Risk Management Strategy
The Risk Management Strategy documents the way risk management policy and process will be implemented for a specific organizational activity and it is the responsibility of the manager of the activity, for example the operations manager, project manager or programme manager.
This document with the Prince2 framework is a Baseline Product, it is the mechanism for the control of and access to a risk budget be defined, defining how risks will be managed during the lifecycle of the project. The Risk Strategy and supporting Plan must acknowledge actual and potential threats to the successful delivery of a project and determines the activities required to minimise or eliminate them. The Risk Management Strategy needs to be capable of integration into or co-ordination with the Project Plan.
A major concern is the appropriate communication of risk information, in particular where escalation is required.
The Summary Risk Profile or SRP is a simple mechanism to increase visibility of risks. It is a graphical representation of information normally found on a risk register. This graph should be updated in line with the risk register on a regular basis. The profile shows risks in terms of probability and severity of impact with the effects of mitigating action taken into account.
Fitness for purpose checklist:
- requires time and top-level commitment
- individual accountability, scrutiny and challenge;
- risk judgements depend on sound information;
- must be applied throughout delivery networks;
- wider understanding of cross-departmental risks and joint working to manage them.
- check the framework references the organisational appetite for risk and any delegated appetite in respect of specific programmes or projects
- Summary of the risk management process as applicable to the activity( with reference to the process guide)
- tools and techniques
- Roles and responsibilities
- Scales for estimating probability and impact
- Risk tolerance thresholds
- Risk categories
- Budget required
- Early Warning Indicators for KPIs
- Timing of risk management activities
- Glossary of terms
Prince2 suggested content:
- What risks are to be managed
- How much risk is acceptable
- Who is responsible for the risk management activities
- What relative significance time, cost, benefits, quality, stakeholders have in the management of programme risks
As you can see the Prince2 suggested content is a cut down version of the M_o_R list
Risk Potential Assessment (RPA)
The RPA is the first step in the OGC Gateway process. It provides a standard set of high-level criteria for assessing the degree of complexity of a proposed acquisition based programme/project.
Capability and Capacity
Portfolio, Programme and Project Management Maturity Model (P3M3)
When you need a thorough examination of your organisation’s capability to manage portfolios of programmes and projects, you should use the P3M3. It has a similar approach to maturity as the well-recognised Carnegie-Melon Maturity Model (CMMM) and is based on OGC’s existing portfolio, programme and project management best practice. The model has been revised to align with developments in the OGC’s portfolio and to include a self-assessment questionnaire. To obtain the best results any assessment should be undertaken by experience portfolio, programme and project management practitioners.
PRINCE2 Maturity Model
The purpose of the PRINCE2 Maturity Model is to enable organisations to gauge, by assessment, their maturity in the use of the PRINCE2 project management method. The model can also be used to:
- understand the key practices that are part of an effective organisational process to manage projects
- identify the key practices that need to be embedded within the organisation to achieve the next level of maturity
- understand the rationale behind the assessment questionnaire.