Key principles of risk management

The diagram below shows an example of a typical split of responsibility for a major programme or large project.  There are many types of project and programme and each client organisation has different governance and management arrangements that must be accounted for in any process design. It is important that the basic elements set out in the framework (see Risk management strategy) are included in some form so that the risk can be said to be identified and managed and that a basic 3-lines-of-defence model is applied such that there is an element of assurance review and audit to monitor continuing performance.

Figure 3: Responsibility split for a major programme or large project.

Risk management is a core discipline of project and programme management and, applied correctly should involve all areas of the organisation. It is advisable to set out the relationships, roles and responsibilities clearly in some form of RACI model as this will greatly aid the effectiveness of risk management.