It's easy to miss project risks. And, until a project manager has identified the threats and opportunities, the risks cannot be managed properly. Projects rise and fall with the project manager's ability to properly identify and manage their most significant risks.
Project managers don't want to spend an inordinate amount of time identifying risks—rightly so.
Neither can project managers afford to miss the critical risks. Let's look at strategies to identify risks and save time when identifying project risks. You can choose and scale these strategies as needed.
1. Use a risk list. A risk list is a list of potential risks for an industry, organization, or company. Ideally, the risks are listed by categories such as schedule, budget, quality, and scope. For example, you could identify schedule risks using a schedule risk list such as:
2. Use risk categories. What can we do if we don't have a risk list? Try a prompt list, a generic list of categories used to "prompt" the identification of risks. Typical project risk categories include:
3. Identify internal and external risks. It’s obvious that we need to identify internal risks. However, project managers may fail to identify external risks. Out of sight, out of mind. For example, an organization may contract with a third party to provide products, services, and supplies. There is the temptation to forget about it.
Just because a contract exists does not mean that the project manager has washed her hands of these risks. The project manager is still responsible for overseeing the activities, making sure the contracted products and services fulfill the project’s needs and integrate properly into the project deliverables.
“The secret of getting ahead is getting started. The secret of getting started is breaking your complex overwhelming tasks into small manageable tasks, and then starting on the first one.” —Mark Twain
4. Perform top-down and bottom-up risk identification. With a top-down approach to risk management, the project sponsor (and sometimes senior management) declares which threats and opportunities matter. The benefit is that it provides a high-level perspective. The project sponsor defines the project goals and determines the business strategies to make it happen.
However, the project sponsor will not likely understand the project planning and execution risks. A bottom-up approach provides the advantage of getting the views of the team members and key stakeholders. An excellent tool for the bottom-up risk identification is the work breakdown structure (WBS). The project manager can work with team members to discuss the lowest level WBS activities in order to identify risks.
5. Perform risk reviews periodically. Remember—risks change over time. Imagine never having your vehicles checked or never having a physical exam by a doctor. Project risk reviews should be performed regularly. In addition, reviews should be performed for the following events:
Keep in mind, we are NOT trying to identify every possible risk. We are scanning the project environment to find the most significant risks. If done properly, these strategies can help us identify the critical risks quickly. Then we can take the next step—treat the risks.
Some project managers take a different approach - it's called wait and see. It works like this: Don't invest time (i.e., waste time) identifying and treating risks. When the uncertain event or condition occurs, the project manager would fix it—translate, the project manager and affected stakeholders would put out the fires!
Responding to issues almost always require more time and cost more money than identifying and treating risks ahead of time. Being disciplined and applying an appropriate amount of time and focus on risks can reduce project expenses, promote the project schedule, reduce stress, and help a project team achieve its mission.
Known and unknown, internal and external, upside and downside—risks are woven into the fabric of every project. Project managers can waste a lot of time due to poor risk management. In today’s article, let’s look at seven things not to do when identifying project risks.
Dan the project manager just kicked off a new project, adding stress to his life. He was already managing three projects. Now he had a new team, new goals, new challenges, and yes, new risks.
If Dan was like most project managers, he would wait until later to start the risk identification process. Why hurry? He had enough to do without jumping into the risk management stuff.
However, risk waits for no one. In fact, the project risk exposure — the level of risk due to uncertainty — is highest at the beginning of projects. Why? We know the least.
Dan is smarter than most project managers. He starts identifying and capturing risks as he initiates and plans the new project. He proactively asks his team and stakeholders to help him identify the things that may hinder or help the project. His teams benefit from his early focus on achieving the project objectives.Continue reading
Poor risk management is costly. Project managers are caught off guard by emerging risks. And these risks may turn into issues costing more time and money.
But, it doesn't have to be that way. We can identify risks early. We can assess and prioritize our risks, allowing us to make better use of our limited time.
Let's look at the cost of poor risk management through the life of Tom Whitley. We will discuss his mistakes. Lastly, I'll provide you with a simple project risk management checklist to keep you from making the same mistakes.
The Star Mutual Insurance Company (SMIC) hired Tom Whitley as a project manager to manage information technology projects. Although Tom missed a few deadlines, he implemented most of his projects, though small, on time and under budget in his first year.
Tom was promoted to program manager after only 12 months with the company. He was assigned his first SMIC program, a combination of projects aimed at helping the company achieve a consistent underwriting profit. The program included projects to implement a new imaging system, a new policy administration system, and a new claims system, each led by a different project manager.
Tom pushed the project managers to take action quickly. He wanted to see progress within two to four weeks.
When one of the project managers spoke of identifying, evaluating, and managing risks, Tom cut her short, “We’ll get to the risk management later. I want an agile approach with the minimum process.”
The senior management team praised Tom for the early action. The imaging team had started building workflows. Check. The policy administration team started developing the interface to the claims administration system. Check. The CEO told the board of directors that things were going well for the first two months of the program (or so she thought).
In the third month, significant issues emerged. First, users were continuously changing the requirements for the policy administration system. Second, Tom started having problems with the third-party vendor resources. Third, the test regions were unstable, making it impossible for the testing teams to stay on schedule.
