As project managers, we know that risk mitigation is a ‘thing’. We talk about mitigating risk. We have a column on our risk logs for mitigation strategies. But what does it actually mean? How do you do risk mitigation?
Here are 7 of the most common ways to mitigate risk: all approaches that will transfer to your project in most cases.
1. Clarify The Requirements
What is it that you want to achieve with this project? Knowing that, and having true, deep clarity about that, is a huge mitigating factor for risk. It eliminates all the ‘we didn’t know what we were doing,’ and ‘you never said’ type risks that relate to scope.
Make full use of feasibility studies, workshops and user groups to test out the ideas before making a full commitment. Agile techniques can ensure end users and clients are engaged at every step of the way, feeding into the outcomes and making sure that what is delivered is really what is wanted.
How To Do It: Hold workshops. Interview stakeholders. Produce a comprehensive scope document and project brief, even if it takes much longer than you wanted to spend on this exercise. It will pay off in a big way if you get it right.
2. Get The Right Team
People introduce all kinds of risk to a project, largely due to their availability and skills. People with inadequate skills make your project take longer because they are slower. People who aren’t available when you need them also impact your project timescales.
If possible, ringfence the resources that you need into the team. This mitigates a lot of the people-related risks. The highest priority projects should attract and retain the best resources in the company (and interpret ‘best’ to mean whatever is most appropriate for your project: person with the most Java skills or whatever).
How To Do It: Use resource allocation techniques to identify the resources you require for the project and then to secure them. Make sure that you know when your resources are available for project work and book their time accordingly. Plan around them if you have to because it’s better to know now that they aren’t around than to have to push your project delivery back by 2 weeks because you weren’t aware.
Don’t try and dump all the risk on one person or group. Yes, risk transference is a recognised and useful risk management strategy, but it has to be used with caution. Mitigating your own risk by dumping it on someone else isn’t always the best approach.
For example, you can transfer risk to another party but that might incur a great deal of cost (through increased supplier prices or insurance) which in many cases isn’t the most appropriate use of company funds.
How To Do It: Quantify the risk. If you can’t quantify it, how can you put a financial measure on it to enable transference? Think about cost of transfer and likelihood of occurrence. Look for ways to manage risks jointly with contractors or other stakeholders to spread out the actions and also the impact should the risk occur.
4. Communicate and Listen
There is another way that people add risk to a project: through their actions when they are overlooked as stakeholders. I was speaking the other day to a management consultant in Canada who told me about a bridge that was built and then torn down due to lack of communication between local and national government bodies.
Communicate widely, consult widely and listen to the responses you get. These can help you identify residual risks and strategies to engage more effectively with the stakeholders concerned.
How To Do It: Plan your communications and take third parties into account too. Consumer, environmental or other external groups can have a huge impact on your project (positive and negative) so involve them early and consistently.
5. Assess Feasibility
Make use of feasibility studies and prototypes to test out ideas and solutions before you move to a full build. This is a simple way of de-risking a project because you can use this early stage as a test bed for checking your concepts, methodology and solution.
How To Do It: Break your project down into phases and include time at the beginning for a feasibility or investigation stage. This is a short period of time where you can fully scope out the initial underpinning or enabling work and test out your solution in a limited way prior to a full rollout. The learning can be incredibly helpful for shaping the rest of the project, and it can prove (or disprove) the business case without having to commit the full investment.
6. Test Everything
Experienced project managers will tell you that when project timescales are under pressure, testing is often the task that gets cut.
Don’t let that happen. Testing is an important part of making sure that your project risk is lower and manageable. Testing helps flush out problems that might bring the project to a standstill later. Test everything: training materials, implementation plans, and obviously software and the deliverables. Test frequently and allow longer than you expect.
How To Do It: It’s probably not a popular view but I would estimate the time needed for testing and then double it. That’s the time I would put in my plan for the task. In my experience testing is vastly underestimated, often because people forget that testing is cyclical and requires time to fix the bugs before you can test it again. Estimate carefully and have dedicated schedule contingency for testing.
7. Have A Plan B
You’ve planned out everything and your risk mitigation strategies are all in place. And still you hit a problem that you hadn’t foreseen. Don’t worry. It happens.
The best way to plan for the unplannable is to have alternatives in your back pocket. This could be:
- Contingency funds
- Float in the plan
- Additional resources on standby
- Options to break the project into segments and/or reduce scope
A Plan B isn’t something that you particularly set out to want to use, but it’s there as a cushion should any of your risks materialise in ways that you didn’t expect or new risks come along that took everyone by surprise.
How To Do It: Agree tolerances and contingency with your sponsor before the project starts. Talk about what additional funding you can secure to deal with unforeseen issues and how you will access this when the time comes. Having these discussions can save time if you need the funding and also act in themselves as a mitigation strategy through raising awareness of things like scope creep.
These 7 mitigation measures for your risks will work in many cases, so you can apply them to your project today. You’re welcome!
photo credit: U.S. GAO Figure 1: Five Basic Guiding Principles of Risk Management via photopin (license)