To define an effective organizational strategy, companies should always take into consideration all types of risks that may occur at every level of an organization. As risks are part of the company’s strategy, they can affect portfolios, programs, and even projects. There are two types of risks: positive and negative. These risks can influence the organization based on how they are managed. Today, more than in the past, companies are benefiting from integrating strategic risk analysis into their overall management strategy and planning processes. In fact, risk management has become a critical component of any winning business strategy.
Strategic risks
To achieve their goals, companies should always consider different strategies. The definition of a business strategy is of great importance for the future success of any company. In general, defining a business strategy is an activity more complex and riskier than operational management which is basically about day-to-day activities.
What usually happens is that risks at the top levels are directly connected to lower levels. For instance, a strategic risk related to an investment to enter a new market or expand into a new geography can have a direct impact on the project (or program) that aims at creating a new line of products for the new market sector. Whereas the risks at lower managerial levels may have less impact on the overall organization.
To effectively manage strategic risks, companies, especially executives, should consider all the risks of each strategy when applying the strategic decision-making process. It is important to know that the scenario has changed in the last decade. In fact, lately, strategic risks have been taken into account and added to the risk management process.
Risk management
The Project Management Body of Knowledge (PMBOK) says that risk management includes maximizing the probability and consequences of positive events and minimizing the probability and consequences of adverse events to project objectives (PMI, 2013b). As a consequence, risk management considers both the positive and the negative effects of an event.
At the same time, there is a similar definition for portfolio risk but at a higher organizational level. Portfolio risk is considered as an uncertain event, or a set of events, which, if they occur, have one or more effects, either positive or negative, on at least one strategic business objective of the portfolio (PMI, 2013a). Another definition was provided by Teller and Kock (2013): portfolio risk management is the management of uncertain events and conditions as well as their interdependencies at the portfolio level that cause significant positive or negative effects on at least one strategic business objective of the project portfolio and thus influence project portfolio success.
Some experts report that portfolio risk management could offer the following advantages:
- Greater visibility of projects for senior managers
- Better prioritization of projects
- More efficient usage of resources
- Better planning and coordination
- Explicit recognition and understanding of dependencies
Companies that have a good portfolio risk management process in place are able to prevent any negative effect on the performance of cost, schedule, quality, and so on. Portfolio risk management provides companies with a higher and wider perspective compared to project risk management. As a result, companies can easily identify similar risks in multiple projects, which can produce more effects on the success or failure of a project portfolio.
In addition, portfolio risk management helps companies avoid failure of the project portfolios and increases their success. A review of the risk assessment procedures shows that these procedures are very similar from one company to the next.
Managing risks efficiently
There are risks that are common among projects and programs. To manage these types of risks efficiently, companies could decide to integrate them. For example, some companies could decide to integrate different levels of risks in a project management office (PMO). For example, by doing so, the projects or programs costs can be reduced by using a specific supplier due to the scale of business. So, the integration of risks decreases risk threats while increasing risk opportunities.
In contrast, there are organizations that are not willing to integrate different levels of risks in a project management office (PMO) because they say that it is not easy to evaluate benefit-cost analysis. This is one of the main reasons why portfolio risk management is rarely implemented in organizations, but companies should be aware of the fact that identifying and mitigating some risks can be more profitable than ignoring those portfolio risks.
Keep in mind
To create a winning business strategy, companies need to efficiently manage strategic risks. At the same time, it is important for companies to create a balanced portfolio in terms of not only risks but also business line, technology, product, and project type. In fact, these are some of the parameters considered in budget allocation for various portfolio categories (business lines, products, locations) and project types.