Project Risk Coach
    Assign a 'primary' menu

    Category Archives for 4=Control

    Are You Making These 8 Stakeholder Mistakes?

    Have you ever had someone torpedo your project? Did this individual have a motive to undermine your efforts? Or, did you make some stakeholder mistakes that gave rise to this event?

    Either way, it's hindering your progress. Things are not going as planned. What can we do to manage stakeholder risks better?

    stakeholder mistakes

    A Stakeholder Story

    I once observed a  junior project manager who was knighted to manage a project with a fixed regulatory deadline. Software changes were needed. The project sponsor told the project manager that it was critical that the project be delivered on time. No exceptions!

    sword

    Knighted Project Manager 

    The project manager formed a project team. Within days, the project team started making programming changes. The team worked evenings and weekends.

    Continue reading

    3 Ways Your Team Makes Your Project More Risky

    This is a guest article by Elizabeth Harrin from GirlsGuideToPM.com.

    Much of the time, risk management at the beginning of a project looks like getting the team in a room to review the whole project and work out what might be coming that could affect how the project proceeds.

    The project manager writes up the discussion in the risk register along with what the team is going to do to avoid or amplify (in the case of positive risk) the risks. As the project progresses, more risks are identified, dutifully added and managed.

    Team Risks

    Risks Caused by Team Members

    What’s happening here is that we’re looking at the work and impacts on the work. This approach to risk management is very task driven. We ask questions like:

    • What might prevent us from hitting that milestone on time?
    • What might mean we need to ask for a budget increase during this phase?
    • What quality problems might we come across that would give the client an issue?
    • Who might be a difficult stakeholder on the project?

    These are all valid questions. But they miss one crucial area that massively affects everything on the project every day. Us. The project team.

    Our skills, ability to work together as a team, or lack thereof, present the biggest chance of success for the project and also the biggest risk.

    Here are some examples of how the people on your team make your project inherently more risky.

    Continue reading

    8 Powerful Ways to Manage Project Quality

    Why is project quality often neglected? Well, it's hard to manage things we don't understand. And quality seems to be an esoteric concept to many people. Therefore, let's define quality and discuss some practical ways to manage project quality.

    Project team focused on quality

    Project team focused on quality

    Quality Management Tips

    1. Make quality management pragmatic. Many people do not invest appropriate effort towards quality because they do not understand it. The Project Management Institute defines quality as “conformance to requirements and fitness of use.” According to this definition, quality comes through clearly defining and meeting the requirements of the users and stakeholders.

    Continue reading

    6 Tools and Techniques for Controlling Risks

    Changes in project risks are inevitable. As a project progresses, the probability and impact of current risks change, new risks emerge, and residual risks may increase or decrease. What tools and techniques can project managers use for controlling risks and getting the results they are looking for?

    Tool box with tools

    Allow me to introduce you to two project managers—Tom and Susan. Tom started his project with a risk identification exercise with several stakeholders resulting in a list of 77 risks. He entered these risks into an Excel spreadsheet and stored the file in his project repository (and never looked at it again).

    Susan, on the other hand, facilitated an early risk identification workshop. She periodically met with her team to review current risks and used additional techniques to identify new risks. In these risk review sessions, the team discussed the effectiveness of the risk responses and the risk management processes.

    Which team do you think had the greatest chance of meeting their project objectives? Yes, Susan’s team wins the day, hands down.

    Let’s look at six tools and techniques recommended in the Project Management Body of Knowledge (PMBOK) 5th Edition for controlling risks. 

    PMBOK 6th Edition

    The PMBOK 6th Edition changed the process name of "Control Risks" to "Monitor Risks."


    "Monitor Risks is the process of monitoring the implementation of agreed-upon risk response plans, tracking identified risks, identifying and analyzing new risks, and evaluating risk process effectiveness throughout the project."


    Read my articles: 

    Risk Control Tools and Techniques

    1. Risk reassessment

    Risk reassessments involve the following activities:

    • Identifying new risks
    • Evaluating current risks
    • Evaluating the risk management processes
    • Closing risks 

    2. Risk audit

    Project teams may have defined risk responses. The question is—“Are the responses effective?” Project managers facilitate risk audits to examine the effectiveness of the risk responses and to determine whether changes are required. The team also examines the processes to identify, evaluate, respond to, and control risks.

    3. Variance and trend analysis

    As with many control processes, we now look for variances between the schedule and cost baselines and the actual results. When we the variances are increasing, there is increased uncertainty and risk. Watch the trends and respond before the situation gets out of hand.

