Mitigating Project Risks – The Under-Discovered Country
Not all organizations have significant project-based compliance and ethics risks. But not all organizations that do have such risks have implemented sufficient mitigation measures in this regard.
The place to start is with a risk assessment, by which I mean:
– An overall assessment of projects, i.e., what are the risks generally of the types of projects a company faces,
– An individual assessment of projects that might differ in a material way from what is indicated by the general risk assessment.
Culture should play a significant role in project risk assessments. Among other things the project staff may have a different time horizon than does the general employee population. Such a time horizon might also warrant particular attention being paid to the area of compliance incentives.
A project presumably would not have its own code of conduct. But – depending on the results of the risk assessment – it might create a policy for areas of complexity or great consequence,
Training and other communications should also be considered for projects. In particular, role-based and just-in-time training – both hallmarks of “behavioral ethics” – could be warranted.
So should auditing and monitoring. These mitigation measures may be especially useful in light of the result of risk assessment.
Finally, while projects typically do not generally have their own compliance officers, some assignment of responsibilities may be warranted depending on the organization’s risk.