Log in / Register
Home arrow Health arrow Project Risk Governance

Project-Based Organisation Structures

PBOs have traditionally been structured as a pyramidal organisation, also referred to as the 'contained' project management model (Thiry and Deguire 2007). With this configuration, they are simply 'replacing management rhetoric with project rhetoric' (Thiry and Deguire 2007:651). By adopting the functional, top-down approach inherent in project management, the benefits of operating in project mode and aligning project strategy with business strategy are reduced. As the approach implies, there is a cascading structure from the board of directors downwards to individual projects, via the project portfolio and project programmes. The higher levels in the organisation determine the nature of the portfolio, identify programmes and approve projects for development. As shown in Figure 1.1, there is one portfolio, a small number of programmes within the portfolio, and a number of projects within each program. Synergy is created between projects but not between business and project strategy.

Pyramid structure of a project-based organisation

Figure 1.1 Pyramid structure of a project-based organisation

Integrated structure of a project-based organisation

Figure 1.2 Integrated structure of a project-based organisation

To function effectively, a PBO demands dynamism and flexibility in the way programmes and projects link upwards with business strategy. Hence, there needs to be collaboration between project and organisational management.

However, according to Thiry and Deguire (2007) this aspect has not been sufficiently explored within the PBO environment. To remedy the situation, there should be horizontal and vertical integration processes that link business and project activities in the context of the PBO. Horizontal integration would ensure the completion of the project life cycle, while vertical integration would tie project activities to corporate strategy. Figure 1.2 provides a conceptual view of this approach. It is further developed in the following chapters.

Introduction to Project Risks

Risk at times has attracted attention only when projects fail. The importance of projects to the success of organisations, however, has shifted the focus to a proactive approach to project risk management. There are two essential prerequisites for this to be effective: understanding the nature of project risk and possessing the necessary risk management capability. The following is an introduction to these important concepts.


At this point it suffices to think of project risk as an uncertain event or condition that, if it occurs, has a positive or negative effect on the project's objectives. Risks come from a wide variety of sources and can be both internal and external to the project. One could think of many examples:

• People risk. Projects are carried out by people and their performance largely determines the success or failure of a project. It is critical that the right skills are present on the team to bring the project to completion, team members are available when the project demands this, and the team understands the project's purpose and objective so that everyone pulls in the same direction.

• Organisational risk. There are many dimensions within organisations that should be considered. An example of project risk is the absence of stakeholder involvement. Since projects affect many stakeholders, they should be in agreement with the project and its purpose. A lack of consensus heightens the possibility of resistance to change. All relevant stakeholders should participate in initiating and completing the project so that it becomes their project and they take ownership of its success.

• Financial risk. Numerous financial risks could affect the project. For example, will currency fluctuations impact the availability of funds? Should the project be over a lengthy period, is ongoing funding available? Does the business case provide realistic estimates for project costs and benefits?

• Reputational risk. Activities and outcomes of projects can cause reputational damage should they not meet expectations. They involve mainly customers of the project who, if disappointed with the delivered product or service, will not provide a suitable future reference point. Reputation, like brand, can be destroyed quickly but takes a long time to re-establish.

• Legal risk. The organisation, operating through its projects, can potentially come into conflict with numerous governmental regulations and policies. Current high profile issues are occupational health and safety, the environment, and employment, privacy and consumer rights. To respond to these risks not only requires compliance with the law but also ethical conduct to act in the best interests of society.

A good example of organisational risk is the contemporary use of Information Technology (IT). Different types of risks can be identified with the use of technology:

Business risk. By applying the 'wrong' technology, operational objectives may not be met and/or financial and market losses incurred. The acquisition of technology should be justified on the basis of supporting business activities and not for the sake of technology itself.

Infrastructure risk. By not having available the most appropriate technology, the organisation will be at risk of becoming uncompetitive. Its competitors are able to offer better choices at better prices through the use of modern technology.

Vendor risk. Risks are introduced should the supplier of technology not be able to maintain the operation of organisational systems. This will potentially cause breakdowns resulting in customer dissatisfaction and eventual business demise.

• Project risk. Technology has the reputation of cost and time overruns in its implementation for such reasons as relying on too-optimistic estimates and trying out new and unproven hardware and software.

• Staffing risk. The loss of staff with competence in managing complex technology is very disruptive. They may leave the organisation for a number of reasons, including being headhunted by another firm and/or feeling unrewarded.


The Risk Breakdown Structure (RBS) helps to identify and define individual risk items. Its hierarchical design groups items under risk categories which vary from industry to industry and from organisation to organisation. An example of an RBS in which project risks are perceived as four categories (people, project management, finance and external) is provided in Figure 1.3. The RBS indicates concern about the competence and stability of people on the project team, the quality of project management, the adequacy of finance and the volatility of the external environment.

Example of a project risk breakdown structure

Figure 1.3 Example of a project risk breakdown structure


Risk management is well entrenched in central government bodies and highly regulated organisations such as banks, universities and telecommunication companies. Within government, bureaucratic decision-making processes ensure that there is high-level oversight and protection of the public interest. Risk management is used to prevent taxpayers' money being lost or squandered. Highly regulated organisations are subject to numerous laws and regulations and are obliged to report regularly on their risk management practices. 'Elsewhere, however, it has traditionally been viewed as a tiresome burden or overhead. Attitudes are now beginning to change - but slowly' (Everett 2011: 5).

It is tempting to perceive risk management as a costly activity and only give it attention when a disaster occurs and the organisation finds itself in trouble. At that stage the board and senior management may wish it had had the foresight, understanding and capability to implement adequate organisation- wide risk management. As the impact of project activities on corporate activities increases, so has greater attention to risks at the enterprise level, albeit slowly, it appeal s.

The concept of Enterprise Risk Management (ERM) has been around for years and boards are responding to its requirements, though apparently not sufficiently. Hermanson (2003: 42) captured this well: '[I]t seems that the focus has gone from "how did management let this happen?" to "how did the board let this happen?" In the future it could become "how did the ERM processes and the board let this happen?"' Moody's (2010) research confirmed that ERM has been slow in gaining traction. The reason may well be the shortage of experienced and well-trained board members and senior management in this area. 'Although risk managers play a crucial role in helping organisations understand both their own risk tolerance and risk appetite - a necessary precursor before any work in this area can begin - well-trained and experienced personnel are in short supply' (Everett 2011: 5).

Found a mistake? Please highlight the word and press Shift + Enter  
< Prev   CONTENTS   Next >
Business & Finance
Computer Science
Language & Literature
Political science