Sunday, November 12, 2023

From PMP, PgMP to PfMP: Project and Program Risk Management Vs. Portfolio Risk Management

Project and Program Risk Management when compared with Portfolio Risk Management will have many fundamental differences. Indeed, there are a large number of differences that you have to know, if you are coming from a project management or program management background. 

Many of my course and/or book subscribers are Project Management Professionals (PMP®), Risk Management Professionals (RMP®) and some of them want to pursue Portfolio Management Professional (PfMP®) certification. There are also aspiring PfMPs, who don’t have any other formal project or risk management certifications, but they understand risk management. As I spoke in a recent international webinar one can directly go for PfMP, without being a PMP or (Program Management Professional (PgMP®).

In this article I’ll elaborate on a number of differences between project risk management and portfolio risk management. To have a basic understanding of portfolio risk management, I'd recommend that you read the following article.

PfMP Exam Prep: Fundamentals of Portfolio Risk Management

This article is for both PMPs or PgMPs who want to be PfMPs and also for professionals and practitioners who directly aspire to be PfMPs. Again, you need NOT be a PMP, PgMP (or RMP) to be a PfMP as this article informs.

Now, let's see the differences. These are fundamentals and will be very useful for your PfMP exam.

Difference  1: The Definitions

The differences start with the definitions. And the differences can’t be more contrasting! 

The definition of a project risk is as follows:

An individual project Risk is an uncertain event or condition that, if it occurs, has a positive or negative effect on one or more project objectives.

On the other hand, the definition of a portfolio risk is:

A portfolio risk is an uncertain event or condition that, if it occurs, has a positive or negative effect on one or more strategic business objectives of a portfolio.

Did you notice the differences? While the former is about project objectives, the latter is about strategic business objectives. These can also be with respect to the success criteria of the portfolio, which are documented in the Portfolio Charter.

Difference – 2: Risks and Components

A project will have deliverables, whereas a portfolio can have components such as projects, programs, operations, business cases etc. 

Project risks (individual or overall) are ONLY about the project or any other sources of uncertainties impacting the project objectives. You can learn more on individual and overall project risks in this article.

On the other hand, in portfolio risk management, we consider risks arising out of the components. For example, when a project risk can’t be addressed at the project level and the project manager believes it can be addressed at the portfolio level (and it’s accepted at that level), then the risk will be escalated and managed at the portfolio level.

In fact, in portfolio risk management, we build the Portfolio Risk Component Chart, which is not applicable in project risk management.

Difference – 3: Interdependencies

In a portfolio, the components will have interdependencies, which can be visualized with Portfolio Roadmap. Risk management becomes critical and crucial when there are interdependencies among high-priority components. In such a scenario, the cost of failure of a portfolio component can significantly impact other components.

In project management, however, we don’t have any interdependencies among components, though there can be dependencies among the deliverables. These will be addressed by overall project risk. Remember that overall project risk is the effect of uncertainty on the project as a whole, arising from all sources of uncertainty including individual risks. 

Difference – 4: Maximizing Opportunities, Minimizing Threats Vs. Maximizing Financial Value

Project risk management is primarily about increasing the probability and/or impact of positive risks and decreasing the probability and/or impact of negative risks in order to optimize/increase project success. One can also say project or program risk management is concerned mostly about risks that arise with a project or program. 

However, a portfolio will have components such as projects and programs. Hence, a portfolio is concerned about:

a) Maximizing portfolio’s financial value,

b) Tailoring its fit into organizational strategy, and 

c) Balancing the portfolio components.

One can also say that portfolio risk management is about increasing the probability and/or impact of positive risks and decreasing the probability and/or impact of negative risks in order to increase the portfolio value, strategic fitness and balance of the portfolio. 

Again, can you notice the differences? Aren’t they very different?

Difference – 5: Contingency Reserve

I’ve written a number of articles on contingency reserve and management reserve. I’ve also informed the myths and facts about these reserves

Specifically considering contingency reserve, contingency reserve is at the individual project level. The earlier linked article informs more on its calculation, which happens during quantitative risk analysis.

However, for portfolio management, you as the portfolio manager have to provide contingency reserves across a pool of component projects and programs. 

Difference – 6: Equity Protection

This is another term, which you will come across for the first time in portfolio management, unless you have some prior understanding in financial management. Usually, it’s by financial asset management or insurance companies.

As noted, Equity Protection is a distinct concept in Portfolio Risk Management. This for all constituent projects and programs. The portfolio management holds an aggregate contingency reserve for all the components. These are usually for risks with low probability, but high impact. 

In project or program risk management, we don’t have any such concepts of equity protection. In portfolio management, equity protection can be for both threats (negative risks) and opportunities (positive risks).

Difference – 7: Risk Management Processes

On of the biggest confusions for professionals coming with PMP, PgMP or RMP certification is with respect to the risk management processes and how they interact with each other.

In project risk management, going by the PMBOK® Guide, one can find seven processes, which are:

  • Plan Risk Management,
  • Identify Risks,
  • Perform Qualitative Risk Analysis,
  • Perform Quantitative Risk Analysis,
  • Plan Risk Responses,
  • Implement Risk Responses, and
  • Monitor Risks.

However, considering the Standard for Portfolio Management®, there are only two processes! 

  • Develop Portfolio Risk Management Plan, and 
  • Manage Portfolio Risks.

Now, as an aspiring PfMP you may be thinking the risk management planning happens in Develop Portfolio Risk Management Plan process. You are right! But then:

  • What about risk identification, qualification and quantification?
  • Where the risk responses are planned and implemented?
  • How to monitor so many risks (because we are also considering component risks)? 

This is where the understanding has to be very clear. Briefly put risk management planning, qualification, quantification, response planning and implementation as well as risk monitoring (controlling is the word used in Portfolio Management Standard) are covered in the above two processes of portfolio management. There are some overlaps, too! These are covered in-depth with a number of diagrams in my new book: I Want To Be A PfMP.

There are many other differences such as with respect to Risk Register, Issue Register (and the processes in which they are created), risk owner, risk response/action owners as analysis such as Monte Carlo analysis, among others. These are also covered in the book.

Nevertheless, I believe with the above seven differences between project/program risk management and portfolio risk management, you have understood the basics. As you would have realized by this time, they are quite different, though the foundational aspects of risk management permeate in all – be it project risk management, program risk management or portfolio risk management. 


[1] NEW Book - I Want To Be A PfMP, The Plain and Simple Way, by Satya Narayan Dash

[2] Book - I Want To Be A PMP, The Plain and Simple Way, 2nd editionby Satya Narayan Dash

[3] Book - I Want To Be A RMP, The Plain and Simple Way, 2nd editionby Satya Narayan Dash

[4] Article – PfMP Exam Prep: Fundamentals of Portfolio Risk Management, by Satya Narayan Dash

[5] Standards for Portfolio Management (multiple portfolio management standards referred), by Project Management Institute (PMI)

No comments:

Post a Comment

Sign- or Log-in and put your name while asking queries in comments. Any comment is welcome - comments, review or criticism. But off-topic, abusive, defamatory comments will be moderated or may be removed.