Not only do you need to do the projects right, you must do the right projects. You must:
1 – Define portfolio risk limits, and
2 – Define a risk management structure with timeline, processes and references to guidelines, risk tolerances, threshold and mitigation strategies
Portfolio risk management must balance achieving the organization’s objectives while controlling the organization’s risk.
This plan serves as a framework, evaluating future portfolio components against that risk structure as they are added.
Management has a tool to determine whether those components increase the overall portfolio risk to an unacceptable level.
If that level is too high, management must stop, suspend or change the component or the acceptable risk level so the new component can be incorporated or redesigned.