Does your risk management need risk management? Just because the project management office (PMO) is using risk management does not mean they are using it well. Harry Hall writes for PM Hut about how to audit project risk management.
Risking the Best Way
It is assumed that project managers are versed in identifying risks, evaluating risks, responding to risks, and controlling risks. The goal of the audit is to see exactly how versed they are and how their management of risk aligns with organizational expectations. Hall comes up with a list of steps in executing the audit.
First, you want to define your audit goals as they specifically pertain to your situation. Define scope of the audit next, including which processes will or will not be audited, and to how much of the organization it applies. Then define the audit assessment plan:
Determine how you will collect information such as interviews or surveys. Define a template for performing an audit of each project. For example, you might assess each risk management process on a scale of 1 to 5, 5 being the highest score. Another part of the plan might include an assessment of the mitigation, contingency, and fallback plans.
Decide who will actually perform the audit, and select samples from the project portfolio upon which to do the audit. Thoroughly document the findings and create a summary of key findings and recommendations. Get this information into the hands of all applicable stakeholders, or at least the information that is pertinent to individuals. It might be decided that additional training or mentoring should be provided to correct wayward attempts at risk management. Whatever the results of your audit, it is information that will prove valuable to the business. You can read Hall’s full post here: http://www.pmhut.com/how-to-audit-project-risk-management