Ihor Pavlenko: PMO Risk Management (UA) Lemberg PMO School 2024 Website – https://lembs.com/pmoschool Youtube – https://www.youtube.com/startuplviv FB – https://www.facebook.com/pmdayconference

2. 9 years in IT, 6 of them in management
positions.
Currently work at AltexSoft - a consulting and
technical solutions company.
Lecturer of PMO school for the last year.

3. 1. ISO 31000
AGENDA
3. INSTRUMENTS FOR THE RISK
MANAGEMENT
2. RISK MANAGEMENT FRAMEWORK
IN PMO

4. DEFINITION OF A
RISK
An uncertain event or condition, that if it occurs, has a
positive or negative effect on a project's objective. (PMBOK®
Guide)
The effect of uncertainty on objectives (ISO 31000)

5. ISO 31000

7. INTEGRATED
- RM is a part of your overall business strategy
- The opposite of “Let’s hope for the best!”
Your Risk Management structure & strategy is
formalized, you have Risk Manager, described
roles, risk examples given, etc.
Our approach to the RM is based on various
environments: Demographic, Economical,
Social-Cultural, Technological, Ecological,
Political/Legal.
RM PRINCIPLES
SCTUCTURED +
COMPREHENSIVE
CUSTOMIZED
INCLUSIVE
Different stakeholders are sufficiently involved
in the Risk Management.

8. DYNAMIC
Times change, risk environment changes
We provide the most relevant and available
information for the Risk Management
Define what is acceptable risk tolerance for our
culture
RM PRINCIPLES
BEST AVAILABLE
INFO
HUMAN AND
CULTURAL FACTORS
CONTINUAL
IMPROVEMENT
A kaizen-like attitude towards the whole set

9. Scope, Context, Criteria
(Political) Region
Type of business
Product group
Level of involvement
Risk Assessment
Risk Identification
Which?
Risk Analysis
How severe?
Risk Evaluation
Take action?
Rick Treatment
Which action?
Recording & Reporting
To be auditable, the whole process is recorded
and clearly communicated to both direct
managers and retrievable for external auditors.
RM PROCESS

10. RM FRAMEWORK
INTEGRATION
Integrate responsibilities in all parts with the
aim of:
- Prevent blind spots
- Maximize detection chances
Align to external context
Political climate
Social climate
Complexity of relationships
Align to the internal context
Org structure
Strengths
Weaknesses
DESIGN
LEADERSHIP AND
COMMITMENT
Customize the risk management
Align risk management to strategy/goals
Communicate formal policy
Allocate sufficient resources
Establish risk attitude

11. RM FRAMEWORK
EVALUATION
Periodically compare the current situation to
the intended situation (Audit)
Correct the course if evaluation shows the
need
IMPROVEMENT
IMPLEMENTATION
Plan including schedule and needed
resources for the risk management
Decide who makes decisions
Decide when the decisions are made

12. PMO

13. Political factors
Economical factors
Social factors
Technological factors
Legal Factors
Environmental factors
Political factors
4 DIMENSIONS OF SERVICE MANAGEMENT
FACTORS

14. TYPICAL RISK AREAS FOR
THE PMO
RM FRAMEWORK IN PMO
Resource Management
People Management
Stakeholders Management
Budget & Schedule Management
Lack of transparency and control
Lack of expertise in specific areas
...

15. PREVENTING RISKS
Standardized document(s) to store risks, and
update them regularly.
RISK REGISTRY
REGULAR REVIEW
REPORTING AND
ESCALATION PROCESS
RISK TRIGGERS &
THRESHOLDS
POSTMORTEMS, LESSONS
LEARNED
SHIFT-LEFT APPROACH
Review of the RR on a regular basis with all
needed parties.
Standardized approach with clear definitions of
escalation examples.
Preliminary agreed and approved (and
communicated!) risk tolerance level.
Culture of continuous learning from our
experience.
The sooner we’ve identified a risk - the more
time we have to create an appropriate
strategy, build correct expectations, and
prepare the team for it.

16. ROLES AND RESPONSIBILITIES
Oversees risk administration activities, including identification,
assessment, and response planning; ensures effective
communication of risks and integration into project plans.
PROJECT MANAGER
TEAM MEMBERS
PMO
EXECUTIEVES / SPONSORS
STAKEHOLDERS
Participate in risk identification and mitigation, leveraging their
expertise; support risk monitoring and report emerging risks or
changes.
Govern risk administration, establish policies, set tolerance
thresholds, act as a point of escalation.
Collaborate on risks and response strategies, ensuring clear
understanding and alignment.
Ensure alignment of risk management activities with
organizational goals and objectives, provide high-level
guidance and strategic direction for risk management efforts.

17. INSTRUMENTS

18. BRAINSTORMING AND NGT
BRAINSTORMING
Ideas are generated verbally in a group
setting.
It encourages spontaneous and free-
flowing ideas.
There is no critiquing or evaluation of ideas
during the brainstorming session.
NOMINAL GROUP TECHNIQUE (NGT)
Ideas are generated silently and
independently in writing.
It minimizes the influence of dominant
individuals or group pressure.
Ideas are then shared, ranked, and
evaluated by the group.

19. SWOT ANALYSIS

20. STANDARD RISK LOG

21. MITIGATE AVOID
TRANSFER
ACCEPT
Severity of Consequences
Likehood
RISK MATRIX RISK ASSESSMENT
GRID

22. Avoid
Take action so the threat no longer
has impact or can no longer happen.
Reduce / Mitigate
Actions are taken to reduce the
probability of the risk. Reduce the
impact if the risk does occur.
Transfer
Passing ownership and/or liability to
a another party.
Share
Share is both a response for threats and
opportunities. Share is very common in projects
where both parties share the gain if the costs are
less than the planned costs, and share the loss if
the costs are exceeded.
Accept
It just may cost too much money to
do something about it or it may not
be possible to do anything about it.
However, you do keep the status of
this risk open and continue to
monitor it.
RISK RESPONSE STRATEGIES

24. FMEA
FAILURE MODE EFFECT ANALYSIS
FMEA is a step-by-step approach for identifying all possible failures in a
design, a manufacturing or assembly process, or a product or service. It is a
common process analysis tool.

25. THANK YOU