Project Risk Management is often treated as the “Brussel Sprout” of Project Management. It is the vegetable no one wants to eat but, without it, the meal (read “project”) is just not as healthy or as complete as it should be. In fact, it is actually quite a bit more than that. A project without effective risk management is a project that is likely to fail. Notwithstanding this dire outcome, few projects put enough effort into managing the risks that are inherent in every one of them, and even fewer project team members actively and effectively manage the risks on their projects. This is often due to the fact that Project Managers and Project Leaders find most of their time is taken up fighting figurative fires in trying to deliver the project, attending client and contractor meetings, chasing deadlines, resolving design and contractual issues etc. They therefore either delegate the responsibility of project risk management to a junior colleague, or they hold one risk review workshop, compile a risk register and then forget about it for the rest of the project.
Unfortunately, this approach is the very thing that results in Project Managers and Project Leaders finding that most of their time is taken up fighting fires. Without effective Project Risk Management, projects are likely to remain in a continuous state of turmoil, and constantly bordering on chaos. However, by recognising the need for effective Project Risk Management, and understanding that this will make the project a lot easier to manage, Project Managers and Project Leaders can make their own lives (and those of their clients, stakeholders and sponsors) a lot less stressful.
One of the keys to this is not to get overwhelmed by the prospect of managing hundreds, or even thousands, of “unmanageable” risks on your project. The number of real day-to-day risks on projects does vary significantly, depending on project size and complexity, but these seldom exceed one hundred, even on highly complex mega-projects. The reason for this is that most of the risks are already managed through the defined project execution processes and deliverables. In Project Risk Management, it is important to identify the risks which are not covered through the formal project execution processes and deliverables, and manage those risks separately, through a dedicated project risk management process. This process can be greatly simplified by applying the following five Project Risk Management tips:
Understand the key factors which will determine the success or failure of your project
This will help you prioritise and focus on managing the risks that may have a significant impact on the outcome of your project.
Know the boundaries of your scope
This will help you eliminate those risks which are either not within your remit, or over which you have no control. These risks should be completely removed from your risk register or, at the very least, transferred to the relevant external parties who are responsible for their management.
Describe your risks accurately
If the risks in your risk register have been poorly described it will be difficult to manage them, as you may not know their cause, or the effect that they may have on your project. An effective way of describing risks is to define them as: “The threats (or opportunities), and events that may arise as a result of these threats (or opportunities), resulting in consequences which may affect the objectives of your project”. The potential consequences of a risk may be included in the risk description, but should be separated for purposes of mitigation identification. By describing risks in this way, you will be better able to identify mitigations that deal with the probability of risk occurrence, and mitigations that deal with the risk impacts, separately. For more information on the importance of accurately describing risk, see our previous blog post on this subject at: www.project-risk-manager.com/blog/describing-risk/
Eliminate irrelevant “perceived” risks
Many risk registers are populated with risks which are either irrelevant to the outcome of the project, or have no basis in reality. When running risk management workshops, or reviewing risk registers, it is important to keep an eye out for the “alarmist” risks. These may be risks like: “Rapid deterioration in weather conditions, resulting in a squall blowing through offshore facilities during installation activities, resulting in property damage and possible fatalities”. This is a very valid risk for projects being executed in areas which are prone to these types of weather condition but, if the project is being executed in a benign weather area, or at a time of year when there is a guaranteed calm weather period, then this risk has no place in your risk register.
Establish realistic and achievable risk mitigations
Having your risk register populated with accurately described, and relevant, risks is all good and well but, if the mitigations identified to manage these risks are neither realistic nor achievable, then the benefit of having identified and registered these risks in the first place is seriously undermined. A key to risk mitigation identification is to ensure they are S.M.A.R.T. In other words, all risk mitigations should be: Specific, Measurable, Achievable, Realistic and Time-Bound.
For more information about our project risk management services and software, or if you just want to express your own views on the subject, please feel free to get in touch via our “Contact Us” page.