Assign a 'primary' menu

Category Archives for 4=Control

12 Questions for Monitoring Project Risks

Some project managers start their projects with a strong focus on risk management. However, somewhere along the way, they lose steam. They spend more time dealing with issues and implementing workarounds. In this article, I am providing questions that can help you in monitoring project risks and as a result, achieve better results.

Other project managers start out strong and stick with their risk management. When problems occur, they turn to their risk response plan. They run toward their risk management tools and techniques to aid them. Consequently, these project managers spend less time responding to issues.

In my last article, we looked at What Every Project Manager Should Know About Monitoring Risks where we reviewed the definition for Monitor Risk. The Project Management Body of Knowledge (PMBOK) 6th Edition defines Monitor Risks as “the process of monitoring the implementation of agreed-upon risk response plans, tracking identified risks, identifying and analyzing new risks, and evaluating risk process effectiveness throughout the project.”

When Should We Monitor Project Risks?

Monitoring risks is an ongoing activity, not a one-time event. The frequency varies depending on the project. Some project managers review risks with their team in their weekly project meetings, while others who manage agile projects discuss risks and obstacles in their daily standup meetings.

12 Questions for Monitoring Project Risks

Perhaps you struggle with the practicality of monitoring risks. It seems like a vague notion. Hence, here are some questions that can help you and your team on the right track.

  1. What new risks should be captured in the risk register?
  2. What risks should be closed?
  3. What has changed in the previously identified risks? Reassess the probability and impact of your risks.
  4. How effective are the current risk response plans and actions? If the risk plans are not effective, modify them for better results.
  5. Have project assumptions changed?
  6. What thresholds have been exceeded? If a threshold or trigger has been exceeded, what actions need to occur?
  7. What contingency or fallback plans should be executed?
  8. Are there common causes that are increasing multiple risks? One causal factor may increase the probability and/or impact of multiple risks. Therefore, attacking these causal factors has high leverage.
  9. Are the right risk owners assigned? If the risk owner is not performing their duties correctly, look for ways to motivate the risk owner or consider a change.
  10. Are workarounds increasing? If your manual workarounds are increasing, this is a sign of inadequate risk identification and responses earlier in the project.
  11. How are the reserves doing? Is it time to request additional reserves? Perhaps the team should consider ways to change facets of the project in order to stay within budget and schedule.
  12. What have we learned?

Question: What other questions would you add to this list?

What Project Managers Should Know About Monitoring Project Risks

Many project managers do a great job of identifying risks. Some even evaluate risks and develop response plans. However, project managers get busy as their projects progress and fail to monitor their risks, resulting in challenged or failed projects. Here are some key factors that you should know about monitoring project risks (previously referred to as controlling risks in the PMBOK 5th Edition).

Do Project Managers Really Control Risks?

I've heard countless debates about whether project manager can control risks. First of all, what does it mean to control something? Here's the Merriam-Webster dictionary defines control as:

rocket

Definition of CONTROL

a to exercise restraining or directing influence over regulate 
  • control one's anger
to have power over rule 
  • A single company controls the industry.
to reduce the incidence or severity of especially to innocuous levels 
  • control an insect population; control a disease

Can project managers really control project risks? Feels more like herding cats, doesn't it?

So, why do people push back on controlling risks? These individuals take the term control literally. They argue, "no one has absolute control over projects."

I'm not sure, but I think these issues resulted in the changes in the Project Management Body of Knowledge (PMBOK). The authors of the 6th Edition changed the Control Risks process to Monitor Risks.


 

PMBOK 5th Edition
Control Risks

The 5th Edition included the process called Control Risks which was defined as "The process of implementing risk response plans, tracking identified risks, monitoring residual risks, identifying new risks, and evaluating risk process effectiveness throughout the project."


PMBOK 6th Edition
Monitor Risks

The authors of the 6th Edition changed the Control Risks process to Monitor Risks"Monitor Risks is the process of monitoring the implementation of agreed-upon risk response plans, tracking identified risks, identifying and analyzing new risks, and evaluating risk process effectiveness throughout the project."

Let's move beyond the debates and talk about monitoring project risks and getting results.

