The topic of risk ownership always prompts lively conversation when discussed with any individual from my classroom to a client’s site. Who should be the actual risk owner? Should it be the person that’s closest to it or the person who’s responsible for the project? The answer to this age-old question remains elusive to a great number of people out there who just assigns ownership as if it’s out of style, or shall we say, with no intention of following up or even being correct. Let’s dig a bit further into the importance of assigning risk ownership to the right person the first go around for better project results.
It never ceases to amaze and really amuses me every time I review a risk register for an organization as part of an audit assignment to find that the risk owner for every risk column has been assigned either to the same individual or, better, yet to the project manager of the project. I know that people like to fill out fields on forms to make sure they’ve covered everything, but this is a bit ridiculous. If you don’t have or know who is the right person to assign, simply don’t.
There are actually a number of valid reasons to ensure that the risk owner for a particular risk is properly selected. As with anything else that we do in risk management, sometimes it is not quite clear how this assignment occurs and what was the deciding factor for that role to be given to a specific person.
There are three main best practices that I have seen in organizations for assigning ownership of risks on projects, and all three are very much dependent on the organization’s structure and/or willingness to give that ownership to an individual. Let’s review some of the justifications that you can look at when trying to assign a risk owner for your risks.
- Ownership based solely on the “location” of an individual regarding a risk event.
- Ownership based on “location” as well as the ability to take part in the planning and control of the risk response process.
- Ownership allocated only to direct a project or team of individuals.
1. Ownership based solely on the “location of an individual regarding a risk event.
One of the first criteria for assigning the role of the owner for a risk event is usually for an individual to be “close to” or “near” the risk event. Location, location, location is the key for the assignment to take place. This means that the individual would have a front seat in being able to recognize a trigger and sound the alarm to the project team when a risk occurs or is about to occur. I often call these my “fire marshals” on the risk brigade. To give you an example, let’s say that Jeanne, who works in HR, has been assigned as the owner of a potential risk regarding strike action during the project. Jeanne would then alert the PM or a member of the team if any strike mandates or developments in negotiations could lead to a strike action prompting the team to put a response into motion.
This is, based on my experience, the most common way to allocate risk ownership in organizations. This is used in most cases when you can make use of individuals who are not necessarily assigned to the project as guards or sentinels to assist you.
A lot of organizations use this method as it is sometimes not possible for those individuals to also be taking on the planning and response steps that are required ahead and when the risk occurs. This leads us to our second type.
2. Ownership based on “location” as well as the ability to take part in the planning and control of the risk response process.
Ownership, in this case, is all-encompassing, which means that the individual selected not only sits “close” to the risk to be able to see any trigger and sound the alarm, but they are also the ones who will help in the planning of the response as well as kick-start the response process if the risk was to occur. This makes these individuals key to the entire risk process for a particular risk but also means that they must be familiar with what needs to be done.
This type of ownership, although great for the project, is not always achievable or considered as it often conflicts with some basic organizational structures or principles such as hierarchy, position, unions, and more.
An example of this would be that Jeanne in HR would not only sound the alarm with the team when a strike mandate is close, but she would also put into action whatever mitigation action we had documented as part of our risk register. Jeanne would stay on top of this and report back to the team if any other actions were required or if she needed assistance with further resolutions.
3. Ownership allocated only to a direct project or team of individuals.
This type of ownership is the most restrictive and the least desirable of our three options. This implies that we cannot assign anyone outside of the project team to work on, recognize and deal with risks during the duration of the project. It is rare, I would venture to say that it is very rare that risks only reside within the area of the project team and its members. Risks can stem from any area impacted by the project across an organization. Think of HR, procurement, quality, executive, operational, and much more. To restrict the ownership of risk to only those actively working on the project leaves the team without a valuable tool.
A PM, for example, could not be assigned every risk on the project as it would be physically impossible for that PM to possibly be “close to” or near to all those risks to be able to recognize triggers.
This type of assignment of risk ownership means that the team member assigned would have to increase their communications with other organizations’ members so as to anticipate the risk triggers. This gives team members a lot more work to deal with risks that would be needed if the risk were assigned in a more proactive way.
Whatever the type or method of assigning risk ownership in your organization, it is important to ensure for the best performance that you consider not only the way that your organization is structured but also the optimal way to select individuals for lasting project success.
Similar Content:
-
ARE YOU UTILIZING YOUR RISK OWNERS TO THEIR FULL POTENTIAL?
-
RISK REGISTER: DO YOUR RISK DESCRIPTIONS MEET THE BAR?
-
5 REASONS WHY YOU SHOULD BE USING RISK MANAGEMENT ON EVERY PROJECT?