Project Risk Management
Applying the Three Lines of Defence Model to Project Risk Management
Typically, organisations spend anywhere between 10% and 40% of their annual budgets on ICT projects. In an environment where the mechanism to implement change is by way of complex projects, adequate management of these project risks is critical.
Change = projects = risk
Businesses are facing more intense pressures to respond to changing customer demands and new market entrants. Policy makers are reshaping their agendas. The forces of disruption are not just driven by start–ups and felt by business leaders – they are driving significant change across all industries and organisations. Much of that change is implemented through programs and projects of work. Projects are synonymous with change, and change, by its very nature is risky.
There are various ways organisations manage project risks to keep their projects on track. Here, we outline a point of view and guiding principles on how to cohesively manage project risks.
By applying risk, controls and assurance principles through the Three Lines of Defence model, we explore the roles of project management teams, risk functions and assurance functions in project risk management.