By approaching a new project as a professional, you find yourself obliged to practice risk management since the very early steps of project identification and formulation. As a skillful project manager, you may feel you are experienced enough to be up to such obligation. It is not the first time you have to look for some risks that may affect the overall objective of your project. You have done it hundreds of times!
Most probably you will use an old risk analysis paper, a one page document, and try to make few changes as an attempt to update it. It is a process that may actually take up to 10 minutes of the overall project management lifecycle. How proud are you?!
In most cases, you will end up preparing a table where you list the risks, rank its impact, write few lines on how to deal with it and attach it to the project document to be approved. This might be the last time you look at it, unless you wanted to copy it to some other type of documents.
I am sorry to let you know that you are doing it wrong!
You are missing on one of the most important aspects of project management. Your practice severely contributes to all future stress and delays in project implementation. You will try to convince yourself with a different cause for the prevailing issues such as “Uncontrolled situations” or “Unforeseen Risks”, but you know deep down that the “so proud of” risk analysis table did not do the trick. Let us get back to the basics and define Project Risk Management.
As defined by the Project Management Institute, in the PMBOK 5th edition, “Project Risk Management includes the processes of conducting risk management planning, identification, analysis, response planning, and controlling risk on a project. The objectives of project risk management are to increase the likelihood and impact of positive events, and decrease the likelihood and impact of negative events in the project.”
In other words, your job as a project manager is to prevent threats from becoming an issue and simultaneously try to pursue opportunities.
To be able to address risk successfully, they should be managed thorough the project. The 10 minutes exercise should be extended in terms of time and resources. More staff members, stakeholders, programme and other department managers have to participate when necessary. As a project manager, you have to include everyone who can take a decision that may affect the project overall objective.
It takes a village to raise a child and another one to manage risks!
The following processes will explain just how complicated risk management is, yet so rewarding when done properly.
1. Plan Risk Management: In order to have as an output a Risk management Plan, the roadmap for the entire project risk management activity. In this process, you define the methodology to be adopted, the team involved, the roles and responsibilities, the estimated funds, the schedule for risk management activities, the categories of risks to be addressed,...
2. Identify Risks: consists of listing the risks that are likely to affect the project and describing its characteristics. The output of this process is called the risk register. To be able to conduct proper risk identification, the project manager have to refer to other plans related to the project: procurement plan, human resources plan,… At this stage, consultation with other units is a must.
3. Perform Qualitative Risk Analysis: This process consists of prioritizing the risks based on the probability of occurrence and impact. The higher the probability and impact of a risk, the more crucial it gets to address it. It is also the process when opportunities are identified.
4. Perform Quantitative Risk Analysis: it is about ranking the risks numerically and conducting further analysis to touch base with its impact.
5. Plan Risk Responses: it is when it is decided how to approach risks and opportunities, and allocate the needed resources accordingly. You may choose to avoid a risk, transfer it, mitigate it or just accept it. You will also be capable of choosing to exploit an opportunity, enhance it, share it with another entity which is more capable of taking advantage of it or just accept it as it is.
6. Control Risks: Risk control is not only about implementation of risk response plans and tracking identified risks, it is also about keeping an eye on any emerging risk and assessing the risk management effectiveness thorough the project.
It is about time to let go the “plastic” approach to address risks, and try to look deeper, to the heart, where more crucial issues may be hiding. There is absolutely no point of pointing out the flaws of the face of a man who may suffer from a heart disease, unless of course, it is very important for him to die with a beautiful face!