Can Project Risk Management be integrated with an Enterprise Risk Management System?
This was the topic of a paper given at the AIPM annual conference held in Canberra in October 2008. A copy of the presentation may be downloaded here.
An extract follows:
Background
Enterprise risk management has largely evolved over a number of years in reaction to legislative and governance drivers. These areas such as OH&S and Environmental have been developed by specialists and the processes have tended to be developed in isolation.
Enterprise risk management also encompasses other risk regimes such as Business Continuity, Legislative compliance, Governance processes, auditing and assurance. These processes have been supported by a range of Handbooks which although based on the Standard AS/NZS 4360 Risk Management, have nonetheless evolved with their own special nuances and requirements. Integration of these areas in some organisations is occurring to a limited extent but most do not have an integrated process. (Research by SAI global – March 2008 – has found that some 85% of organisations do not operate with a centralised system.)
The current climate
We have found that many Clients are now requiring project managers to comply with Corporate systems. In most cases this has proven unsuccessful with these systems either not being taken up or are at best only getting mediocre attention.
The main reason for this is a lack of appreciation of the differences between enterprise risk management processes and those required for a project. These include differences in:
• Risk profiles.
• Reporting Regimes.
• Analysis levels.
• Risk objectives.
• Terminology.
• Process.
The paper then describes how these issues have been addressed in a number of organisations. A copy of the full paper may be obtained by contacting us at support@RiskTools.com.au