    4. Technical performance measurement

    Imagine that you are working on a software development project and that the functional requirements have been developed. You’ve planned to deliver functions at a point in time—at the end of the fourth sprint, at the end of phase 1, or a milestone. The technical performance measurement is a measurement of the technical accomplishments.

    5. Reserve analysis

    During the cost planning, the contingency and management reserves are added to the project budget as needed. As risks occur, the reserves may decrease. Depending on how your organization handles reserves and your risk management plan, project managers may request more reserves when inadequate.

    6. Meetings

    Project managers should be deliberate risk managers. Engage your team members and appropriate stakeholders in meetings to facilitate the risk management processes. For these meetings, be sure to:

    • Distribute an agenda with a clearly stated purpose
    • Invite the appropriate team members and stakeholders
    • Use appropriate tools and techniques
    • Distribute meeting minutes containing decisions, action items, issues, and risks 

    Finish the Drill

    Don’t be like Tom who started his risk management with a bang and quickly fizzled. The best project managers identify, evaluate, and respond to risks. And they regularly perform the control activities to keep the project healthy.

    Hey, before you go, keep in mind—you can't control risks until you first identify risks. Click here to discover 7 ways to identify project risks.

    Evaluating Risks Using Qualitative Risk Analysis

    Have you ever endured a project meeting where you spent hours evaluating risks? Afterward, team members walked down the hall saying, “What a waste of time! Now I can get back to the real work.” Today, let’s discuss the use of qualitative risk analysis to get you back on track.

    What causes this frustration? First, the evaluation process may not fit the project – too complex for simple projects or deficient for large, complex projects. Second, the process may not fit the maturity level of the project team. Third, team members view the process as burdensome with little value.

    Business people in a meeting analyzing content

    Qualitative Risk Analysis

    What is Risk Evaluation?

    Risk evaluation is the process to determine the significance of each risk. There are two ways to evaluate risks:

    1. Qualitative Risk Analysis. Qualitative analysis such as rating probability and impact should always be performed. This allows you to quickly prioritize and rank your risks.
    2. Quantitative Risk Analysis. Quantitative analysis is not always performed. This analysis requires more time but provides more data to aid in making decisions. (We will cover quantitative evaluations in another post.)

    Watch this YouTube Video: Qualitative and Quantitative Risk Analysis: What’s the Difference?

    Watch this YouTube Video: Two Simple Methods to Analyze Project Risks Qualitatively

    Why Evaluate/Prioritize Project Risks?

    You cannot respond to all risks, neither should you. Prioritization is a way to deal with competing demands. This aids in determining where you will spend your limited time and effort.

    We evaluate in order:

    •  To have the greatest impact. Eighty percent of the impact will come from twenty percent of the risks. What are the vital few things that we should do that will have the greatest impact on minimizing threats and maximizing opportunities?
    •  To respond wisely and appropriately. The goal of evaluating risks is to discriminate between one risk and another. This aids us in determining the amount of effort to invest in developing response plans.
    •  To assign resources suitably. Assign your most skilled, knowledgeable resources to the projects with the greatest risk.
    Continue reading

    How to Build and Use a Risk Register

    picture of a risk register and watchProject managers constantly think about risks, both threats and opportunities. What if the requirements are late? What if the testing environment becomes unstable? How can we exploit the design skills of our developers? Let’s consider a simple but powerful tool to capture and manage your risks—the Risk Register.

    What to Include in a Risk Register

    The Risk Register is simply a list of risk-related information including but not limited to:

    • Risk Description. Consider using this syntax: Cause -> Risk -> Impact. For example: “Because Information Technology is updating the testing software, the testing team may experience an unstable test environment resulting in adverse impacts to the schedule.”
    • Risk Owner. Each risk should be owned by one person and that person should have the knowledge and skills to plan and execute risk responses.
    • Triggers. Triggers indicate when a risk is about to occur or that the risk has occurred.
    • Category. Assigning categories to your risks allows you to filter, group, analyze, and respond to your risks by category. Standard project categories include schedule, cost, and quality.
    • Probability Risk Rating. Probability is the likelihood of the risk occurring. Consider using a scale of 1 to 10, 10 being the highest.
    • Impact Risk Rating. Impact, also referred to as severity or consequence, is the amount of impact on the project. Consider using a scale of 1 to 10, 10 being the highest.
    • Risk Score. The risk score is calculated by multiplying probability x impact. If the probability is 8 and the impact is 5, the risk score is 40.
    • Risk Response Strategies. Strategies for threats include: accept the risk, avoid the risk, mitigate the risk, or transfer the risk. Strategies for opportunities include: accept the risk, exploit the risk, enhance the risk, or share the risk.
    • Risk Response Plan or Contingency Plan. The risk owner should determine the appropriate response(s) which may be executed immediately or once a trigger is hit. For example, a risk owner may take immediate actions to mitigate a threat. Contingency plans are plans that are executed if the risk occurs.
    • Fallback Plans. For some risks, you may wish to define a Fallback Plan. The plan outlines what would be done in the event that the Contingency Plan fails.
    • Residual Risks. The risk owner may reduce a risk by 70%. The remaining 30% risk is the residual risk. Note the residual risk and determine if additional response planning is required.
    • Trends. Note if each risk is increasing, decreasing, or is stable.

