Risk management is an important part in all projects. It is described extensively in all project management frameworks and there are many publications about this topic. The guidance in risk management is mainly related to operational risks that occur in the daily work of a project. Defining processes, setting up a list of risks, assessing risks and managing them is described accordingly.
The LPLM© provides a broader view on all kinds of risks and groups them into the three major level. Additionally, it shows how to link the risks between the level and gives so a strong setting for dealing with risks in large scale projects. Particularly the dependencies between all level is one of the important features of the model. This is necessary because there are different views and understandings of risks in each of the level.
For example, the operational level identifies risks mostly on a day-by-day basis that influences the project execution and is usually not able to classify a certain risk in terms of the overall project goals or even in relation to the objectives of the executing organization. For example, the publication in (R1) claims "Strategic risks do not occur while a project is in progress" because all those risks should be known or sorted out before the project starts. This might be true for all known influences coming from the strategic view inside or outside the executing organization. Nevertheless, there may be risks that occur during the project execution which are only visible on the operational and tactical level but they could heavily influence the overall strategy of an organization. Neglecting these risks could bring an organization under pressure that must be managed by the respective management boards. On the other hand, a certain strategical risk could influence the project execution.
The figure shows the three level and their major characteristic in terms of risk management. There may be more influences that should be considered but this depends mainly of the project setup and its complexity. Additionally, the executing organization can have an impact on the risk management in the level model.
The major functionality is the assessment of risks which come from the lower levels to a view that shows the influence on the strategic goals of an organization. All respective tasks should lower the influence of a risk to a program, portfolio or an organization. The level serves as escalation path to other parts of the executing organization or to the upper management level. One of the major impacts is often the financial impact of the respective risks in a project if they exceed a certain threshold.
The second purpose for assessing risks here is the feedback to the Tactical Level about accepting risks and their influences. This ensures the appropriate handling of risks particularly on the Tactical Level. There might be reasons to accept a certain risk on the Strategical Level which is judged differently direct inside the project.
The third and often mentioned influence is the request for support from the project to the upper management or other departments of the executing organization. This can help to create a mitigation strategy for a risk or ensure proper support in case the risks occurs.
Risk management in the Tactical Level is without any doubt a very tricky task because it deals with operational risks as well as strategical ones. All tasks on this level must align between bot sides and manage the risks accordingly. An additional challenge is the appropriate coordination and communication between all level and stakeholder. Major tasks are the aggregation and assessment of risk from the operational level, defining of measures and mitigation actions for the overall project, escalation to the strategical level and, the mist tricky one, understanding and applying of risk thresholds that are defined on the strategical level.
This level gathers and assesses all risks that come up during the project execution. All related processes are described in the known project management models which give a pretty good view on the necessary tasks. Additionally to these tasks, the communication of operational risks to the tactical level must be organized in a way that all necessary information are shared without overloading the flow of information. On the other hand, all risks which are not reported must be under control in this level to ensure a proper project execution.