John Smith was hired as a new project manager at a leasing company, and he was assigned a small project with a team of six people. The project goal was to reduce customer billing defects by 10% before the end of the year. How well did John use risk management to accomplish his goal?
He and his team completed a project plan and identified project risks. He captured the risks in his risk register and periodically conducted risk reviews. Things were going so well that he was assigned two additional projects.
John started his new projects like the first one. However, he was overwhelmed as his project sponsors pushed him to deliver the new projects quickly. He skipped capturing his risks and conducting the risk reviews.
Slowly, John saw the project performance decline; there was greater variance between his schedule baselines and the actuals. Consequently, he failed to deliver the second or third projects on time.
If you survey project managers on the importance of risk management, a high percentage will say that risk management is important. Why then do people ignore the management of threats and opportunities?
Improving Risk Management
Let’s look at reasons why project risk management becomes ineffective and what we can do to gain better results.
1. Failure to lead by example. Some people believe that risk management is busy work and resist the change. Without a consistent example by the project sponsors and project managers, team members will likely revert to their former ad-hoc methods. How can we overcome this tendency? Leaders must set expectations, lead by example, and demonstrate the value of risk management.
2. Failure to focus on the risks that matter. Some project managers start their projects with gusto. Their risk list is longer than War and Peace. However, no one knows which risks matter. When project managers fail to evaluate and prioritize risks, team members become overwhelmed and fail to take action. Be sure to prioritize the risks.
3. Failure to right-size risk management. Some project managers get a risk management plan template from their Project Management Office (PMO) or a project manager, and they never adapt the plan for their project. Consequently, the plan may have too much content for smaller projects or too little for larger projects. Work with your project teams to develop plans that fit the projects.
4. Failure to develop risk management habits. Some teams identify and evaluate risks, but they fail to continue the process. Projects are not static; things change. Teams must develop a habit of reassessing risks and modifying response plans in order to manage risks effectively.
5. Failure to identify risks early. Some project managers wait until things are out of control before they exercise risk management. Identify and evaluate risks early in new projects.
6. Failure to involve high-power / high-interest stakeholders. Powerful stakeholders have a way of showing up late in the game and disrupting project flow. These people have no evil intent. Once they discover the project, they seek to minimize impact to their interests. Identify, engage, and communicate with key stakeholders early and consistently.
7. Failure to be transparent. There are times when it’s appropriate to withhold information. When possible however, make your risks known. Share the risks with your team and the stakeholders. Ask for their help.
8. Failure to capture risks in a consistent format. Have you ever looked at a risk register and found yourself frustrated? That’s usually because the risk descriptions are inconsistent. Use this simple syntax: Cause -> Risk -> Effect.
9. Failure to evaluate whether the risk responses are effective. Until we take action to manage risks, nothing else matters. Once we respond, we must evaluate the effectiveness of our actions. Are we getting the results expected? Evaluate responses and tweak the response plans as needed.
10. Failure to engage risk owners. Some project managers try to own ALL the risks. For example, a project manager with no information technology background may address software development risks. Identify and recruit risk owners who have the ability to develop and execute effective risk response plans.
11. Failure to make risks specific. Risk statements are often vague (e.g., we may lose business). As a result, no one understands the root issues. Try digging deeper by asking, “Why?” Each time you receive a response, ask why again until you discover the root cause. Then rewrite the risk statements with greater specificity.
12. Failure to focus on the objectives. Team members can drift in their conversations concerning risks. Individuals sometimes jump from one topic to another and lose sight of the original goal – to identify and manage risks. Ask team members and other stakeholders to keep their focus on the project objectives and related risks.
Facilitate a risk review for each of your projects. If this is the first time you’ve identified risks, keep it simple. Ask your team members to identify the most significant risks for each of the project objectives including the schedule, budget, quality, and scope.
For example, ask your team members to identify the things most likely to hinder the team’s ability to complete the project on schedule. Define and execute risk response plans for the risks that matter most. Then focus on budget risks followed by quality risks and finally, scope risks.