Article Preview
Top1. Introduction
Integrating Project Risk Management (PRM) into Enterprise Risk Management (ERM) is a multi-year progressive journey with a long-term value to all stakeholders. ERM is a broad and complex concept which requires understanding of an interrelatedness among integrated risks within an organization (Agarwal & Ansell, 2016).
ERM and PRM differ fundamentally on the basis of the unique point of view of analysing risk. ERM is a holistic approach to manage risk such as operational risk, market risk, project risk and many others by involving all senior management in the organization. Project risk management rather provides a more granular approach to assess and manage risks at a project or portfolio level. For a project-based company, possibility of aggregation of project risks is likely during volatile and crisis situation. Currency fluctuations, economic sanctions, and liquidity issues in particular economy may lead to series of mid-term delays, cost overruns, and cancellation of projects. In such situations, a proactive approach to integrate PRM into ERM is more beneficial than a reactive approach of dealing with issues (Virine & Trumper, 2007, Virine and Trumper 2013, Hillson, 2003).
Risk management is considered as an essential and key discipline of project management. It enables managers to effectively identify, assess and control the risks of projects (Kutsch & Hall, 2010). A project-based company is expected to manage risks both at the corporate level (macro level) and at the project level (micro level). At the macro level, risk must be aggregated to provide holistic view whereas at the micro level project specific operational risk should be given priority.
In the last two decades, there is a shift in thinking of the way risk to be managed. A large number of professional institutions, consultancy companies such KPMG, E&Y and credit rating agencies such as Standard & Poor have started the discussion on ERM frameworks, standards and provided the practical guide for the implementation of ERM. ERM is a broader term which extends Enterprise Project Management as it enables the board of directors of the companies to manage risk and uncertainty at the enterprise level (Dinsmore, 1999). Managing risk at the enterprise level is different than managing risks at the project level.
ERM considers all risks in a holistic manner considering organizational objective (Bromiley, McShane, Nair, & Rustambekov, 2014; COSO, 2004). Under this approach each of risk class such as market risk, operational risk, reputational risk or compliance risk is a part of firm’s overall risks portfolio (Beasley, Clune, & Hermanson, 2005; Hoyt & Liebenberg, 2011; Nocco & Stulz, 2006; Pagach & Warr, 2010).
Multiple reporting of similar risks from different projects to CFO of the company is one of the major reasons why ERM came into existence and overcome one of the drawback of PRM to manage risks in ‘silos’ . For instance, every project manager is expected to report to CFO/CRO project-specific risks and corporate risks. Corporate risks are usually common across projects and repetitive in nature. ERM supports a collective decision making by the board of directors and senior management of the company. It improves from separatist approach to collective approach of risk-based decision making.