The management of risks and issues is a critical part of organizational governance, and a strong indicator of overall health.
The principle behind the ISO31000 Risk standard is that risk needs to be managed by those actually delivering the work.
To support this approach risk specialists should work alongside, and mentor, project teams to advise on the right approaches.
In this way, the risk picture is accurate, and Executives have a level of assurance about how the frameworks are being applied.
Risk refers to future conditions or circumstances that exist outside of the control of the project team, which will have an adverse impact on the project if they occur. Whereas an issue is a current problem that must be resolved, a risk is a potential future problem that has not yet occurred.
Any risk must be real, specific and its impact quantifiable as risk is measured in terms of likelihood and consequence. Risk management comprises recognition of risk, risk assessment, developing strategies to manage it, and mitigation of risk using appropriate resources.
The risk strategies include:
Projects with a higher level of risk require more rigorous risk management and more management focus. Although not all risks can be eliminated entirely, most can be anticipated and managed ahead of time.
Risk and Issues tend to be two sides of the same coin.
Risk is generally something that could happen, and therefore needs to be scoped and treated.
Issues are launched from risks because something has happened. In many cases this can be dealt with by the project team.
On occasions, the issue will need to be escalated, and this should be always done in a timely fashion. It's not necessarily an indicator of failure. It is a recognition that the skills and experience of others may need to be mobilized to resolve the issue.
An issue is a formally-defined problem that will impede the progress of the project and that cannot be totally resolved by the project manager and project team without outside help.
Normally an issue is raised when a risk becomes a reality and therefore action is required to resolve the issue quickly and effectively.
Issue management is an important part of any project. If issues are managed well, the project is more likely to be successful. If project issues are not well managed, there is a very high probability that the project will be late, not meet the required scope, or exceed allocated budget.
Risk and Issue Management and Overall Health paint a very important picture for Boards and Executives. Done correctly they should be able to see the areas they should focus on and look to remediate.
They should also have a clear understanding about how their risk management frameworks are being applied across the business, and receive a level of assurance about the accuracy of the information being presented to them. This means they can drill-down to source information, when required.