If you survey people involved in projects on the importance of risk management for achieving project objectives, a high percentage of the participants will say risk management is important or very important. I’ve seen survey results where 90% of the people thought risk management was important. So…why do few people employ and support risk management?
Many people have had a bad experience. Project managers have performed risk management poorly. Let’s look at several reasons why project risk management can become useless and what we can do to gain better project results through risk management.
- Failure to lead by example. In order for organizations to mature and benefit from risk management, leaders including sponsors and project managers must walk the talk. People resist change. Without a consistent example by those in authority, people will likely seize opportunities to revert to their former behaviors. What must we do? Lead by example.
- Failure to focus on the risks that matter. Some project managers start their programs and projects with gusto. They facilitate risk identification exercises that result in a boatload of risks. However, no one knows which risks matter…there is no evaluation and prioritization of risks. People become overwhelmed and take no action. Be sure to evaluate and prioritize risks.
- Failure to right-size risk management. Some project managers adopt a risk management plan from another project manager with little change. The plan may require too much or too little process and fail to help the team achieve its objectives. Make sure the risk management plan fits the project at hand.
- Failure to develop risk management habits. Some organizations identify and evaluate risks, but they fail to continue the process. Teams must periodically reassess risks and adjust response plans in order to manage the risks effectively in a changing environment.
- Failure to identify risks early. Some project managers wait until things are out of control before they exercise risk management. Identify and evaluate risks early in new programs and projects.
- Failure to involve high-power / high-interest stakeholders. Powerful stakeholders have a way of showing up late in the game and disrupting the flow of things. These people have no evil intent. Rather, they simply were unaware of new strategies, processes, and projects. Once they discover the initiative, the stakeholder can greatly impede a team’s efforts to complete the related activities. Identify, engage, and communicate with key stakeholders.
- Failure to be transparent. There are times when it’s appropriate to withhold or postpone the release of information. However, make your risks known when possible. Coach, author, and speaker John Maxwell says there is value in transparency. Share the risks with your team and get their help.
- Failure to capture risks in a consistent format. Have you ever looked at a risk register and found yourself confused and frustrated? The risk descriptions were babble; the risks were not easy to understand. Use this simple syntax: Cause -> Risk -> Effect when writing risk statements.
- Failure to evaluate whether the risk responses are effective. Until we take action to manage risks, nothing matters. Once we respond, we must evaluate the effectiveness of our actions. Are we getting the results we expected? Evaluate responses and tweak the response plans as needed.
- Failure to engage risk owners. Some project managers try to manage ALL the risks themselves. For example, a project manager with no IT background may be trying to address IT risks. Identify and recruit risk owners who have the expertise and ability to develop and execute effective risk response plans.
- Failure to make risks specific. Risk statements are often too general (e.g., we may lose business). No one understands the root issues. Try digging deeper by using the 5 Whys. Rewrite the risk statements with greater specificity in the cause of the risk, the risk itself, and the effect.
- Failure to focus on the objectives. Individuals can drift in their thoughts and efforts. We move from one topic to another topic and find ourselves lost at sea. We’ve forgotten why we started the journey. Consistently point team members and other stakeholders to the project objectives.