    Other Risk Register Tips

    The Risk Register may be created in a spreadsheet, database, risk management tool, SharePoint, or a project management information system. Make sure that the Risk Register is visible and easy to access by your project team members.

    The risk management processes include: 1) plan risk management, 2) identify risks, 3) evaluate/assess risks, 4) plan risk responses, 5) implement risk responses, and 6) monitor risks.

    The initial risk information is entered when identifying risks in the planning process. For example, project managers may capture initial risks while developing the communications plan or the project schedule. The initial risk information may include the risks, causes, triggers, categories, potential risk owners, and potential risk responses.

    As you evaluate your risk in the planning process, you should assign risk ratings for probability and impact and calculate the risk scores.

    Next, validate risk owners and have risk owners complete response plans.

    Lastly, review and update your risks during your team meetings. Add emerging risks. Other reasons for updating the risk register include change requests, project re-planning, or project recovery.

    Other Resources:
    Risk Register Template

    Project Risks and Issues – What’s the Difference?

    Do you find yourself working overtime, trying to deal with unexpected disruptions? Some negative events that you thought might happen has now occurred. And it's costing you more time and energy than you thought possible. Overwhelmed? Well, let's talk about project risks and issues, the differences, and why it's so important to manage risks.

    What is Risk?

    The Project Management Body of Knowledge (PMBOK) defines risk as, “An uncertain event or condition that, if it occurs, has a positive or negative effect on one or more project objectives.” 

    Let's examine a risk statement and underscore some key attributes of risks. Here's a risk statement:

    Because the project team failed to review the requirements with the users, the project team may not meet the user's needs, resulting in unsatisfied users.

    • Cause: Failure to review and validate the requirements
    • Risk: Project team may not meet the user's needs
    • Impact: Users will not be satisfied with the product

    Notice the risk: project team may not meet the user's needs. Think of risk as events or conditions that might happen in the future.

    What is an Issue?

    So, how does an issue differ from a risk? Where a risk might happen, an issue has happened. When a threat occurs, it becomes an issue or problem. By the way, when an opportunity occurs, it becomes a benefit

    Why Distinguish a Risk from an Issue?

    Are we splitting hairs? The distinction between risks and issues matters for a few reasons.

    • Proactive Management Saves Time. “An ounce of prevention is worth a pound of cure.” Project managers should manage risks proactively. Project managers can save valuable time through prevention. As often noted, Project managers can eliminate up to 90% of threats through risk management.
    • Measure of Management Effectiveness. If a project manager is experiencing lots of issues, it may be a sign that the project manager has not been managing the project effectively. 
    • Different Type Response. Issues require a different response than threats. Project managers respond to threats with different strategies: avoid, mitigate, accept, or transfer. Issues require corrective action to bring the performance of the project in alignment with the project management plan. 

    Risk vs. Issue Debate

    Some project managers and risk managers are not convinced that the differentiation between risk and issue adds any value. Even though the risk has occurred (i.e. it is now an issue in terms of the differentiation) there is still uncertainty regarding the impact and the objectives that will be impacted. 

    What about Assumptions and Constraints?

    While we are on this topic, let's clarify two other terms—assumptions and constraints.

    • Assumptions. Assumptions are “a factor in the planning process that is considered to be true, real, or certain, without proof or demonstration” according to the Project Management Body of Knowledge. Assumptions may be a source of risks. Be sure to perform an assumption analysis periodically to validate assumptions.
    • Constraints. A constraint is “a limiting factor that affects the execution of a project, program, portfolio, or process.” Constraints such as a budget or schedule constraints are factual. The project manager must continually consider these defined limits when managing risks, particularly when planning risk responses.

    How to Create a Cause and Effect Diagram

    Do you have problems? Projects running behind schedule? Cycle time for a business process increasing? Sales down? People continuing to live in silos? Let's discuss a simple but powerful tool for solving problems - the Cause and Effect Diagram (alias Fishbone Diagram).

