Log in / Register
Home arrow Business & Finance arrow Project Risk Governance

Introduction to Project Risk Governance

The responsibility for risk management is explicitly acknowledged in corporate governance principles. There is a general acceptance of its importance: 'Managing risk is part of corporate governance and the ability of an entity to strategically achieve results' (Burnaby and Hass 2009: 540). The definition of enterprise governance (akin to corporate governance) provided by CIMA (2004) requires ascertaining that risks are managed appropriately. More specifically, corporate governance includes identifying, evaluating and managing the risks inherent in the corporation's strategy (US Business Roundtable 2010).

The emphasis on risk management in the context of corporate governance has elevated risk management to a strategic corporate activity. Ernst & Young (2012:11) go so far as to conclude:

Risk is now becoming the fourth dimension of business. People were the first dimension. Process became the second dimension during the height of the manufacturing era. Evolving technology formed the third dimension. Embedded risk as the fourth dimension of business has the potential to fundamentally transform how organizations connect risk to reward.


Risk management as a corporate activity is reflected in the well-known concept of Enterprise Risk Management (ERM). Taliento (2007: 255) defined ERM as

a process, effected by an entity's board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding achievement of entity objectives.

Burnaby and Hass (2009: 540) envisaged the objectives of ERM as follows: 'first, to develop strategic corporate objectives that are measurable, second, to identify risks that would prevent accomplishing the corporate objectives, and, third, to identify controls that would mitigate those risks'. Enterprise-wide risk is broadly defined by them as 'anything that gets in the way of an organisation achieving its objectives'.

Key characteristics that apply to Project Risk Governance (PRG) can be derived from the above definitions.

• Responsible parties. A clear indication is provided that the responsibility for PRG is in the hands of the board of directors, executive and senior management, and others involved in governance processes.

• Governance scope. While ERM is enterprise-wide, the scope of PRG is restricted to the processes and structures used to integrate business and project risk activities.

• Strategic objectives. PRG has an 'economic value' in that project risk is managed to protect and/or create value for the organisation.

• Risk appetite. A prerequisite for PRG is defining the organisation's appetite for taking on risks. PRG ensures that project risks stay within limits tolerated by the organisation.

• Risk assurance. Under PRG, strategies are developed to ensure that projects achieve the objective of being value-protecting or value-creating.

• Risk identification. Gaining a clear understanding of the risk concept is part of the responsibilities of PRG. The nature of project risk is strongly debated and diverse views exist about its nature, form and sources (see Chapter 7).


With the increasing strategic importance of project risk, increased attention is being given to PRG. Senior management has to ensure that the organisation is capable of understanding the nature of the risk it confronts, as well as having the capability to exploit its presence. While risk management is a well-developed discipline at the project level, the same cannot be said for the project programme and portfolio levels (Sanchez et al. 2009). An effective interaction between corporate and project strategy has to take place, which in the past has proven difficult to achieve (Peltokorpi and Tsuyuki 2006).

PRG requires alignment (with business activities), integration (with project governance) and relationships (between structure and processes). This indicates a broad and holistic view of PRG where multiple governance dimensions and subdimensions work with each other. When viewed in relation to the other levels of governance (corporate and project), an overlapping scope of PRG is apparent. This is illustrated in Figure 3.4 and enables potential project activities to be strategically managed in order to gain maximum alignment between projects and organisational risk activities.

Context of project risk governance

Figure 3.4 Context of project risk governance

At this stage a broad definition of PRG can be offered. Project risk governance is the deployment of organisational structures, processes and coordination mechanisms to not only minimise the uncertainties related to negative project risk but also to maximise the benefits of positive project risk. Kendrick (2004: 69) referred to this as 'an organization's ability to manage risk at both a value-creating opportunity as well as a value-protecting activity'.

Found a mistake? Please highlight the word and press Shift + Enter  
< Prev   CONTENTS   Next >
Business & Finance
Computer Science
Language & Literature
Political science