enterprise project management office Best project portfolio management software and tools in 2025
X
Tip

Project portfolio risk management: Learn the key tenets

Project portfolio risk management is a holistic approach to managing project risk. Learn about its benefits and what can get in the way of success.

Major world events such as supply chain disruptions, the pandemic and the war in Ukraine have been disrupting businesses across industries. The organizations that practice effective project portfolio management have been in a better position to weather the impacts because they're constantly identifying, analyzing, monitoring and prioritizing the risk factors that affect projects across the enterprise.

Though many companies practice project management, few have adopted the portfolio-based view. For example, in the automotive industry, the absence of necessary semiconductors has impacted car manufacturing, marketing and sales, and therefore revenue and profitability.

While not all risks can be anticipated, organizations can bring greater order to chaos by adopting the tenets of project portfolio risk management. Let's start with a definition of project portfolio management.

What is project portfolio management?

Project portfolio management (PPM) is a formal approach to prioritizing, analyzing and managing projects underway across the enterprise.

Alan Zucker, founding principal of consulting and training company Project Management Essentials, defines PPM as all the projects and programs within a portfolio. The discipline is built on a set of guidelines and practices that help companies select projects that are strategically aligned to company goals and provide oversight and governance to the portfolio of projects.

PPM is not easy, warned Matthew Ramirez, founder of AI application development company Rephrasely, which caters to authors and journalists. "Project portfolio management is a complex process with a number of variables, and it's often hard to get it right. A lot of projects fail due to a lack of attention to detail or poor planning," he said.

The best way to develop a project portfolio, he added, is to first identify the key business objectives that the portfolio should support and then select projects that will help achieve those objectives. 

Chart illustrating the differences among project, program and portfolio management
Project, program and portfolio management are related but not the same. Learn the key differences.

What is project portfolio risk management and why is it important?

Project portfolio risk management helps ensure that organizations are taking advantage of opportunities and managing risks in a holistic manner. While software is necessary to ensure the right processes and practices are in place, organizations moving to a portfolio risk management approach must start by updating their internal processes and making certain that they have the right people in place to balance risk across the overall portfolio.

Portfolio risk management applies risk management principles to ensure organizations achieve the strategic goals of their project investment decisions.

"Risk management is dealing with uncertainty," Zucker said. "Project portfolio risk management is the ongoing practice of identifying and responding to threats and opportunities. The methods are similar to project risk management but should be focused on items that threaten [the ability] to achieve the business priorities."

The project portfolio risk management process should involve the following steps:

  1. Identify risks.
  2. Analyze them.
  3. Recommend actions.
  4. Provide a means for monitoring and controlling the risks.
Irene Graham, co-founder, SpylixIrene Graham

Project risk management is more common today than portfolio risk management because it's easier to implement. The former applies to a specific project, while the portfolio view, as noted, includes all projects. The higher-level view provides insight into how individual projects support business objectives, as well as their respective opportunities and risks. This information informs project adjustments and investment so they can be managed in a data-informed way.

Irene Graham, co-founder of parental phone tracking app company Spylix, said portfolio risk management helps organizations balance the degree of risk in the portfolio, safeguarding investments. "The COVID-19 crisis is a current illustration of the necessity for enterprises to set up project portfolio risk management procedures to protect the portfolio and its value."

How to develop a project portfolio risk management plan

Before creating the project portfolio management plan, an organization should have a portfolio charter that describes the portfolio's current and future state, its objectives, intended outcomes, key stakeholders, critical constraints and considerations.

Alan Zucker, founding principal, Project Management Essentials Alan Zucker

"The portfolio charter provides the foundation for the portfolio risk management plan. [It] should describe the framework for identifying and evaluating opportunities and risks to help guide investment decisions, as well as the process for regularly identifying, assessing and addressing risk," said Project Management Essential's Zucker.

Plans vary based on an organization's goals, maturity, knowledge and culture. Some are simple and others are complex. In 2020, enterprises used Monte Carlo simulations more frequently than before to minimize the potential impact of various pandemic-related risks.

