It’s hard to get energized about risk, especially since risk is inherent. As we explore potential risk events, they grow. So, the real issue is not how to get rid of risk, but rather how to manage it. And, although that takes a lot of time and energy, perhaps new perspectives can be gained if risk is looked at from a project life cycle perspective.
In the initiation phase, we look at risk from two positions and also from a fairly high altitude. The management question is: What is the risk of taking on this project versus not taking on this project? The project manager’s risk questions are: What do I know and what don’t I know about this project? How is this similar to past projects that we’ve worked on? Who do I need to talk to?
These are two different orientations, and the questions from both management and the project manager need to be shared, as the answers will offer additional information to all parties. Also, the project manager and executive management need to fully understand and accept that risk is inherent so they will be ready for conversations and decisions as risk issues arise.
In the planning phase, risk is much more recognized and the project manager has a responsibility to uncover the opportunities and the threats associated with the project. In planning, we are much closer to getting at granular risk, but often times risk events are poorly ferreted out.
Consider that in many methodologies, risk planning is suggested as a “step.” Although it is technically a step, it certainly isn’t like a flow chart step — it’s more organic. So, it makes sense to keep a “parking lot” open for any risk event concerns throughout the process and not wait for them to be identified at the end of either a subset or the conclusion of planning.
Let’s imagine that we are ready to generate possible risk events while in the planning phase. What should be at hand? While consulting with project teams, I’ve been amazed that when it came to risk planning, their method was to get together with blank paper and just start to brainstorm! With all of the planning tools that are prescribed in project management, the team needs all of their data with them so that when the majority of risk planning is done, they can consult the data.
I use NGT as a quick start for generation by having team members do silent generation for approximately 10 minutes. Then I have them move on to affinity diagramming to uncover risk territories, followed by discussion. Then the team repeats NGT, affinity diagramming and discussion. This method keeps the energy up, and the amount of threats and opportunities identified in a short amount of time can be incredible. So, get creative and reduce your dependence on old-fashioned brainstorming.
From this list of risks that the team generates, an approach can be used to rate the areas of probability, impact and detectability. If your organization doesn’t have a standard rating system, the numbers one, three and nine work well to help parse out low, medium and high risk. Also, the numbers can help you make business choices regarding when to accept risk and when to take a more aggressive approach. Obviously, there is more to do in planning, but I think one of the important concerns is to be logical about revealing the risks (by making sure your team has all their planning data available during the risk planning sessions) and by using practical methods of risk-event generation and sorting.
Don’t Shoot the Messenger
During implementation, you’ll discover whether your risk-response strategies were appropriate. It makes sense to document and re-plan for any strategies that didn’t yield the desired results. But, imagine checking on the status of a project and beginning to see aberrant behavior in the reports, i.e. certain work packages running late, over budget or completion problems. Often, these are signals of poor risk management. Especially concerning is a project manager who “blows up” at a team member when work comes in sub par.
When I see things I don’t expect, it’s the perfect time for a calm inquiry on why the data doesn’t look as expected (as opposed to yelling, “Why doesn’t this work look like I expected it too?!”). It is always possible that the team member whose work wasn’t up to par hit a risk event that nobody was able to identify — what I call a landmine. When the team hits a landmine, it’s time to get together and see if the same issue will occur again and/or if it’s time to do more risk planning. Want to make a big mistake? Upbraid the person and watch all of the risk events go underground. More aberrant events will occur, but you won’t know there coming and you’ll be broadsided!
Again, risks are inherent with any project and with any and all things in life. Our job as project managers is to be methodical, logical and calm so that we can continue to uncover and manage the risks —because, unfortunately, this is a never-ending process.
For more information on risk management courses, check out the latest three day course available.