Risk Management Roles: Who takes care of Project Risk?

Share on linkedin
Share on twitter
Share on facebook
Back to top

In our previous article about the Risk Management Process, we looked at how to identify, assess, and respond to project risks. In this article, we examine the roles and responsibilities of a Risk Management Team. For a review of what risk management is and what elements are necessary for risk management implementation, visit the other articles in this series guide: What is Project Risk Management and the Elements of Risk Management Implementation.

Having someone dedicated to managing risk is important to prevent any from falling through the cracks and getting missed. This is a large undertaking for the project manager to do on top of their other responsibilities, and it can become very costly when risks become issues. Therefore, it is important to have someone with expertise in risk management who can anticipate which risks could become problems and to support the realization of opportunities.

For larger projects, a team of experts in risk management is necessary. Even outside of the immediate risk management team, there are many important stakeholders who participate in risk and opportunity management. 

Let’s take a look at the most important roles for your Risk Management Team.

diagram showing the roles and relationships of those involved in risk management
Risk Stakeholders in an Organization

The Risk Manager

The Risk Manager provides an overview of the project’s risks and opportunities as well as their mitigation plan (for risks) or exploitation (for opportunities) facilitating management’s decision-making. They are the central figure for the project’s risk management activities.

The risk manager ensures compliance with the entire process established by the ROMP. Their main activity is to identify and update risks and opportunities. 

Additional activities in The Risk Manager’s role may include the following:

  • Defining and updating the ROMP.
  • Defining project costs by assessing risks, opportunities, and actions
  • Facilitating the process of identifying R&O and their treatment plans
  • Supporting risk owners in characterizing risks and their associated cost
  • Reporting: creating indicators, updating and communicating to project stakeholders
  • Coordinating the different stakeholders of the project and ensuring the global vision of the R&O of the project.
  • Providing key inputs to key stakeholders (including directors and if applicable Risk and Audit Committee) on the organization’s overall (Project and Operational) risk exposure.

The Risk Owner

The risk owner is responsible for each risk. They work alongside the risk manager as they hold all the technical information on risks and opportunities. They can be at the origin of its identification and therefore characterize it by defining the cause or causes of the risk and its consequences. Then, they make sure to have the updated information on their risks.

They also define the strategy, the treatment plan actions, and coordinate the owners of these actions. This is all, of course, with support from the risk manager.

Risk owners are responsible for meeting the deadlines defined by the mitigation or exploitation plans for each of their risks or opportunities. However, they might not necessarily be the risk actionee, who is in charge of doing the actions as defined by the Risk Management Plan.

The Project Manager

The project manager works in collaboration with the risk manager. They set expectations and validate the proposals made by the risk manager on the process and status for their project. They must have a global vision of the risks and opportunities of their project. Their role is also to position themselves on the critical risk response strategies proposed by risk owners, for example to accept a plan to reduce probability or impact.

For projects belonging to a program or portfolio of projects, the project manager ensures the escalation of critical risks to the appropriate level. Depending on the project and its size, they might have full or partial responsibility to validate the costs that identified risks are likely to incur.

The Risk Center of Competence

The Risk Center of Competence enables the success of the organization’s risk management strategy by defining or improving their methods and procedures as well as the necessary resources and skills to best manage risk. This team can act as a trainer and guide as well as provide capability resources for the project. This team is the source of documentation, guidance, audit, and advice for the company. Where there may be methodology concerns, the risk manager can refer to the enterprise risk management team for support.

The Enterprise Risk Management Team

Large companies will likely also have an enterprise risk management team who manages risk at the organizational level. Similar to the risk manager, this team provides an overview of the organization’s risks/opportunities and ensures compliance with their risk management process. This requires project risks to be flowed up to the portfolio level for the team to effectively manage enterprise risk. This team is essential for large companies to maintain a consistent and effective process for managing risk across the entire organization.

team members working on a project

Other Supporting Risk Management Roles

The Project Team

The Risk Manager is part of the project team and is therefore in touch with all the other roles that make it up. The project team is commonly made up of the PMO, scheduler and cost controller. In maintaining the risk register, the risk manager will meet with the project team to discuss the possible impacts on the project’s schedule and budget.

  • PMO: participates in the various aspects of the project, has an overall vision, and is generally alert to potential risks even before they are identified as such. They can also serve as the liaison for the Risk Managers and call on their team when needed. 
  • Scheduler: is responsible for scheduling and helps to identify risks through the V-cycle methodology. The identification of critical paths, negative margins or the absence of margins, inconsistency of the deadlines of the deliverables and / or identification of a lack of resources, are all sources of potential risks.
  • Cost controller: Defines and tracks the costs of the project. They also review the financial planning including the budget contingencies for risks as well as the cost for risk mitigation plans with the information provided by the Risk Manager.

The Sponsor

Depending on the organization, the sponsor (with the support of the project manager) identifies any red flags in the project from the creation of its charter. This first exercise enables the Risk Manager to identify risks with the participation of the project stakeholders.

The sponsor can define a global budget for risks thanks to the first information provided by the Risk Manager. During the life of the project, they will be required to validate this budget (cost of risks and associated actions) or to release the funds for confirmed risks.

group of employees doing a high-five for success

Conclusion

Risk management is essential for every organization, regardless of their size. From a single risk expert to a large team of risk managers, their role enables an organization to prevent issues from arising, minimizing the impact of those that are inevitable, and taking advantage of potential opportunities.

In this article series, we’ve explored what risk management is, how to implement it into your organization, and who is responsible for monitoring risks and opportunities. Now, hopefully you can take these concepts and apply them to your organization. Not sure how to get started? Ask us, and we’ll put you in touch with our risk management experts!

This article was written by: Marie BELGODERE, Jérémie CLAUSTRE, Capucine COMTE, Alioune DIALLO, Emmanuel LATGE, Jessy MIGNOT, Ingrid NGOBAY, Pierre PETILLON, Louann SUGDEN, Chris WAMAL.