Tom and the project managers were spending more time dealing with issues and less time preparing for upcoming project activities. Things spiraled out of control. Eventually, SMIC replaced Tom as the program manager. The CEO reported the problems to the board and promised to get things back on track. But, it never happened.
After two years of trying to get the applications implemented, the company terminated the program and wrote off $15 million in expenses. SMIC continued missing revenue goals while expenses rose sharply. The CEO was fired after the company was downgraded twice and after four years of underwriting losses.
“Human beings, who are almost unique in having the ability to learn from the experience of others, are also remarkable for their apparent disinclination to do so.” —Douglas Adams
Although this is a fictitious story, many project managers (and companies) fail to use risk management as an effective means of achieving their objectives. If you were leading the next program, what would you do differently? Take note of Tom's mistakes.
How about you? How would you describe the health of your projects? Review one of your projects with this checklist:
Risk management gets a lot of fanfare, but many project managers fail to cash in on the benefits. Here are some simple and practical project risk management tips that can aid project managers in getting better results.
“The first step in the risk management process is to acknowledge the reality of risk. Denial is a common tactic that substitutes deliberate ignorance for thoughtful planning.” —Charles Tremper
Do you feel uncertain about your project schedule? Does something see out of order but you just can’t put your finger on it. In this article, let’s look at five causes of schedule risks and ways to avoid or reduce these risks.
Many times, it starts with pressure from a sponsor to deliver the project early. For sure, project managers have a responsibility to work with their sponsors to understand the requirements and to complete the projects within the sponsor-imposed deadlines. Rather than wasting our time complaining about the deadlines, how can we work with our sponsors and team members to find solutions to schedule issues?
My friend Colin Gautrey has some wise advice on 8 Ways You Can Better Respond to Unrealistic Demands.
As we work to develop and compress our schedules, let’s be aware of the common causes of risk. We will be in a better position to manage the risks and deliver our projects on schedule.
Question: What other ways have you seen project managers unintentionally create schedule risks?
How often have you neared a project implementation date, only to find new requirements? Or perhaps your team said they had gathered the requirements, but in reality, the team had hastily rushed through the requirement process resulting in rework, missed deadlines, and another blown budget.
If you want to improve your chance for project success, focus on improving your requirement processes. You can’t overcome all the issues overnight, but here are a few things to consider.Continue reading
The Standish Group says three of the biggest factors that lead to failed and challenged projects are:
We should attack these threats with a vengeance. How can we do this? We add skilled requirements analysts to our teams.
The role of the project manager is to achieve the project’s goals or objectives. Who performs the business analysis tasks for the projects? That depends.
For small projects, the project manager may assume many roles including but not be limited to:
For larger projects, project managers must find ways to complete project tasks through others. They must not fall into the trap of doing everything themselves. Wise project managers recruit team members with the necessary skills and talents.Continue reading
Poor project quality can have profound effects on projects resulting in rework, schedule delays, higher cost, frustration, morale problems, and lack of customer satisfaction. Project managers cannot afford to miss the mark here. Quality matters.
When buying eyeglasses, what do people look for? One person may focus on features such as the frame style. Another person may want anti-scratch coating or UV-blocking treatment.
Others also look for a great customer experience—how they are greeted, how easy it is to find their frames, and the fast, accurate checkout process.
Projects are similar–project customers, whether internal or external, want great products and service. How do your customers describe your service? Are they getting the product features they want?
Here are some common quality management mistakes. Overcoming these seven mistakes can greatly improve your chance of success. Continue reading
Earlier I wrote about eights ways to treat risks. One of the risk responses is avoidance. The focus of this strategy is to ensure the risk does not occur by eliminating the cause of the risk.
It was Fall, and I had raked the leaves in my backyard into three piles. I was trying to decide what to do with them. I knew there was a ban on burning in my area since we had been extremely dry for months.
What were my options? I could bag the leaves. I could haul the leaves into the woods. Or I could burn the leaves.
I decided to take a chance and burn the leaves. Later, I soaked the areas with water to fully extinguish the remaining embers.Continue reading
The Project Management Institute added a new risk strategy in the Sixth Edition of the Project Management Body of Knowledge. Let's take a look at what it means to escalate risks and how to escalate risks, both threats and opportunities.
Escalation is one of the eight ways to treat risks.The PMBOK® Guide–Sixth Edition says:
"Escalation is appropriate when the project team or the project sponsor agrees that a threat is outside the scope of the project or that the proposed response would exceed the project manager's authority. Escalated risks are managed at the program level, portfolio level, or other relevant part of the organization, and not on the project level. The project manager determines who should be notified about the threat and communicates the details to that person or part of the organization. It is important that ownership of escalated threats is accepted by the relevant party in the organization."
The language for escalating opportunities is nearly identical, interchanging the term threat with opportunity.
Every organization has risks at various levels such as teams, departments, business units, and an enterprise level. Projects touch different parts of the organization. Project managers discover all kinds of risks, some that are within the scope of the project and others that are not.
What should a project manager do when a risk is identified that is outside the scope of the project? Escalate the risk. Here are three takeaways.
Do you have risks in your project risk register that should be escalated? Work with your project sponsor and other key stakeholders to clarify the risks, determine the true risk owners, and ensure ownership at the right level of your organization.