PRINCE2® and Risk Management: Defining Your High-Level Policy

When it’s time to figure out how to approach risk management on your projects, you need to start from the top down.  Step 1 is to establish a risk management policy and high-level approach that applies consistently across all projects in the organization.  Once that is agreed upon, then it’s time to figure out the details.   It is essential that senior management periodically review the suitability and performance of the risk policy and approach at the project level.  In addition, all staff members shall perform activities in accordance with the requirements of the deployed approach.

So let’s take a look at this big picture, and how we might build a risk management policy aligned with PRINCE2.  When you are looking at the requirements for Management of Risk, be sure that they clearly apply to any aspect of programs, projects, processes and operations that have the potential to impact the quality of the organization’s products and services.  The resulting definition describes the organization’s high-level approach to managing risk, targeting realization of the organization’s strategic objectives.  This allows us to strategically align our approach with the PRINCE2 approach to management of risk.

PRINCE2 looks at risks relative to project objectives.  These risks are uncertainties, and can be either threats (negative risks) or opportunities (positive risks). Risk management targets the proactive identification, assessment and control of project risks in order to improve the chances of project success.   Procedures shall be established for the generation of PRINCE2 Risk Management Strategies at the project level to define, control, and document the risks and the steps necessary to conduct appropriate risk management activities.  Risk management activities shall use appropriate techniques for assessing and reducing risks.

A risk policy should be clearly stated and adopted for risk management on all projects.  For example, a risk policy statement might read as follows:  Risk management best practices will be exercised as directed in the Company X project risk policy and prescribed in the Company X risk management guide to ensure IT projects deliver optimal results with minimal impacts.

The risk management approach is more detailed than the strategic risk policy, and consists of requirements which intertwine and cascade through all organizational functions.   This risk approach is further defined in policies, standards, procedures, manuals, guides, and other documentation.  The resulting, PRINCE2-aligned risk management cycle could be something like Identify – Assess – Plan – Implement – Communicate.

Each project should determine the PRINCE2 processes needed to fulfill requirements of this high-level risk management policy and approach. They do this by defining their specific Risk Management Strategy and establishing the project’s Risk Log.  Both management products are created during the Initiation Stage of the project.

Wow, and that’s just the big picture for risk management!  Next time we will take a look at more of the details for managing risk using PRINCE2!

Remember, a copy of the PRINCE2 method is required reference material in any project manager’s bookshelf!  The method is documented in the OGC publication Managing Successful Projects with PRINCE2”which is officially published by TSO.  Serious project managers seeking to enhance their knowledge, skills and professional credibility target should consider PRINCE2 certification.  Learning Tree offers two excellent certification courses for folks interested in becoming a Certified Practitioner of PRINCE2 or simply starting with the Foundation Certification.

Susan Weese

Type to search

Do you mean "" ?

Sorry, no results were found for your query.

Please check your spelling and try your search again.