Some PMs start their projects with a strong focus on risk management. However, somewhere along the way they lose steam. They increasingly spend more time dealing with issues and implementing workarounds. They are frustrated and filled with anxiety.
Other PMs start out strong. When problems occur, they turn to their risk response plan. They run toward their risk management tools and techniques to aid them. The result: these PM’s spend less time responding to issues. Consequently, they know how to gain and maintain control of their project.
Lost in Space
Some PMs lack an understanding of where Control Risk fits in the grand scheme of things. Per the Project Management Body of Knowledge (PMBOK), these are the project risk management processes:
- Plan Risk Management
- Identify Risks
- Perform Qualitative Risk Management
- Perform Quantitative Risk Management
- Plan Risk Responses
- Control Risks
Of the six risk management processes, the first five are completed in the Planning Process Group. Control Risks is part of the Monitoring and Controlling Process Group (Process Groups: Initiating, Planning, Executing, Monitoring and Controlling, Closing).
What Does It Mean to Control Risks?
Dictionary.com defines control as “to exercise restraint or direction over; dominate; to hold in check.” Traditionally, we would say risk control is how we avoid or restrain the possibility of loss. Today, we acknowledge the potential of exercising direction over not only negative risks but also positive risks.
The PMBOK defines Control Risks as “the process of implementing risk response plans, tracking identified risks, monitoring residual risks, identifying new risks, and evaluating risk process effectiveness throughout the project.”
When Does Control Risks Occur?
Obviously, controlling risks is an ongoing activity, not a one-time event. The frequency varies depending on the project. Some PMs review risks with their team in their weekly project meetings. Other PMs managing agile projects discuss risks in their daily standup meetings.
12 Questions for Gaining Control
Each time you perform the Control Risk process, consider the following 12 questions:
- What new risks should be captured in the risk register?
- What risks should be closed?
- What has changed in the previously identified risks? Reassess the probability and impact of your risks.
- How effective are the current risk controls? If the risk controls are not effective, modify the controls for better results.
- Have project assumptions changed?
- What thresholds have been exceeded? If a threshold or trigger has been exceeded, what actions need to occur?
- What contingency or fallback plans should be executed?
- Are there common causes that are increasing multiple risks? One causal factor may increase the probability and/or impact of multiple risks. Attacking these causal factors can produce great results.
- Are the right risk owners assigned? If the risk owner is not performing their duties correctly, look for ways to motivate the risk owner or consider a change.
- Are workarounds increasing? Increasing manual workarounds is a sign that there has been inadequate risk identification and control.
- How are the reserves doing? Is it time to request additional reserves? Perhaps the team should consider ways to change facets of the project in order to stay within budget and schedule.
- What have we learned?
PDF Poster: Download the poster version of these questions in PDF, suitable for printing and hanging near your workspace when you need to see it most.
Question: Many PMs fail to consistently perform the Control Risks process. What would you say to encourage PMs to remain committed to this process?