Another tool is sensitivity analysis, which predictively models risks and decisions.

The plan should be collaboratively created by stakeholders, with the portfolio governance committee leading the charge. This group is similar to a project management office (PMO), but the players are executives and board members.

The portfolio governance committee stays in close contact with the PMO to ensure that the status of all projects -- and their associated risks -- are known. The governance committee must also understand the interdependencies among projects, which might be process-oriented, technology-oriented or resource-oriented.

Understanding the interdependencies is critical because one small project-oriented change may affect another project or the portfolio as a whole. Understanding all that complexity must be made simple, such as through software dashboards for quick reference and drill-down.

Fundamentally, portfolio risk management -- like project management -- is a dynamic, continuous process that optimizes outcomes, such as exploiting market opportunities or minimizing risks. How companies prioritize opportunities and risks depends on an organization's risk appetite and tolerance

Image listing 4 strategies to manage risk: risk avoidance, risk reduction, risk transfer and risk acceptance
The impact and frequency of a risk helps determine what risk strategy to use.

Project portfolio risk management: 8 best practices

Several factors impact success, so it's important to understand what they are. The best practices outlined below can help:

  1. Understand the risks present in individual projects and the portfolio. It's also necessary to understand how individual projects impact the portfolio.
  2. Identify business opportunities. Project portfolio risk management helps organizations understand opportunities within the context of risk.
  3. Quantify goals, milestones and KPIs. In addition to defining acceptable or desirable levels of risk, stakeholders need to know what's expected of them, by when and if their actions will impact others.
  4. Monitor the dynamics affecting projects and the portfolio. The portfolio should be constantly monitored and there should be clear channels of communication between the governance committee, PMO and other stakeholders.
  5. Be agile. Rapidly changing circumstances have become business as usual. When a risk exceeds a threshold, the cause and the recommended course of action must be understood.
  6. Utilize data to your advantage. Project and portfolio management software collect and generate a lot of data. Over time, that data can be used to improve processes and outcomes.
  7. Communicate and collaborate. Portfolio risk management is a team sport, so it needs to be approached that way.
  8. Seek help. The Project Management Institute has a lot of helpful resource materials. There are also consultancies that can help companies create or improve a project portfolio risk management function.
Matthew Ramirez, founder, RephraselyMatthew Ramirez

Portfolio risk management requires organizational changes, so change management practices should not be overlooked.

"Project portfolio risk management has many benefits, but perhaps the most important is it helps identify and mitigate risks early on in a project's lifecycle. This can save a lot of time and money in the long run, as well as avoid any potential disruptions to the business," said Rephrasely's Ramirez. "[It's] also a great way to monitor a project's progress. This helps ensure that projects stay on track and are not delayed or derailed."

Pitfalls to avoid in project portfolio risk management

Like any endeavor, success varies but tends to improve with experience. Less mature organizations struggle to deliver projects on time and on budget. More mature organizations have greater control over projects and are able to strategically balance risk across the portfolio.

The following are some important portfolio management risks to guard against:

  1. There's no charter, so no guiding principles upon which to base a plan.
  2. There's a plan, but it's not being implemented effectively or at all.
  3. A major natural disaster has occurred.
  4. The supply chain has been disrupted.
  5. A war has impacted the global economy.
  6. There's a recession or other unfavorable economic condition.
  7. A disruptive innovation threatens to make one or more projects obsolete.
  8. Some risks were not identified or could not be anticipated.
  9. Project interdependencies have not been considered.
  10. The company lacks the expertise or staff to succeed.
  11. Project management and the portfolio governance committee are not communicating or collaborating effectively.
  12. The portfolio or projects are not being monitored or managed effectively.
  13. KPIs are not being met or the right ones have not been implemented.

Being aware of such pitfalls, and avoiding them to the degree possible, helps to manage risks effectively. The range of roadblocks to succeeding at portfolio risk management is also the main reason companies seek consultative assistance.

Next Steps

Project vs. program vs. portfolio management

10 benefits of adopting project portfolio management

Dig Deeper on Risk management and governance