Who should perform risk management activities?

Firstly, let's be clear that the responsibility for risk management is ultimately that of the project sponsor / owner.  As with most management issues, this is delegated to the project manager. The project manager may choose to undertake risk management activities personally, but like most other project activities, it may be delegated  to a specialist.

The person undertaking a risk assessment, including workshops and reviews should posses the following attributes:
  • Experienced in the risk management process and IT projects. Probably an experienced project manager, or risk management specialist. Is comfortable with risk management tools.
  • Someone not immediately involved in the project in other capacities. (People who are too close to the project may not be able to be as objective).
  • Analytical thinker.
  • Superior facilitation skills
  • Excellent verbal and written communication skills.
  • Ability to negotiate with senior management.
  • A risk management 'champion'.  That is, someone who will not be distracted from the process as a result of other project activities.
  • The person does not have to be available full time - just for the initial assessment and periodic reviews.
  • The same person who undertakes the initial assessments should manage the follow up reviews.
  • If using a contractor / consultant, avoid those in competition to other contractors on the project. Otherwise there is the the potential for commercial competitiveness to influence the results.
  • Likewise, avoid contractors being supplied by a company supplying key project resources, as there is the potential for a conflict of interests. 
This role lends itself to being undertaken by an external contractor, who has the ability to remain objective, and does not get caught up in other project tasks. this is particularly important as the project progresses, and the key focus is on faster delivery. It also means you can bring the person in only as needed.

Next FAQ