Having been involved in Project Management (and hence Project Risk Management by association) for more than 25 years, I have encountered a fair amount of scepticism when it comes to considering the benefits of Project Risk Management software. The underlying question being, “Does it actually help?”.
The short answer is, “That depends”.
The longer answer is that it depends on several factors, including:
- Whether the software you are using is designed for the type of risk management approach you are taking.
- Whether you are looking for the software to provide you with Qualitative Risk Analysis, Quantitative Risk Analysis, or both.
- Whether the software you are using is an Enterprise Risk Management (ERM) application with a built-in Project Risk Management module, or is a dedicated Project Risk Management application.
- Whether the software actually does what it purports to do. That is, if it is marketed as a “Project Risk Management” application, then does it actually address the “Management of Project Risks”, or is it just designed to be a risk identification and status reporting tool.
- Whether your project risk management team are fully trained in the use of, and committed to applying, the software and all its capabilities.
The bottom line is, a Project Risk Management application will only help manage project risks if it actually does what you want it to do, and the people using the application are both committed and knowledgeable in the use of the software.
I have worked with numerous companies in the past who have spent hundreds of thousands of dollars investing in Enterprise Risk Management systems, expecting these systems to be able to manage every conceivable risk that the company is exposed to. They subsequently discover that the system either provides limited effective “Risk Management” capabilities, or that the users find the application to be too unwieldy to be applied practically or efficiently to the risks they are dealing with. ERM systems can be very useful and powerful tools for experienced risk analysts and corporate risk management teams but, all too often, they fall short of the mark when it comes to the practical management of the day-to-day risks which every project is exposed to.
Many people have told me that a Project Risk Management application is only helpful if it can quantitatively analyse risks with a reliable degree of accuracy to enable effective decisions to be made. While this may certainly be a critical attribute in the management of risks where decision making relies on the ability of a system to accurately predict both the probability of risk event occurrence and the impacts of the risk, it is not a critical requirement in the management of most of the day-to-day risks encountered when managing a project.
Project risks vary widely, and the first step in any risk analysis process is to analyse the risk qualitatively (see our previous blog post titled: “Qualitative vs. Quantitative Risk Analysis: What’s the difference?”). This qualitative risk analysis will determine whether there is enough information known about the risk to effectively manage it without undergoing any further quantitative analysis. In most projects, the types of risks that require quantitative risk analysis are well known in advance. These will include risks associated with developing cost & schedule estimates, as well as hazardous operation related risks. As such, a project team will normally apply specialist resources, using specialist tools, to quantitatively analyse these types of risks as a mandatory process in the execution phase of a project. However, the type of quantitative risk analysis tool used still needs to be appropriate to the type of risk being analysed. Applying Monte Carlo analysis (see our previous blog post titled: “Monte Carlo Simulation: How does it work?”) is common practice when analysing risks associated with cost and schedule estimates, but the accuracy of any Monte Carlo analysis is heavily dependent on both the accuracy of the uncertainty ranges entered into the simulation, as well as the number of cycles that the simulation is run for. Monte Carlo simulation has a notoriously slow convergence rate, meaning you need to run the simulation over hundreds of thousands of cycles to get the accuracy of the outcome to within 0.5%. This is not really a problem for most applications with the computing power available today but, for hazardous operation risk analysis, where the predictive accuracy for Potential Loss of Life (PLL) is normally required to be within 0.01%, using Monte Carlo analysis is not a recommended approach.
On the other hand, dealing with the day-to-day risks experienced on any project can more often than not be managed quite effectively by only applying qualitative risk analysis methods. This does, however, require a clear and consistent set of qualitative analysis rules and definitions to be established and applied throughout the project. If a project does not have clearly defined risk acceptability threshold levels for each risk category, or is not able to apply a consistent approach in defining risk severity and manageability, then it will certainly not be able to effectively manage and control its risks. And this is where much of the scepticism about the usefulness of Project Risk Management software stems from. Many Risk Management software applications (be it Project, Business, Health & Safety, Financial or any other risk management application) are nothing more than risk identification and status reporting tools. Some may provide users with an “Expected Monetary Value” feature, which calculates the expected monetary impact value of a risk based on the likelihood of the risk event occurring. But how useful is this when the likelihood of risk occurrence is not empirically derived, or the impact cannot be accurately quantified in monetary terms? Our opinion is, "Not very" (see our previous blog post titled: “Expected Monetary Value – Where’s the Value?”).
Project Risk Management software can, and should, save projects time and money. But, most importantly, it needs to help preserve a project’s values and objectives by being an effective project risk management tool.
In pursuit of coming up with such a tool, we have recently updated our own in-house Project Risk Management application, which is now available as either a FREE or PRO version. Our FREE version is free-for-life, and allows subscribers to assign up to 5 active users with access rights at any level. Our PRO version allows subscribers to assign as many active users as they need, for as long as they need. This version also provides users with full access to all the other features and functionality of the software, which is partially restricted on the FREE version.
Now, we are by no means trying to claim that our software is the answer to every project’s risk management challenges, but we have strived to make the application as practical and useful as possible. It is a qualitative project risk management tool, so relies on applying consistent risk acceptability thresholds and definitions (for which default values have been pre-set, but can be changed to suit individual projects). The application can be applied to any type of project and, in the PRO version, data can be exported and integrated with universal ERM systems.
Should you wish to make use of this application, please feel free to download it from our software page. Any comments on how useful you find it, or any additional features you think it may require, would be most welcome and can either be posted on this page, or sent to us directly via our “Contact Us” page.