Project Smart ~ Exploring trends and developments in project management today

Calendar icon
Adobe PDF icon

The Seven Deadly Sins of Risk Management

~ By Kareem Shaker

Road warning sign - Risks Ahead

Risk management is the heart and soul of project management. Failing to practice it right can have fatal consequences on projects and programmes. Doing real effort in the planning stage can save the entire investment and will increase the likelihood of project success. However, planning alone is not enough if monitoring risks is not handled seriously. These are seven deadly sins of risk management and how to take preventive actions to avoid them.

1. Disregarding Enterprise Risk Management

Enterprise Risk Management (aka ERM) specifies the processes, frameworks, and methodologies an organisation uses to identify and manage enterprise risks of all types, such as operational, strategic, financial, compliance, etc. The project manager has to consider the enterprise-wide risks and study what threats the organisation is likely to encounter during the projects' lifetime. Consulting the Chief Risk Officer (CRO) before and while building the risk management plan can have a mammoth impact on the way the project management plan will be developed. The project risk management has to be congruent with ERM, since the ERM governance can impose certain documents to be delivered, probability/impact scales, risk appetite, and risk management software to be used. Project Management Institute refers to those as Enterprise Environmental Factors (EEF).

2. Using Incomplete Risk Breakdown Structure

Risk Breakdown Structure (RBS) is the catalyst to identify large numbers of risks. Risk management teams use it to identify risks and stimulate the minds of the stakeholders who will be participating in the risk identification stage. RBS can be developed by listing all the root causes of potential risks. RBS highly depends on the project domain. Every industry has its own associated risks. Risks that are valid to a software project may not be applicable to a construction project. The project manager can start with a template from a known body and customise it based on previous project history and project-specific risk categories.

3. Ignoring Subjectivity

Subjectivity can make risk management lose its essence. You will find that risk averse stakeholders will identify large numbers of risks; in contrast, risk takers may be oblivious to real risks. It is important to mediate these conflicts during risk identification.

The risk identification process is substantial for successful risk management. I believe that identifying risks will always get 60% of the job done, and the rest is sort of "Just Do It!" There are different information gathering techniques to solicit stakeholders' input. The perpetual problem of risk management information is subjectivity. Different people will perceive risks in different ways. For instance, a financial risk may not grab a technical manager's attention, and a technical risk is very unlikely to be deemed as a risk by a financial manager. It is the responsibility of the risk management team to remove subjectivity and ensure quality of risk information. Subjectivity can be avoided by using the Delphi Technique, as it keeps the views of different subject matter experts anonymous, even after finishing the identification phase.

4. Assigning All The Risks to The Project Manager

Successful risk management can never be a one-man army. The risk management team has to set clear expectations and inform subject matter experts, stakeholders, customers, team members of what is expected from them. The ownership of risks has to be communicated to the risk owners. The project manager has to follow up on the status of assigned risks, and the risk owner has to report risk status updates on a frequent basis. The project manager should not be the only individual who owns risks. Potential risk owners may be reluctant during risk identification stage, fearing that they may be responsible for the risks they will be identifying. Creating a risk management RACI Matrix (Responsible, Accountable, Consulted, Informed) will ensure roles and responsibilities are clearly identified and communicated.

5. Neglecting Risk Management Benefit Cost Analysis

Not all risks have to be managed; some risks just need to be accepted. Response strategies of negative risks (yes, there are positive risks, those are known as opportunities) are Avoid, Transfer, Mitigate, and Accept, but oftentimes the acceptance strategy is never considered. Risks have to be accepted for two main reasons; first is unfeasibility of the first three response strategies, and second is due to unfavourable benefit cost analysis. For instance, if the loss value is much smaller than the benefit gained, due to implementing a control, it would be rational to accept the risk; otherwise you would be paying $100 to save a $60 risk.

6. Misusing Contingency Reserve

Contingency reserve can only be determined after the project manager has had multiple revisions of the project management plan. Contingency reserve should only be used when a planned risk (aka known unknown) materialises. The contingency reserve should not be used for any unplanned risk (unknown unknown). The unplanned risk can only be handled by the management reserve. It is also not right to use the contingency quota of one risk at the expense of another risk, unless the latter has already become void.

7. Doing it Once

Risk management is an iterative process and should be practiced in all project stages, from inception to closure. It is not right to do it during the planning stage only, nor is it right to stop looking for new risks during the execution phase. Many project managers conduct risk identification at the beginning of the project, and shelve risks until they turn into issues. The project manager should elevate the culture of risk management and ask team members to report new risks. The new risks have to go through the process of analysis and response strategy planning. The project manager has to visit the reserve balance and make sure that no risk will have no contingency. It is also important to put risk management on the agenda of frequent progress and status update meetings.

These are the seven deadly sins of project risk management as I could identify them. It would be great if you can share your experience and articulate what could be a sin in risk management from your perspective and how to avoid it.

Kareem Shaker, PMP is a project manager at Dubai World, he has over 10 years of experience in IT projects, consulting, and pre-sales. Read his blog at Kareem's Blog


Be the first to comment on this article.

Add a comment

(never displayed)

Enter the last letter of the word satellite.
Notify me of new comments via email.
Remember my form inputs on this computer.

Avoiding Project Management Pitfalls

Foot about to tread on a banana skin

Common pitfalls that projects experience and some tips to help make a project more successful and avoid the potential for chaos.

Work Breakdown Structure Made Easy

Work Breakdown Structure

The Work Breakdown Structure is a deliverable-oriented, hierarchical decomposition of the work to be completed by a project team.

Stealth Team Building

Four jigsaw puzzle pieces on the topic of team building

The effective project manager takes advantage of every opportunity the team gets together to develop team synergy.

The Simplified Project Management Process

Flat design of project management with icons

A five-minute step by step explanation of what project management involves for people who are unfamiliar with the approach.

PROJECT SMART is the project management resource that helps managers at all levels improve their performance. We provide an important knowledge base for those involved in managing projects of all kinds. With weekly exclusive updates, we keep you in touch with the latest project management thinking.

WE ARE CONNECTED ~ Follow us on social media to get regular updates and opinion on what's happening in the world of project management.

Latest Comments

Alick Nyangulu commented on…
The Role of the Project Manager
- Thu 20 October 8:14pm

Duncan commented on…
Project Planning a Step by Step Guide
- Thu 20 October 5:04pm

Karim commented on…
Project Planning a Step by Step Guide
- Thu 20 October 12:48pm

Latest tweets

General Project Management • Re: What is a main priority when looking for PM Software? #pm #projectsmart about 1 day ago

General Project Management • Re: Project Managment Software #pm #projectsmart about 1 day ago

General Project Management • Re: Best/cheapest online PRINCE2 Foundation course with exam included #pm #projectsmart about 2 days ago