    Steps to Create a Cause and Effect Diagram

    1. Identify and clarify the problem. State the problem objectively. Ask questions concerning the problem. As Jack Welch said, “Continually expand your definition of the problem, and you expand your view of all the different ways that it can be solved.” Write out the problem or effect on the far-right-hand side of the diagram. Draw a horizontal line (the spine of the fish) to the problem.
    2. Identify the cause categories. For example, use the 4 M categories: Machine, Method, Materials, Manpower. Add the categories to the diagram. Draw diagonal lines (bones of the fish) to each category.
    3. Brainstorm causes for each category. Add causes to the appropriate category lines.
    4. Identify the most significant causes.  Ask the team to identify the most significant causes. Remember the Pareto Principle - 80% of the problem comes from 20% of the causes.
    5. Define the risk response plan. What can be done to eliminate or reduce the most significant causal factors? Who will be responsible for taking actions? When are the actions due? 
    rocket

    “A problem well-defined is a problem half-solved.” -Anonymous

    Power Tips for Cause and Effect Diagrams

    1. Invite creative problem solvers who lack knowledge of the problem domain. Does this sound counterintuitive? Your team members may have deep-seated thoughts and assumptions about problems. Ask someone unfamiliar with the problem to participate in the session. Invite them to challenge the norm and inject a different perspective.
    2. Resist the temptation to solve the problem when identifying the problem and causes. Many people prematurely jump to solutions before understanding the problem and causes. Seek first to understand.
    3. Dig deeper in identifying the causes. Use the 5 Whys technique. Identify the problem and then to ask “why” five times. You may ask “why” less than or more than five times. Continue until you identify the primary root causes in which you can take actions yielding significant results.
    4. Use the Cause and Effect Diagram to analyze an opportunity. For step 1, identify the opportunity rather than a problem. For step 5, seek to exploit or enhance the opportunity.

    It's Your Turn

    Are you behind schedule on one of your projects? Develop a cause and effect diagram to identify the causes. And then determine which of the causes had the greatest impact. Don't stop there. Determine how you will minimize the probability and impact of those causes going forward.

    Build A PMO You Can Be Proud Of

    Some Project Management Offices (PMOs) never get off the ground. I've seen others that are started and a year or so later die a slow painful death. So, how can you build a PMO you can be proud of, one that thrives?

    Why Are There So Many Troubled PMOs?

    No one intends to build an impotent PMO, but it happens. The PMO lacks power and effectiveness. Therefore, people see the PMO as a hindrance, not an enabler.

    Click here to discover 40 reasons PMOs fail. Furthermore, I describe how to handle PMO threats—things that may hinder your ability to build a PMO—here.

    Let's look at five ways we can improve vitality and provide value to our organization.

    rocket

    "There is only one way to avoid criticism: do nothing, say nothing, and be nothing." –Aristotle

    Five Keys to Successful PMOs

    1. PMO Sponsorship. Without a strong, influential sponsor, the PMO is doomed. Don’t have a sponsor? Then don’t create a PMO. Because you will be fighting an uphill battle, one that you will likely lose.

    2. Clarity. Define specific, measurable goals. How will you measure the success of the PMO? What are the Key Performance Indicators?

    The PMO leader should also be clear about the type of PMO being implemented. The Project Management Body of Knowledge (PMBOK) describes three types of PMOs:

    • Supportive – provide support to project managers in a consultative role. Provide templates, training, best practices, and lessons learned. Control is low.
    • Controlling – require project managers to follow a project management framework or methodology using specific tools and templates. Control is moderate.
    • Directive – projects are managed by project managers in the PMO. Control is high.

    Since clarity is essential to success, you must continuously cast the vision of where you are going, how you get there, and why you are going there.

    3. Alignment. Define a process to ensure projects align with the organization’s mission and goals. What criteria will be used to select projects?

    For example, the project selection criterion might include:

    • Strategic importance: Does the project tightly link with the strategic plan?
    • Financial viability: Does the project contribute to the financial success of the organization? Is the project profitable?
    • Flexibility: Does the project provide business and technical flexibility to accommodate future changes?
    • Risk: How high is the risk? What is the project risk score?
    • Regulatory compliance: Is the organization required legally to comply with new regulations?

    Kill non-value added projects. Transfer resources to value-added projects. Certainly, resource management across the project portfolio is a critical success factor.

    Some organizations also use a gate review process. At certain stages of each project, the project is reviewed to ensure continuous alignment.

