The Risk Management Life Cycle in the Context of Projects, Programs, and Portfolios

“Project Creates. Program Guides. Portfolio Decides.” – from the book, I Want To be A RMP.

As I interact with various project, program, and portfolio (PPP) management professionals who use my courses, read my books, and/or attend my webinars, I get many queries on the risk management life cycle approach.

While a project is a temporary endeavor to create a unique product (or service/result), a program refers to the coordination of projects, subprograms, and other program activities with the overall intent of obtaining benefits from a product or result. Portfolios, on the other hand, are about management of multiple components, such as projects, programs, sub-portfolios, and other works. Here, we are talking about a collection of said items to achieve strategic objectives of an organization.

Risk Management generally exists within the boundaries of its respective project, program, or portfolio of an organization, though in some organizations it can be looked at as a separate function. For example, in project management, risk management is considered to be a “knowledge area” with its own set of processes, inputs, tools and techniques, and outputs.

A few questions come to mind:

  • How do we address risks in the entire context of projects, programs, and portfolios?
  • What kind of processes should be taken-up which encompass such “PPP” risk management?

To understand risk management fully in this context, first we need to understand the risk management framework. It’s generally built on seven processes, as shown below:


Such a framework informs with a series of phases from start to completion. Similarly, when we talk about the risk management life cycle, we refer to a sequence of logical phases that can be iterated and include the processes of risk management as shown above. These are as follows:

  • Plan Risk Management,
  • Identify Risks,
  • Perform Qualitative Risk Analysis (Perform QLRA),
  • Perform Quantitative Risk Analysis (Perform QTRA),
  • Plan Risk Responses,
  • Implement Risk Responses, and
  • Monitor Risks.

When a project, program, or portfolio (or a phase within such) is closed, the risk management processes are terminated and lessons learned are documented for future use.

In summary, the risk management life cycle (RMLC) works within the context of a risk management framework. It ensures risks are managed in a structured and integrated manner within an organization irrespective of life cycle approaches chosen.

Understanding of the risk management framework across portfolios, programs, and projects is foundational to achieve tangible results coming from risk management.

While a project’s risk management life cycle is somewhat known and practiced, there are a number of variations when programs and/or portfolios are taken up in an organization.

As a risk management practitioner–current or aspiring–one needs to be aware of the intricacies, variations, and subtleties across all the “P’s.” Unfortunately, many practitioners miss these. For example, the primary purpose of program management is realization of benefits, unlike project management where the primary purpose is to meet project objectives. Hence, risk management in the context of programs will differ when compared with risk management in the context of projects.

In my on-demand webinar, we explore the following questions:

  • What is the risk management framework and the risk management life cycle?
  • What should be the considerations for projects?
  • What should be the considerations for programs?
  • What should be the considerations for portfolios?
  • What is the best practice for taking an integrated approach?

I hope you’ll join me.


Avatar photo
Written by Satya Narayan Dash

Satya Narayan Dash is a management professional, coach, and author of multiple books. Under his guidance, over 2,000 professionals have successfully cracked PMP, ACP, RMP, and CAPM examinations – in fact, there are over 100 documented success stories written by these professionals. His course, PMP Live Lessons – Guaranteed Pass, has made many successful PMPs, and he’s recently launched RMP Live Lessons – Guaranteed Pass and ACP Live Lessons – Guaranteed Pass. His web presence is at, and he can be contacted via email at


Share This Post

Leave a Reply