Integration Stages of Project Risk Management (PRM) into Enterprise Risk Management (ERM)

Integration Stages of Project Risk Management (PRM) into Enterprise Risk Management (ERM)

Ruchi Agarwal (Indian School of Business (ISB), Hyderabad, India) and Lev Virine (Intaver Institute, Calgary, Canada)
Copyright: © 2019 |Pages: 21
DOI: 10.4018/IJRCM.2019010102

Abstract

Enterprise risk management (ERM) is a relatively new concept for a project-based organization than for a functional organization. A project-based organization, in general, faces several difficulties in the implementation of ERM due to the diversity of risk associated with several projects. From a system thinking perspective, a project-based organization needs an integrated approach to interrelate the isolated processes of diverse projects. The issues are related to fuzzy picture of integration, such as, the difference between ERM and PRM processes, how to integrate the two concepts, what happens if integration process goes wrong, as well as issues with risk technologies and change in risk culture. The article provides informal and formal approaches to integration of ERM and PRM. Successful integration requires not only an understanding the value of integration, improvement in risk culture, but needs a learning-based approach to improve risk expertise, interaction, team building, and decision making.
Article Preview
Top

1. Introduction

Integrating Project Risk Management (PRM) into Enterprise Risk Management (ERM) is a multi-year progressive journey with a long-term value to all stakeholders. ERM is a broad and complex concept which requires understanding of an interrelatedness among integrated risks within an organization (Agarwal & Ansell, 2016).

ERM and PRM differ fundamentally on the basis of the unique point of view of analysing risk. ERM is a holistic approach to manage risk such as operational risk, market risk, project risk and many others by involving all senior management in the organization. Project risk management rather provides a more granular approach to assess and manage risks at a project or portfolio level. For a project-based company, possibility of aggregation of project risks is likely during volatile and crisis situation. Currency fluctuations, economic sanctions, and liquidity issues in particular economy may lead to series of mid-term delays, cost overruns, and cancellation of projects. In such situations, a proactive approach to integrate PRM into ERM is more beneficial than a reactive approach of dealing with issues (Virine & Trumper, 2007, Virine and Trumper 2013, Hillson, 2003).

Risk management is considered as an essential and key discipline of project management. It enables managers to effectively identify, assess and control the risks of projects (Kutsch & Hall, 2010). A project-based company is expected to manage risks both at the corporate level (macro level) and at the project level (micro level). At the macro level, risk must be aggregated to provide holistic view whereas at the micro level project specific operational risk should be given priority.

In the last two decades, there is a shift in thinking of the way risk to be managed. A large number of professional institutions, consultancy companies such KPMG, E&Y and credit rating agencies such as Standard & Poor have started the discussion on ERM frameworks, standards and provided the practical guide for the implementation of ERM. ERM is a broader term which extends Enterprise Project Management as it enables the board of directors of the companies to manage risk and uncertainty at the enterprise level (Dinsmore, 1999). Managing risk at the enterprise level is different than managing risks at the project level.

ERM considers all risks in a holistic manner considering organizational objective (Bromiley, McShane, Nair, & Rustambekov, 2014; COSO, 2004). Under this approach each of risk class such as market risk, operational risk, reputational risk or compliance risk is a part of firm’s overall risks portfolio (Beasley, Clune, & Hermanson, 2005; Hoyt & Liebenberg, 2011; Nocco & Stulz, 2006; Pagach & Warr, 2010).

Multiple reporting of similar risks from different projects to CFO of the company is one of the major reasons why ERM came into existence and overcome one of the drawback of PRM to manage risks in ‘silos’ . For instance, every project manager is expected to report to CFO/CRO project-specific risks and corporate risks. Corporate risks are usually common across projects and repetitive in nature. ERM supports a collective decision making by the board of directors and senior management of the company. It improves from separatist approach to collective approach of risk-based decision making.

Complete Article List

Search this Journal:
Reset
Open Access Articles: Forthcoming
Volume 9: 4 Issues (2020): Forthcoming, Available for Pre-Order
Volume 8: 4 Issues (2019)
Volume 7: 4 Issues (2018)
Volume 6: 4 Issues (2017)
Volume 5: 4 Issues (2016)
Volume 4: 4 Issues (2015)
Volume 3: 4 Issues (2014)
Volume 2: 4 Issues (2013)
Volume 1: 4 Issues (2012)
View Complete Journal Contents Listing