Portfolio Management Knowledge Areas

Portfolio Management Knowledge Areas


Portfolio Risk Management

Portfolio risk is an uncertain event or condition that, if it occurs, has a positive or negative effect on one or more project objectives. A risk may have one or more causes and, if it occurs, the corresponding effects may have a positive or negative impact on one or more portfolio success criteria.

Risk management is a structured process for assessing and analyzing portfolio risks with the goal of capitalizing on the potential opportunities and mitigating those events, activities, or circumstances which can adversely impact the portfolio. Risk management is critical where interdependencies exist between high-priority portfolio components, where the cost of portfolio component failure is significant, or when risks from one portfolio component raise the risks in another portfolio component. Risk management identifies and exploits the potential improvements in portfolio component performance that may increase quality, customer satisfaction, service levels, and productivity for both the portfolio components and the organization. Risk management may generate new portfolio components as well.

The objective of portfolio risk management is to accept the right amount of risk commensurate with the anticipated reward to deliver the optimum outcomes for the organization in the short, medium, and longer term. Portfolio risk management differs from project and program risk management in that, in the right circumstances at the portfolio level, the organization may choose to actively embrace appropriate risks in anticipation of high rewards. An example of this would be investing in new, unproven technology with a view of being "first in the market" in anticipation of highly profitable sales. In this case, it is possible that the technology may not work, and the market may not accept the new product; alternatively, the product may be highly successful and profitable.

While a program or a project is concerned, for the most part, with risks and issues that arise inside the specific program or project, portfolios are concerned with (1) maximizing financial value of the portfolio,(2) tailoring the fit of the portfolio to the organizational strategy and objectives, and (3) determining how to balance the programs and projects within the portfolio given the organization's capacities and capabilities. The objectives of Portfolio Risk Management are to increase the probability and impact of positive events and to decrease the probability and impact of events adverse to the value, the strategic fitness of the portfolio, and the balance of the portfolio.

Potential risk conditions include aspects of an organization's environment that may contribute to portfolio risk, such as poor management practices (a negative risk), integrated management systems (positive), an excessive number of concurrent projects (negative), or dependency on external participants who are highly specialized (positive). Because of the downstream impact on programs and projects, risk management becomes critical for root cause correction of negative risks or capitalization of positive risks at the organizational and at the portfolio level. Investment in risks management that addresses root cause correction generally generates the best return. For example, the investment in quality management—a positive risk—has been demonstrated to be more cost effective in comparison to corrective actions required because of poor quality—a negative risk.

Portfolio Risk Management includes providing reserves (or contingencies) across the threat pool within the component programs and projects. The portfolio manager is in a position to hold an aggregate contingency to cover threats where the expected monetary value is an unreliable guide to contingencies due to a less than statistically significant number of risks within an individual initiative—typically threats with high impact and low probability. A portfolio manager may also aggregate risk responses by using some common characteristic; otherwise the nature of a portfolio is a collection of initiatives only coincidentally coupled and not joined by outcome (i.e., impact or consequence of the opportunity). In other words, there isn’t a portfolio risk management element—it is a contingency provision for the constituent projects and programs in cases where each component cannot economically fund protection from threats. This is called equity protection and is commonly used by insurance companies. The opportunity at the equity protection level is the consideration of why an initiative was sanctioned to be in the portfolio in the first place.

While Portfolio Risk Management is embedded in all of the portfolio management processes, there are three key elements in Portfolio Risk Management: risk planning, risk assessment, and risk response. The Portfolio Risk Management processes are:

8.1 Develop Portfolio Risk Management Plan—Planning risk management, including the identification of portfolio risks, portfolio risk owners, risk tolerance, and the creation of risk management processes.

8.2 Manage Portfolio Risks—Executing the portfolio risk responding to, and monitoring risks.