Book Review

Risk Management for Project Driven Organizations

Reviewed by Caesar Bernardo, PMP, RMP

risk mgmt cover Authors Andy Jordan, PMP
Publication J.Ross Publishing, Hard cover; 334 pages; ISBN: 978-1-60427-085-3; 2013; $35.00
Purpose Aims to address risk across the enterprise for projects, programs and portfolios. It provides a practical, risk management approach to control risks from an organizational perspective.
Audience Project/Program/Portfolio Managers who want to go a bit beyond just managing risks/issues from the perspective of classifying risks as ‘high, medium and low’.
Availability Amazon:
PMI Marketplace:


Introduction – I chose this book to learn more about risk management and to look for ways to implement strategies across an organization from project to program to portfolio levels. As a PMO program manager, I have been fortunate to observe a diverse set of project/program level risks that sometimes ‘bubble up’ to the portfolio level.  This diversity can make risk response strategies pretty complex but exciting.

Overview – The book is organized into 3 sections – which can be described as foundation, process framework and implementation. Foundation describes the various organization risk theories and concepts. For example, Jordan describes various external (e.g. regulatory and reputational) versus internal (e.g. compliance, financial, operational and strategic) risks. Depending on your industry and role in the organization you may be more focused on one or the other. In my current role, the majority of risks are regulatory and reputational in nature since the company is required to comply with certain US legislation such as Dodd Frank, Basel or enterprise stress testing requirements. Process framework looks at organizational risk management across the project, program and portfolio levels. Jordan points out that one should ensure that a robust contingency plan is in place, be prepared to implement the plan, and then refine the plan based on the outcome.  Lastly, implementation pulls it all together and shows how one would use these concepts in the ‘real world’.  Jordan makes a case of using PPM (Project Portfolio Management) software to more efficiently manage risks.  Software can be used to automate certain functions including unique risk identification numbers, validation of mandatory fields, monitoring of progress through alerts/reminders, and tracking risk/issue resolution.

Information on the author – Andy Jordan is president of Roffensian Consulting, an Ontario, Canada based management consulting firm with a strong emphasis on organizational transformation, portfolio management and PMOs.  He is a well-known author on project management and related topics.

Highlights – Although risk management can be seen as an advanced topic, Jordan does not assume the reader has a great deal of experience.  Rather, he starts by simply defining what a risk is: ‘A potential event or occurrence, which, if it occurs, has a positive or negative impact on the project’s objectives’.  The author is quick to emphasize that risks could actually have a positive impact for the project. Jordan asks readers to think about positive risks as missed opportunities in one’s personal life. Early in my own career, I had an opportunity to obtain a technical certification paid for by my company but decided not to because I didn’t see the value at the time. Shortly after, I moved to another company and wished I had obtained the certification. Such a situation would be considered a positive risk that was not managed successfully.

What I like about this book – There were a few areas that resonated with me that I wanted to share. First and foremost, I wanted to better understand how PMOs can actively engage in risk management. In some respects, I felt the higher level achieved within an organization (e.g. senior management), the further removed one might become from the real risks and root causes; therefore, making it more challenging to understand and really make a difference. I learned however, that this is not the case and it really depends on the risk ‘culture’ within the organization. I found the discussion related to the definition of a PMO to be very refreshing. PMO means different things to different people; even those working in PMOs like myself!  Jordan makes a distinction between EPMOs (Enterprise Project Management Offices) vs. Traditional PMOs. The key difference being the former usually results in some form of consolidation across the organization.  The latter can come in several different flavors in terms of business, purpose and approach and exist within a larger organization entity.

Conclusions – I enjoyed the book and would recommend it for both junior and seasoned project managers. For me, the biggest takeaway from reading this book has been the role of the PMO as a support function that should be leveraged to assist with organizational risk management. In practice, this means the PMO are independent , ‘focused solely on maximizing the chances of success’, ‘advisory, not prescriptive’ where risk management is applied broadly across an entire portfolio, program and project.

About the Reviewer

bernardo caesarCaesar Bernardo is a Technology Program Manager for Citigroup who has worked in project/program/portfolio management for over 15 years.