Introduction
Project Risk is an uncertain event or condition that, if it
occurs, has positive or negative impact on one or more project objectives such
as scope, Schedule, Cost and quality.
Project Risk has its
origins in the uncertainty present in all projects. Known risks are those that
have been identified and analyzed, making it possible to plan responses for
those risks. Known risks that cannot be managed proactively should be assigned
a contingency reserve. Unknown risks cannot be managed proactively and
therefore may be assigned management reserve.
A negative project risk that has occurred is considered an issue.
A negative project risk that has occurred is considered an issue.
Organizations perceive
risks as the effect of uncertainty on projects and organizational objectives.
Organizations and Stakeholders are willing to accept varying degrees of risk
depending on their risk attitude.
Benefits of risk
management in projects are very huge in terms of effort or money while dealing
with uncertain project events in a proactive manner.
Here I am giving 7 rules
to apply risk management successfully in your project. They are based on
personal experiences of the author who has been involved in projects for over
15 years. Also the huge amount of literature available on the subject (Internet/books) has been condensed in
this white paper.
1. 7 Basic Rules
1.1
Identify Risks
The first step in project risk management is to identify the
risks that are present in your project. This requires an open mind set that
focuses on future scenarios that may occur. Risk identification is an iterative
process, because new risks may evolve or become known as the project progresses
though its life cycle. Two main sources exist to identify risks.
Are you able to identify all project risks before they occur? Probably not, However if you combine a number
of different identification methods, you are likely to find the large majority.
If you deal with them properly, you have enough time left for the unexpected
risks that take place.
1.2 Analyze
Risks
Understanding the nature of a risk is a precondition for a good
response. Therefore take some time to have a closer look at individual risks
and don't jump to conclusions without knowing what a risk is about.
Risk analysis occurs at different levels. If you want to
understand a risk at an individual level it is most fruitful to think about the
effects that it has and the causes that can make it happen. Looking at the effects,
you can describe what effects take place immediately after a risk occurs and
what effects happen as a result of the primary effects or because time elapses.
A more detailed analysis may show the order of magnitude effect in a certain
effect category like costs, lead time or product quality. Another angle to look
at risks, is to focus on the events that precede a risk occurrence, the risk
causes. List the different causes and the circumstances that decrease or
increase the likelihood.
Another level of risk analysis is investigating
the entire project. Each project manager needs to answer the usual questions
about the total budget needed or the date the project will finish. If you take
risks into account, you can do a simulation to show your project sponsor how
likely it is that you finish on a given date or within a certain time frame. A
similar exercise can be done for project costs.
The information you gather in a risk analysis will provide
valuable insights in your project and the necessary input to find effective
responses to optimize the risks.
1.3 Prioritize
Risks
Although you may think it best to treat all risks equally, some
will inevitably have a more significant impact on your project than others. So,
it stands to reason that time and resources should be allocated to those that
can cause the biggest losses and gains.
1.4 Risk
Ownership
Some project managers think they are done once they have created
a list with risks. However this is only a starting point. The next step is to
make clear who is responsible for what risk! Someone has to feel the heat if a
risk is not taken care of properly. The trick is simple: assign a risk owner
for each risk that you have found. The risk owner is the person in your team
that has the responsibility to optimize this risk for the project. The effects are really positive. At
first people usually feel uncomfortable that they are actually responsible for
certain risks, but as time passes they will act and carry out tasks to decrease
threats and enhance opportunities.
1.5 Communicate
Risks
A good approach is to consistently include risk communication in
the tasks you carry out. In every team meeting, make project risks part of the
default agenda (and not the final item on the list!). This shows risks are
important to the project manager and gives team members a "natural
moment" to discuss them and report new ones.
Another important line of communication is that of the project
manager and project sponsor or principal. Focus your communication efforts on
the big risks here and make sure you don't surprise the boss or the customer!
Also take care that the sponsor makes decisions on the top risks, because
usually some of them exceed the mandate of the project manager.
1.6 Make Risk
Management Part of Your Project
The first rule is essential to the success of project risk
management. If you don't truly embed risk management in your project, you cannot
reap the full benefits of this approach. You can encounter a number of faulty
approaches in companies. Some projects use no approach whatsoever to risk
management. They are either ignorant, running their first project or they are
somehow confident that no risks will occur in their project (which of course
will happen). Some people blindly trust the project manager, especially if he
or she looks like a battered army veteran who has been in the trenches for the
last two decades. Professional companies make risk management part of their day
to day operations and include it in project meetings and the training of staff.
1.7 Risk
Responses
Implementing a risk response is the activity that actually adds
value to your project. You prevent a threat occurring or minimize
negative effects. Execution is key here. The other rules have helped you to
map, prioritize
and understand risks. This will help you to make a sound risk response plan
that focuses on the big wins.
If you deal with threats you basically have three options, risk
avoidance, risk minimization and risk acceptance. Avoiding risks
means you organize
your project in such a way that you don't encounter a risk anymore. This could
mean changing supplier or adopting a different technology or, if you deal with
a fatal risk, terminating a project. Spending more money on a doomed project is
a bad investment.
The biggest category of responses is the ones to minimize
risks. You can try to prevent a risk occurring by influencing the causes or
decreasing the negative effects that could result. A final response is to
accept a risk. This is a good choice if the effects on the project are minimal
or the possibilities to influence it prove to be very difficult, time consuming
or relatively expensive. Just make sure that it is a conscious choice to accept
a certain risk.