~ By Paul Slater
Most people agree that managing risk within a project is a good idea. Risk Management is an essential part of any programme or project and can vastly contribute to successful delivery. Where it can and does go wrong is when there is an over-reliance on the risk aspects of the project and they in themselves start driving the way the project moves forward.
The management of risk is part and parcel of project management, but is not the be all and end all of it as it sometimes becomes in more risk averse organisational cultures.
To help understand how risk within projects can be better managed it is worth considering a number of aspects of the risk identification and mitigation processes involved.
The most important aspect here is the word 'appropriate'. For large, complex programmes covering numerous disciplines, say construction, software, and telecommunications and running for a number of years it is entirely appropriate to have a risk set-up that matches that complexity. Matches and is appropriate, a set-up that identifies risks in the disparate areas of the programme and allows judgments to be made across the programme as a whole. There may well be a Risk Manager and team to assist that individual in collating the requisite management information. The difficulties arise however when the scale of programme or project is much reduced, but the risk processes of large complex programmes are applied. When this happens, the risk process starts to drive the programme and stops providing a benefit.
Far too often the same risks are identified across multiple related projects or within a programme of projects. Even with sophisticated risk software the potential for confusion is great with different scores being applied to probabilities and impacts. Make sure you identify the one true risk and record it and track it within the correct project. If other projects or a higher level programme need to be aware of it that is fine, make them aware of it, but make sure you don't start double or triple scoring the same risk.
Strange but true. The more risks you identify and manage within a project the greater the chance the project might not come in on time. The reason for this? Well, think about it, it's very easy to identify lots of risks for any project, but it's how far you go that really matters. Get right down 'in the weeds' and you will still have to identify risk owners and people to investigate mitigation strategies, etc. etc. All this takes valuable time and effort away from the main job of project delivery itself. So, make sure you have the important risks identified and managed and keep reviewing to ensure your list is up-to-date.
Once you have identified your set of appropriate risks for your project you need to decide what to do about each and every one of them. Putting in place some form of mitigation may be necessary and add cost to the budget, but that's just the way it is. Having said this there could well be risks that you decide simply to accept as they are because either the probability of them occurring is so low and/or the cost of putting in place some mitigation is so high. You aren't ignoring the risk you are making a conscious decision to accept that it may happen.
Risks happen in any project and some may have been predicted and planned for while others may not have been. The project is the project with its set requirements, that's what everyone accepts as the truth. But, what if a risk occurs which starts to make you think seriously about the validity of the project or the direction in which it's going? When reviewing the project risks and looking at those that have occurred ask yourself the question "Does this project still need to go in this direction or should we consider altering it?" Of course, the ultimate might mean cancelling the project altogether, never an easy decision for anyone.
So, are all risks bad? Of course not. Make sure you are managing the risks that are appropriate to the project and make related programmes and projects aware of them and you are most of the way there. Opportunities can be anywhere within a project space, but just remember to think about them as you go through the risks; it starts to make that risk review meeting far more meaningful.
Paul Slater owns and runs Mushcado Consulting in the UK, advising businesses and organisations on how best to employ project management techniques to improve project delivery. As a leadership coach, he works with individuals and organisations to bring out the potential inherent in people. You can follow Paul on Twitter @Mushcado