Risk Management is a fundamental part of a project manager’s job. It is an activity that needs to be attended to weekly – or sometimes even daily – and it is a discipline that really puts your proactive mindset to the test. Proactively identifying and mitigating risks means that fewer issues will arise on your project. It is always much easier to manage a risk than to wait until it becomes an issue. As Tim Lister and Tom DeMarco put it, "Risk management is how adults manage projects.”
The effective management of risks is all about being proactive; you need to identify and tackle potential concerns before they turn into problems.
Identifying, analyzing and managing risks is not a mechanical process to be carried out on a spreadsheet while sitting behind your desk. It is something you need to do in close cooperation with your team and stakeholders if you want to succeed. When you involve your team and stakeholders, not only do you improve the quality of the process, you also help promote a shared sense of responsibility for the project’s successes and failures.
The key to good risk management is to discipline yourself to take some time out on a regular basis – on your own and with your team and stakeholders – to assess everything that could impede the success of the project. You must understand the nature of each risk you identify and its potential impact and determine how to best deal with it. You also have to assign an owner to each risk and follow up on any agreed-upon actions to reduce the probability of the risk materializing.
Clear your mind and take a high-level view of the project; Play out different scenarios in your head, and try to see the project from different points of view.
Also bear in mind that risks can be positive, and hence represent an opportunity rather than a threat to the project. You need to embrace opportunities by preparing a plan which supports them and exploits them. An example of a positive risk would be the opportunity to incorporate new technology that may become available during the execution of your project.
The following 10 steps will help you to effectively manage risks on your project.
1. Create a Risk Log. Create a risk register for your project in a spreadsheet. Include fields for a unique reference number, date, risk category, description, probability, impact, owner, risk response, actions, and status.
2. Identify Risks - Brainstorm all current risks on your project with the project’s key team members and stakeholders. Go through all the factors that are essential to completing the project and ask people what is worrying them or what dangers they see. Identify risks related to requirements, scope, technology, resources, materials, budget, quality, stakeholders, suppliers, testing, rollout, business processes, legislation, and any other elements you can think of.
3. Identify Opportunities - When you identify risks, also factor in positive risks - or opportunities; i.e. events that in some ways could affect your project positively. What would the impact be, for instance, if the uptake of your product was bigger than expected, or if it was delivered ahead of schedule? What could you do to exploit this opportunity and plan for it?
4. Analyze Root Cause - Explore the root cause of each risk you have identified by asking why, why, why. Knowing the root cause will make it easier for you to mitigate the risk and to identify the most effective risk response.
5. Determine Impact - Establish the impact of each risk on time, cost, quality, scope, business benefits, and resourcing if it were to occur. Determine if the impact would be high, medium, or low. High impact could translate to: “would stop the project”, Medium impact: “would cause serious delays or rework”, Low impact: “would cause minor delays or rework”.
6. Determine probability – Establish if each risk has a high, medium, or low probability of occurring. High probability could translate to: “almost certain to occur”, Medium probability: “likely to occur” and Low probability: “unlikely to occur”.
7. Determine Risk Response – Focus your attention on the risks with the highest potential impact and highest probability of occurring. Identify what you can do to lower the probability of each negative risk happening and to mitigate its impact in case it does occur. Where risks are positive, determine what can be done to increase their probability and impact.
8. Assign Owner - Assign an owner to each risk. The owner should be the person who is best placed to deal with the risk and monitor it. Let the risk owners know that you have assigned them a risk, and get their buy-in. Liaise with them and agree the actions that need to be taken and by when.
9. Regularly Review Risks - Set aside time, at least once a week, to review your risk register and to monitor the progress of all logged items. Also schedule follow-up meetings with your team to identify new risks and to review previous actions and risk descriptions. Always pay the most attention to those risks that have the highest likelihood of occurring and the highest potential impact on the project.
10. Report on Risks - Ensure all risks with medium-to-high impact and probability are listed on your status report. Encourage a discussion of the top ten risks at the steering committee meetings so that executives get a chance to give input and direction.
About the Author:
Susanne Madsen is an internationally recognized project leadership coach, trainer and consultant. She is the award-winning author of The Power of Project Leadership (now in 2nd edition) and The Project Management Coaching Workbook. Working with organizations across the globe, she delivers leadership development programs and executive coaching to help project and change managers step up and become better leaders.