” I’d like to take the risks and issues to the steering group this week as we haven’t reviewed them for a while”
Does this set your alarm bells ringing? It did mine for a couple of reasons.
First and foremost, as a programme or project manager, the key risks and issues to your programme or project should be at the forefront of your mind. Now admittedly, in most projects or programmes there will be a whole range of risks and issues and the project or programme manager can’t hope to keep track of every single one on a day to day basis. However, every one of those risks and issues should be at the forefront of someone’s mind in the project team. Either a sub-project manager, team leader or even an actual team member, but it must be important to someone.
If it’s an issue, it is affecting someone’s work now and should be getting immediate attention. If it’s a risk to current or future tasks, it should be being monitored and appropriate mitigating actions being planned or put in train. This should be common practice at every level in a project or programme. Then, as part of the regular status reporting cycle, each risk or issue gets reviewed and escalated if the impact becomes more significant. That way, something that starts out as a small delay to one aspect of the project gets escalated right to the top if it starts to impact overall delivery. But don’t wait for the status reporting cycle if something important starts to go wrong. Raise the flag immediately. That’s how the programme or project manager gets to identify the key risks and issues as soon as they become key.
So the programme or project manager should have a process in place to ensure he gets to know about the key risks and issues in a timely manner and can the focus the right people on resolving the problems.
The second reason this statement worries me is with respect to the steering group. Issues impact a project now, so any significant issues that warrant steering group attention should be being reported on as a matter of course to the steering group. Risks can fall in to two categories. The first is general risks that are not task or milestone specific. For these, a less frequent review or update is acceptable. But that review or update should be scheduled as part of the meeting calendar. For all task or milestone related risks, these should be reported and discussed as part of the relevant status report.
So I would argue that all steering group level issues and milestone related risks should be discussed at every steering group and all other risks at least periodically. The PMO should be performing assurance checks against the RAID log to ensure this is happening. If it’s not, then someone is not doing their job properly.