of that risk eventuating helps the team work through it without derailing progress, budget or deadlines. Mitigation needs to happen for each project, with the involvement of the project management office (if there is one) and the delivery team but also with the steering committee and other stakeholders too. Mitigation can take many forms, such as proactively addressing the trigger points ahead of time (such as getting a sign-off process streamlined before delivery starts), or building a response plan for the eventuality of that risk coming to fruition (such as having a plan B for a technology supplier).

The portfolio level isn’t where risks to delivery should be mitigated. The portfolio level of project risk analysis should assess common themes, shared trends and potential strategic issues that threaten the business as a whole. Some of the solutions to these may require the delegation to put in place, but the combined mitigation of these risks will help reduce the threat it presents to the business as a whole.

Reporting practices for keeping all business risks visible

Once risks have been identified, the risk register should be visible at portfolio level – including any developments that increase or reduce the severity or likelihood of the risk. In large organisations that manage project portfolios there may be roles or an entire team dedicated to staying on top of these risks and reporting them in the way they need to be at each level.

A leadership team may require briefing on the most pertinent risks shared across the portfolio, whilst one leader may be more involved in specific risks that pertain to their remit in the business.

Reporting of risks will therefore include the register of all risks, time-specific reporting with analysis and project-specific risks that are managed at the delivery level. At certain intervals, there may also be a board-level report on risks that exist, often prepared under the direction of a leadership team.

As with most things in the project delivery space, communication helps a huge amount to keeping everyone on the same page and supporting mitigation to work better.

Categorising risks

With a shared view of all the risks across the project portfolio, businesses can start to categorise these. We’ve provided some groupings earlier (people, financial, security etc.), but it may pay to provide more categories or sub-groupings based on factors like:

  • Risk severity
  • Ease of mitigation
  • Business unit or person responsible for mitigation
  • Type of project (technology, customer service)
  • Timeframe (short or long-term risk)
  • Leader accountability

How risks in your organisation are divided up depends on how many risks there are, as well as the approach to mitigating these. As assurance experts, we’re able to guide your business on its approach to risk management across the entire portfolio.

Keeping risk in the leadership agenda

Risks may be managed day to day by steering committees, risk teams and other parts of the operational business, but they are certainly something that leadership have a close interest in. It’s important that leadership teams don’t simply bring project risk onto the agenda when responding to a critical issue. Proactive review of the portfolio risks helps surface useful discussion and decision-making ahead of these risks growing in severity.

Prioritising the biggest threats to business continuity

Like projects themselves, risk prioritisation is something that businesses often have to wrestle with; what presents the most significant potential issues should that risk eventuate? Priority can be assisted by the risk management happening operationally regularly – the sum total of which can inform a picture of the main portfolio risks. Whilst all threats to the business through the risk assessment function should be addressed, a priority helps to determine where the immediate resources and time need to be allocated to.
Managing risks in a project portfolio IQANZ

Finding fixes that take the pressure off across a project portfolio

With a view of risks that are the most far-reaching and significant, the business can relieve a lot of strain on the portfolio by tackling solutions to those first. An example of this is the issue of business continuity through civil emergency – would a large percentage of projects be at risk of slow down or failure if the business premises becomes inaccessible? This kind of risk is a prime candidate for a decentralisation of systems and people to allow off site continuity.

Some risks to projects can arise from long-standing systemic problems in the business and are nothing to do with the projects at all. Workplace culture or bureaucracy could create a slow sign-off and progress challenge, for example. It’s important that those involved with monitoring and managing the portfolio know when this sort of systemic risk has surfaced – and there’s a clear line of escalation to the leadership team to plan a resolution.

When these improvements to the way the business operates are in place, the benefit on all subsequent project activity is noticeable.

When a project’s risk profile requires it to be paused

Sometimes the risks associated with a project mount up. This can impact its ability to progress without significant effects to the business. This is rare – projects are created for genuine reasons, so if this scenario plays out, it’s usually due to new risks evolving over the lifespan of the project. Take a technology project designed to launch new product features that will be rendered useless by a market force. Without active risk management, a project can run for longer than it should and cost the organisation.

Projects within a portfolio could also develop risks that can impact other projects at the same time. Pausing or slowing down the project may be the best course of action until the risks can be mitigated.

Open communication allows better understanding of risk

In our experience, some of the biggest risks materialise due to a lack of communication – in person, and via risk reporting tools. When the project steering committee understands what’s happening at the delivery level, and the leadership team is equipped with information to make decisions, risks don’t get lost in the rush of day to day operations. A portfolio of projects benefits greatly from the free flow of information, making governance much more effective.

Need guidance around your portfolio’s risk management? We can help

Risk is complex. Whilst there’s no replacement for good risk expertise in an organisation, there are nuances of project portfolio management that external assurance can help navigate. If you’re looking for an independent quality assurance provider, contact our team to arrange an initial chat.

Where to next?

Read our other portfolio assurance resources:
Managing risks in a project portfolio 1

Managing risks In a project portfolio

Risks exist in every project portfolio. It’s not possible to eliminate them, but it is possible to be well-prepared.
Learn More >>

Designing a portfolio delivery plan IQANZ

Designing a portfolio delivery plan

Any good organisational initiative needs a strong plan. A portfolio approach to projects relies on good planning to ensure the health and success of each underlying activity. We explain what this looks like in our guide.
Learn More >>

Guide to portfolio governance IQANZ

Guide to portfolio governance

Governance doesn’t just exist at the project level - good practices around the reporting and management of the portfolio in its entirety helps organisations stay in control and on budget.
Learn More >>

Building a balanced project portfolio IQANZ

Prioritising projects in an organisation

Priority of business initiatives is complicated - there are financial, strategic and even political aspects to project portfolio management.
Learn More >>

Secret to successful portfolio delivery IQANZ

The secret to successful portfolio delivery

What makes a business adept at delivering on multiple initiatives concurrently? We offer some insight in this guide.
Learn More >>

Prioritising projects in an organisation IQANZ

Building a balanced project portfolio

The balance of your project portfolio between activities that help drive towards strategic goals is critical to get right. We explain why.

Learn More >>

Latest Portfolio Assurance Articles

Common Risks Within A Project Portfolio

Common Risks Within A Project Portfolio

Mar 20, 2024 |

Every project has its risks – it’s part of the territory. And a careful risk analysis of a project will typically surface a fair few items for a risk register to keep on the radar. It doesn’t take long then, for an organisation with multiple projects running, to become overwhelmed with understanding its business risk at any one time.

read more

Explore our other QA services

Programme Assurance - Icon by Vector Market - The Noun Project

Programme Assurance

Portfolio Assurance - Icon by DinosoftLab - The Noun Project

Portfolio Assurance

Business Case Assurance - Icon by YuguDesign - The Noun Project

Business Case Assurance

Technical Quality - Icon by Iconiqu ID - The Noun Project

Technical Quality Assurance

Post Implementation Review - Icon by Bold Yellow - The Noun Poject

Post Implementation Review

Other Services - Icon by Bold Yellow - The Noun Project

Other Services

Get In Touch

IQANZ Limited
Level 2, PSA House
11 Aurora Terrace
PO Box 11-757 Wellington,
New Zealand

04 473 4340
info@iqanz.com