Risk Management | By Chris Wright | Read time minutes
Several years ago, I was concluding a project risk review meeting, and I received a text page from my project's executive sponsor ("Jim") summoning me to his office. As soon as the meeting concluded, I went to Jim's office where he launched into a lecture about the need to cultivate a "positive environment" for the project team. After a few minutes of his diatribe, I explained to Jim that I did not know what triggered this discussion. Jim then explained the regular risk review sessions I was facilitating had created a "negative vibe" throughout the project team, since we were focusing on reasons that the project could not be done. He went on to request that we limit our discussions on project risks and focus on the things we can control instead of those things we cannot. As a seasoned project management professional, I was admittedly stunned that our project sponsor advised his project manager to virtually eliminate our risk management efforts from the project!
I have learned in the years since that this scenario is not that uncommon in the project management environment. The competitive market and stakeholder risk tolerance levels exacerbate the myth that risk management initiatives are a waste of project resource time; that time should be focused on the actual work of the project, not events that may or may not occur. The fact is, however, that it is either contingency planning now or emergency relief later for our projects.
The Common Constraints
In most cases, risk management initiatives either do not occur at all or are done as a mere checklist formality early in the project. The three most common constraints with project risk management are:
1. Risk management is applied inconsistently
Even when potential risk events are identified for a project, this process typically occurs early in the project and is never revisited. As a result, the project team may not be prepared to respond to new uncertainties and issues that have not been identified.
2. Risk management is not prioritised
The risk planning, analysis, and response planning efforts are rarely integrated into the overall project plan. As a result, risk management is not a priority for the project team, and adequate resources (budget and people) are not allocated to address issues caused by risk events. This "we will deal with those events if and when they occur" mentality leaves little or no room for error on the project.
3. Risk management earns limited buy-in and support
In many cases, project sponsors and senior management discount risk management efforts for their projects because the benefits are unclear. Additionally, senior management, hearing the phrase risk management, might say, "We have a group that handles our risk management, so why do we need to have a separate effort on the project. Plus, we are not reducing project costs or delivery time so why should we invest in risk management?"
As you have likely discovered, the challenges present in project risk management are just another element to worry about as a project leader. There are three basic tenets you can incorporate that can turn your risk management efforts into a consistent and proactive process. They include:
Project Risk Management Tenet #1: Assess Early and Often
Project risk management must occur throughout the life cycle of the project. Uncertainties can be discovered at any time, while the relative probability and consequence of identified risks can change over time. For instance, the farther along a project goes into the schedule, the more likely you will lose team members to other efforts. In addition, the impact of poorly defined requirements will typically have a greater impact on project success in the latter stages of the project. It is imperative that the project team address uncertainty early and often, throughout the entire term of the project.
Project Risk Management Tenet #2: Build It into the Schedule
In order to adequately deal with uncertain events, the project schedule must include risk management activities. The project manager must ensure that risk assessment (identification and analysis) and response planning initiatives are a regular occurrence. Depending on the size, scope, and complexity of the project, risk reviews can either be an agenda item on the weekly review meeting or a bi-weekly review by itself. Either way, the project manager must incorporate consistent risk management mechanisms into the project schedule.
Project Risk Management Tenet #3: Communicate and Illustrate Ownership
The inherent uncertainty of risk events tends to make key stakeholders avoid the subject altogether. Therefore, it is up to the project manager to employ effective communications and clear ownership of risk elements. Potential risks need to be clearly identified and assessed, and accompanied by targeted, yet realistic, response strategies. Simply put, risk response strategies need to function as a rifle, not a shotgun. Also, the project leader must ensure that team members are properly aligned as owners for specific risk events. When key stakeholders know who to contact regarding a critical uncertainty, clear communication is better facilitated.
Proper project risk management entails more than simply identification and analysis at the beginning of a project. Risk management must be integrated into the project plan, consistently applied, and clearly communicated throughout the life cycle of the project.
Copyright © 2007, Global Knowledge. All rights reserved. This article was originally published in Global Knowledge's Management in Motion e-newsletter (now named Business Brief). Global Knowledge www.globalknowledge.com delivers comprehensive hands-on project management, business process, and professional skills training. Visit our online Knowledge Centre for free white papers, webinars, and more.