In this phase, our plan is to devise and execute risk management procedures and instruments that cater to the entire portfolio of projects and the distinct risks associated with each individual project (enterprise risk management).

The chief objective of portfolio risk management is to ensure that the projects within the portfolio reach their maximum potential in line with the organization’s strategy and business model. This is attained by balancing opportunities with threats and by identifying and adjusting risk factors (like environmental, human, legislative, industrial, etc.). Interdependencies among these factors can sometimes trigger risks, warranting modifications to the entire project portfolio, and occasionally sparking new projects.

AI Integration within Project Portfolio Risk Management:

  • Risk Identification: AI can analyze historical data, external factors, and ongoing project metrics to identify potential risks early in the project lifecycle, helping teams prepare proactive mitigation strategies.
  • Dynamic Risk Scoring: Machine learning algorithms can continuously evaluate risks based on changing conditions, dynamically adjusting their scores and priority levels.
  • Risk Analysis: AI tools can automate the analysis of identified risks, including cost-benefit analysis and scenario modeling, to support informed decision-making.
  • Real-Time Risk Alerts: AI-driven systems can monitor project metrics and external influences in real time, sending notifications about emerging risks or deviations from acceptable thresholds.
  • Portfolio Risk Optimization: AI can optimize the allocation of resources and funds across the portfolio by analyzing risk tolerance levels, expected outcomes, and organizational goals.
  • Sentiment Analysis for Risk Feedback: AI can evaluate qualitative feedback from stakeholders to detect underlying concerns or risks that might not be immediately evident from quantitative data.

The portfolio risk management framework equips portfolio managers with the ability to allocate existing funds and resources, bearing in mind the organization’s limited capacity. Factors taken into consideration include:

  • Overall risk tolerance;
  • Frequency, severity, and threshold values of risks;
  • The structure of key portfolio stakeholders;
  • Risk thresholds;
  • Coverage limits.

Typically, the following recurring (usually annual or quarterly) processes are incorporated into the project portfolio management business process:

  1. Revision of the project portfolio strategy.
  2. Identification of organizational and portfolio risks (including a review of the existing risk register).
  3. Risk evaluation/re-evaluation (including cost-benefit analysis, enhanced with AI for deeper insights).
  4. Development of response measures (including the initiation of new projects, with AI recommendations for strategic alignment).

Risk Management

In terms of individual project risks, the primary goal of project risk management is to minimize the likelihood and/or mitigate the impact of risks to maximize the success probability of the project. This methodology includes processes related to risk identification, analysis, response planning, response implementation, and risk monitoring within each project.

AI Contributions to Project-Level Risk Management:

  • Risk Monitoring and Forecasting: AI tools can monitor project progress and external conditions to forecast the likelihood of risk events and provide actionable insights.
  • Risk Prioritization: Machine learning models can prioritize project risks based on severity, probability, and impact, streamlining decision-making processes.
  • Adaptive Risk Response: AI algorithms can recommend adaptive response strategies, including contingency plans, based on real-time data and historical outcomes.

Risks within each project exist on two levels:

  1. Individual project risk: an uncertain event or condition, which, if it occurs, adversely affects one or more project objectives.
  2. Cumulative project risk: the effect of uncertainty on the entire project, stemming from any sources of uncertainty, including individual risks. This represents the impact of variations in project results on stakeholders.

For effective risk management of a specific project, the team needs to understand the acceptable level of risk tolerance when working towards achieving project goals. This is determined through measurable risk thresholds, communicated from the portfolio level of risk management, reflecting the organization’s and stakeholders’ risk appetite. Risk thresholds indicate the acceptable degree of variations within the project’s scope.

Project Portfolio Risk Management

An example of a summary report on all risks of individual projects

The risk management phase also incorporates Agile Project Management principles, ensuring flexibility and adaptability. As new risks emerge or current ones evolve, AI tools enhance the ability to pivot and adapt quickly. In addition, the Governance Framework establishes clear decision-making processes and responsibility allocation for managing risk, ensuring transparency and accountability throughout the project lifecycle.

Outcomes of this stage include:

  1. The business process of project portfolio risk management has been developed, configured in the Project Management Information System (PMIS), and fine-tuned. The link with the project initiation process has been established to transfer portfolio risk management calculations and developments to new projects.
  2. A register of portfolio risks, risk submission forms, and a risk notification system have been established in PMIS, enhanced with AI for automated risk identification and reporting.
  3. The risk management business process of individual projects has been developed, configured in PMIS, and put into place.
  4. Project risk registers, risk submission forms, a risk notification system, and the allocation of risk responsibilities have been set up in PMIS, supported by AI-driven monitoring and analysis.
  5. Customized risk reports automatically generated in Power BI format:
    • Organization and portfolio risk report.
    • Aggregate report for all individual project risks.
    • Detailed report on the risks of each individual project.
  6. Modifications have been made to the PMIS documents of regulations/standards and to the PMIS work processes, encapsulating the process of risk identification, analysis, planning, response implementation, and risk monitoring, enhanced with AI automation.
  7. The customer’s employees have received risk management training, including the use of AI tools for risk analysis and reporting.
The duration of this phase is 20 business days.

Responsibility:

The Contractor’s responsibility is to provide a business analyst, a risk manager, and a programmer for system configuration and adjustment. They should also provide the tools and practices necessary for developing risk management processes and tools, including AI capabilities.

The Customer’s responsibility is to appoint a project portfolio risk manager and to provide access to information necessary for the development of risk management processes.