    4. Execution. Teach project managers to use a scalable project management framework or methodology. Provide templates to aid project managers in their execution. Another tip, offer to mentor and support project managers during the execution of their projects.

    5. Continuous Improvement. Evaluate the framework, tools, techniques, templates, as well as the projects. Develop and maintain lessons learned.

    How to Jump-Start a PMO

    Thinking about starting a PMO? I recommend that you develop a project charter with your project sponsor and key stakeholders. Define the problems you wish to overcome, goals, deliverables, assumptions, constraints, and top risks to a successful implementation. You can build a PMO that you are proud of through early collaboration with your stakeholders, persistent leadership, and staying focused on delivering value to your organization. Best wishes!

    How to Conduct a Risk Audit and a Risk Review

    A life well lived life involves looking backward as well as thinking forward. The same is true of projects.

    In this article, we will look at how to conduct a risk audit to evaluate the effectiveness of your risk management. Additionally, we'll also talk about how to be more forward thinking through risk reviews.

    rocket

    “Good Risk Management fosters vigilance in times of calm and instills discipline in times of crisis.” -Dr. Michael Ong

    How to Conduct a Risk Audit

    Who Performs the Risk Audits?

    The project manager, the project manager and team, or a risk audit team may perform risk audits. What is the focus of the audit? It is a retrospective review where we ask “How did we do?”

    • Review the effectiveness of the responses to risks
    • Next, review the effectiveness of the risk owners
    • Another, review the effectiveness of the risk processes

    How Do Risk Audits Help?

    Wonder if risk audits can really help you and your team. You bet!

    And it doesn’t have to be difficult or require lots of time.

    The output of the risk audit is the lessons learned that enable the project manager and the team to increase the likelihood and impact of positive events and decrease the likelihood and impact of negative events.

    The size of the risk audit team and the time invested should be commensurate with the size and complexity of the projects. I’ve completed small risk audits with me and a couple of team members in an hour or less.

    Sounds great, but how does it really work?

    Real World Example of a Risk Audit

    Tom was asked to manage a project to implement an insurance company claims customer service center that would house 100 employees. He decided to have a risk audit performed when the team had completed 40% of the project. Things were going fairly well, but Tom was concerned about an increasing number of issues, particularly with two risk owners.

    Tom asked an internal risk audit group — comprised of one company project manager, one IT employee, and one claims manager — to conduct the audit. The team completed the audit in two weeks and discovered the following:

    • To start with, one risk owner — John Billings — had been negligent in managing a significant risk for a critical path activity, resulting in an adverse impact to the schedule of two weeks. Why had Mr. Billings been negligent? He had lost two employees in the last two months, forcing him to pick up the slack.
    • Next, there were two major risks where no responses had been taken and there were no contingency or fallback plans.
    • Furthermore, the team missed an opportunity that could have saved the project $20,000.
    • Finally, the risk evaluation process needed improvements. The scale being used for the qualitative risk analysis was broad and prone to bias.

    The findings were shared with Tom and the project sponsor. The following changes were made:

    • First, John Billings was replaced with another risk owner.
    • Second, Tom met with the risk owners who had failed to respond to their risks, shared the audit findings, and asked that response plans be developed and executed.
    • Third, Tom included specific exercises to identify opportunities going forward in the project.
    • Lastly, Tom refined the qualitative risk evaluation scale.
    rocket

    “Risk is like fire: If controlled it will help you; if uncontrolled it will rise up and destroy you.” -Theodore Roosevelt

    How to Conduct Risk Reviews

    How can project managers make better decisions and get better results in the future? Try a risk review.

    Remember, the audit team focuses on "How did we do?" Were the risk management processes effective? We are looking backward.

    In contrast, risk reviews are prospective and forward-looking. We ask, "How will we do?" We modify our risk response plans and risk management processes to improve our chances in the future. 

    Questions to Ask in Risk Reviews

    Project managers and their teams periodically review their project risks for the following:

    • What have we learned from our risk audits that we should apply going forward?
    • Are there new risks?
    • Has the probability and impact changed?
    • Are there individual risks that are merging to form a powerful set of risks?
    • Should we modify our responses including contingency and fallback plans?
    • Should we close irrelevant risks?
    • Are the residual risks increasing or decreasing?

    For more helpful questions, check out my post 12 Questions For Monitoring Project Risks.

    Your Turn

    Pick one of your worst project, where things have been crazy. Look backward with a risk audit and forward with a risk review. You will likely gain insights and perspective as you see things with fresh eyes. Best wishes!

    1 2 3 9