In our previous article, where we discussed 5 Tips in Project Risk Management, we focussed on five of the most important things in Project Risk Management that need to be understood to make this process faster, simpler and more effective. In this article, we will take this one step further, and consider 5 essential project risk management tasks that need to be undertaken in every project to significantly improve the effectiveness of Project Risk Management.
By now, you will have established the parameters for your Project Risk Management process by applying the tips provided in our previous article. These were:
- Understanding the key factors determining success or failure of your project
- Knowing the boundaries of your scope
- Describing your risks accurately
- Eliminating irrelevant “perceived” risks
- Establishing realistic and achievable risk mitigations
You are now in a good position to start managing your project risks. However, every project needs structure and, similarly, each process within every project needs its own sub-structure. In Project Risk Management, this sub-structure comprises several prerequisite tasks which are required to keep the overall project risk management process controlled and effective. The number and types of tasks may vary from one project to another but, by and large, risk management processes in all projects need to apply the following five tasks:
Have your risk register set up at project commencement
Your project may be limited to a single, simple scope of work, or it may run over many phases, covering multiple complex scopes of work. Either way, you need to have your risk register set up and ready to go from the minute you start your project. Without this, you will be playing catch-up from Day 1, and will probably also be exposed to risks that may have already occurred. They say hindsight is 20/20 vision, and “they” are not wrong. The problem with this is that you end up spending most of your days trying to fix what you can only now see in hindsight. It would be so much better if you only had to focus on what is coming up, rather than trying to fix what has already past. While having your project risk register established from the get-go may not provide you with full 20/20 vision in advance, it will certainly help in keeping you looking forward, and spending less time dealing with unforeseen events that have already occurred. Bear in mind though, that it’s neither realistic nor practical to have a fully populated risk register from the outset. No single project is identical to another and, while you may be able to populate your register to a large degree with risks from multiple sources in advance (through Lessons Learned, Previous Experience, Expert Opinion etc.) new risks will continuously crop up as your project progresses.
Establish your team of responsible risk owners from the outset
Every member of your project team should be fully aware of their respective roles and responsibilities. However, knowing which risks, or more specifically which risk categories, are the responsibility of which team members is not something that is automatically defined, or immediately obvious, on any project. When kicking a project off (traditionally through a project kick-off meeting) one of the topics covered should be the designation of risk ownership. Depending on the size and complexity of the project, you may elect to have anything from one, to most, of your project team designated as risk owners. The important thing is to designate these risk owners from the outset, and be clear about the types of risks they will be responsible for. This makes the job of the Project Risk Manager a lot easier, as risks can be automatically assigned to risk owners based on pre-defined criteria such as: Project Phase, Scope, Discipline, Location, Activity or Department. In addition, with the risk management roles and responsibilities established and clearly defined up-front, there is less chance of risk owners being able to shirk their responsibilities by claiming they were either unaware of a risk being their responsibility, or of the risk even existing.
Hold regular risk review workshops
While having a populated risk register and designated risk owners in place at project commencement are essential components in successfully managing project risks, a risk register should never remain static. If it does, it means your risks are just not being managed. Risks will come and go, and the effect these risks have on your project depends entirely on how well they are managed. Project Managers and Risk Managers alike need to manage their respective responsibilities by keeping themselves informed and aware of all possible project impact events, at all times. Unfortunately, this inevitably means holding numerous workshops, and even more meetings. Now, holding too many meetings and workshops can often be counter-productive, but some of these are essential to the successful outcome of a project, and risk review workshops are one of these. However, you do need to structure the frequency of your risk review workshops in line with your project schedule and complexity. Just because some “expert opinions” recommend holding a risk review meeting every week, does not mean that this is necessarily right for your project. Project and Risk Managers should certainly be reviewing their project risk registers on a relatively high frequency basis but running workshops, which takes up precious time and resources, should be done selectively, at key junctures in the project schedule.
Associate parent and consequential risks
Risk Management can be made a lot simpler if one recognises the hierarchy of risks, and their relationship to one another. This is closely related to being able to describe a risk accurately (see Tip #3 in our previous blog post) but is more about recognising how the relationship between risks can be used to aid risk mitigation. If a risk occurs as a result of another risk, this is called a “Consequential Risk” and, if the occurrence of a risk produces other risks, this is called a “Parent Risk”. It is often the case that several consequential risks may arise out of one parent risk. In this case, adequately mitigating the parent risk may also mitigate all of its consequential risks. So, by identifying and linking all consequential risks back to their respective parent risks, one is generally able to manage several risks at once, through a single set of mitigations applied to the parent risk.
Ensure mitigations are implemented timeously
In our previous post on 5 Tips in Project Risk Management – Tip #5, we spoke about the necessity of applying S.M.A.R.T. measures when identifying and implementing risk mitigations. The “T” in S.M.A.R.T. stands for “Time-Bound”. This means all mitigations should have time constraints against their implementation and completion dates. If risk mitigations are implemented at the wrong time, they may end up being completely ineffectual. This applies to implementing mitigations both too early and too late. If implemented too early, their effect may be significantly reduced by the time the risk event occurs and, if applied too late, well… we all know the expression “Closing the barn doors after the horse has bolted”.
For more information about our project risk management services and software, or if you just want to express your own views on the subject, please feel free to get in touch via our “Contact Us” page.