By approaching
a new project as a professional, you find yourself obliged to practice risk
management since the very early steps of project identification and
formulation. As a skillful
project manager, you may feel you are experienced enough to be up to such
obligation. It is not the first time you have to look for some risks that may affect
the overall objective of your project. You have done it hundreds of times!
Most probably
you will use an old risk analysis paper, a one page document, and try to make
few changes as an attempt to update it. It is a process that may actually take
up to 10 minutes of the overall project management lifecycle. How proud are
you?!
In most cases,
you will end up preparing a table where you list the risks, rank its impact, write
few lines on how to deal with it and attach it to the project document to be
approved. This might be the last time you look at it, unless you
wanted to copy it to some other type of documents.
I am sorry to let
you know that you are doing it wrong!
You are missing
on one of the most important aspects of project management. Your practice severely
contributes to all future stress and delays in project implementation. You will
try to convince yourself with a different cause for the prevailing issues such
as “Uncontrolled situations” or “Unforeseen Risks”, but you know deep down that
the “so proud of” risk analysis table did not do the trick. Let us get back
to the basics and define Project Risk Management.
As defined by
the Project Management Institute, in the PMBOK 5th edition, “Project
Risk Management includes the processes of conducting risk management planning,
identification, analysis, response planning, and controlling risk on a project.
The objectives of project risk management are to increase the likelihood and
impact of positive events, and decrease the likelihood and impact of negative
events in the project.”
In other words,
your job as a project manager is to prevent threats from becoming an issue and simultaneously
try to pursue opportunities.
To be able to address
risk successfully, they should be managed thorough the project. The 10 minutes
exercise should be extended in terms of time and resources. More staff members, stakeholders, programme
and other department managers have to participate when necessary. As a project
manager, you have to include everyone who can take a decision that may affect
the project overall objective.
It takes a
village to raise a child and another one to manage risks!
The following
processes will explain just how complicated risk management is, yet so
rewarding when done properly.
1. Plan Risk Management: In order to have as an output a
Risk management Plan, the roadmap for the entire project risk management
activity. In this process, you define the methodology to be adopted, the team involved,
the roles and responsibilities, the estimated funds, the schedule for risk management
activities, the categories of risks to be addressed,...
2. Identify Risks: consists of listing the risks that are
likely to affect the project and describing its characteristics. The output of
this process is called the risk register. To be able to conduct proper risk
identification, the project manager have to refer to other plans related to the
project: procurement plan, human resources plan,… At this stage, consultation
with other units is a must.
3. Perform Qualitative Risk Analysis: This process consists
of prioritizing the risks based on the probability of occurrence and impact.
The higher the probability and impact of a risk, the more crucial it gets to
address it. It is also the process when opportunities are identified.
4. Perform Quantitative Risk Analysis: it is about ranking the
risks numerically and conducting further analysis to touch base with its
impact.
5. Plan Risk Responses: it is when it is decided how to approach
risks and opportunities, and allocate the needed resources accordingly. You may
choose to avoid a risk, transfer it, mitigate it or just accept it. You will
also be capable of choosing to exploit an opportunity, enhance it, share it with
another entity which is more capable of taking advantage of it or just accept it
as it is.
6. Control Risks: Risk control is not only about implementation
of risk response plans and tracking identified risks, it is also about keeping
an eye on any emerging risk and assessing the risk management effectiveness thorough
the project.
It is about
time to let go the “plastic” approach to address risks, and try to look
deeper, to the heart, where more crucial issues may be hiding. There is absolutely
no point of pointing out the flaws of the face of a man who may suffer from a
heart disease, unless of course, it is very important for him to die with a
beautiful face!