Implementing risk management in your project
As program or project managers, we have our hands full with the day-to-day management of our initiatives, and it is difficult enough to keep a lid on all the tactical actions that are taking place, let alone plan for the future. Nonetheless, we all know that planning is a key element to success.
Most successful program or project managers are effective because they simultaneously balance the immediate challenges and demands facing them with future needs, opportunities and risk-avoidance. In particular, they are able to do so because they identify and communicate these elements at the right levels throughout the organisation. How do successful program and project managers remain successful in their day-to-day work while spending only the minimum amount of effort directed towards long-term ends?
The focus of this article is a specific risk management strategy which we believe is simple to implement and can directly help to improve one’s ability to identify, manage, and effectively communicate risks.
What are ‘risk’ and ‘risk management’?
According the PMBOK, risk is an uncertain event that can be either positive or negative. Additionally, risk management is “… the systematic process of identifying, analyzing, and responding to project risk”.
Risk management incorporates various processes. Models differ: one example is risk planning, identification, qualitative analysis, quantitative analysis, response planning, and monitoring and controlling. While risks are ‘uncertain’ events that have not yet occurred, an issue is an event that has already transpired. A trigger is an indication that a risk is about to or has occurred, and is usually based on parameters that have been ‘set off’. This brings us to the following diagram, which depicts issues arising from risks.
Before we delve into the details of risk management implementation, we want to discuss a few aspects of risk. First, by definition, projects are the creation of a unique entity, therefore a certain amount of risk will always be present. Secondly, one must acknowledge that risk is not bad and, when managed effectively, risk control can yield positive outcomes for the program or project manager and their program/project.
While some consider risk to be intrinsically negative, risk outcomes can be positive. Such positive risks, or opportunities, as they are commonly referred to, are the events you seek to act upon to create a net positive impact on your project.
When our goal is the identification of project risks, it is helpful to categorise them: when does this risk arise and where is likely to have impact? For instance, is the project risk sourced within technical, quality, schedule, or resource aspects of the project? Balancing risk categories can help provide greater assurance that one is being effective when examining various areas of the project.
A specific risk management implementation
For years, each of us have used and practiced a similar risk management implementation (process and tool) which has proven to be quite simple, yet effective.
The specific implementation discussed here includes a tool and its associated processes. The tool or risk register (in our case, a Microsoft Excel Spreadsheet) provides a mechanism for capturing project risks and issues, yet also covers all of the PMBOK key process areas, with the exception of risk planning. We suggest risk planning can be covered within one’s project management plan.
The planning component within the risk management plan can be relatively short (summarised within a couple of paragraphs) by referencing the self-contained risk register, identifying the methods for updating the risk tool, and communicating the risks and issues from the risk tool.