Four Steps to Monitoring Project Risks

1. Monitor Agreed-Upon Risk Response Plans

For each risk or set of risks, a response should be planned. Risk owners or their assigned risk action owners execute the plans. Some risks merit immediate responses; contingent risks are responded to when trigger conditions are met. For example, if a supplier fails to meet a deadline, the supplies are ordered from another vendor.

Jim, the project manager of a key strategic project, has monitored the residual risk -- the amount of risk remaining -- for his most significant risks. One of the key risks had a 60% probability of occurring with a $22,000 impact on a $100,000 project. The risk owner took actions that decreased the residual risks -- the probability dropped to 20% with an impact of $4,000.

Jim determined that it would be too costly to reduce the risk further; therefore, he asked the risk owner to monitor the risk and to develop a contingency plan. The risk owner reported to Jim once each month on the risk.

Project managers work with the risk owners to evaluate the effectiveness of the responses. Responses are modified as needed.

2. Track Identified Risks

The project manager uses tools to track the overall project risk. Are the risk response plans ensuring that the project team delivers the project on time, on budget, and in accordance with the requirements?

Trigger conditions are defined when defining risk response plans. Project managers work with the risk owners to determine the trigger conditions and the related metrics. For example, additional resources may be added to an activity if the activity falls behind schedule for two weeks or more.

3. Identify and Analyze New Risks

New risks arise over time. For example, an insurance company was implementing a new policy administration system. A vendor delivered an update while an insurance company was testing major modifications in their interfaces. As the new code was introduced, there was the risk of breaking the interfaces.

Project managers periodically work with their project team to identify new risks. What’s new? What has changed? What have we overlooked?

Project managers should identify new risks for the following events:

  • Major changes to the project or its environment
  • Key milestones reached
  • Occurrence of a major risk
  • Unexpected risks
  • Changes in key team members or stakeholders

4. Evaluate Risk Process Effectiveness

So, you’ve implemented the risk management processes:

  1. Plan for risk management
  2. Identify risks
  3. Perform qualitative risk analysis
  4. Perform quantitative risk analysis
  5. Plan risk responses
  6. Implement risk responses
  7. Monitor risks

That’s great! Are the processes of delivering the results you expected efficiently and effectively? Are you spending too much time in certain areas and not enough time in other areas? Seek to reduce the cost of risk management while ensuring that you accomplish your project goals.

Your Turn

Think about your projects. If you compare the degree of variation from your baselines, how are you doing? Would you say your projects are staying within the expected limits? Or perhaps one project is like a car that is swerving all over the road. You wonder if you will ever get home. If so, make the necessary adjustments in monitoring project risks.

Are You Making These Risk Response Mistakes?

Some project managers make timely responses to risks, resulting in positive progress toward their project goals. Others act haphazardly, resulting in undesirable consequences. Let's look at some common risk response mistakes and how to overcome them.

So, what do I mean by risk response mistake? A mistake is an action that is misguided or wrong.

rocket

"If you treat risk management as a part-time job, you might soon find yourself looking for one." —Deloitte

Joe Cunningham once managed a project to implement a commercial-off-the-shelf (COTS) software solution for a bank. He and the team had identified the project risks, but they had failed to analyze the common causes of the most significant risks. Consequently, the team was responding to risks but missing the high-leverage responses.

Perhaps you are making mistakes like this one. But, you don't have to.

I've created a list of ten risk response mistakes. I'm sure that you aren't guilty of all. Read through them, thinking about one of your projects. Make notes where you might improve.

10 Risk Response Mistakes

  • 1
    Failure to identify risk owners. Once a risk has been identified, project managers should ask, "Who owns the risk?" A risk owner is a person responsible for developing and executing a risk response plan.
  • 2
    Failure to respond to several small, related risks. If we fail to analyze the relationships between risks, we may not understand how risks relate to one another. Individual small risks seem powerless. However, several small, related risks can have a powerful impact.
  • 3
    Failure to identify and plan for secondary risks. When risk owners are developing risk response plans, they may fail to consider secondary risks, risks that arise as a direct result of implementing a risk response. Wise project managers educate and ask their risk owners to identify and plan for significant secondary risks.
  • 4
    Failure to develop contingency plans. Some risk response plans are executed immediately; other risk response plans are contingent. That is to say; the plans will only be executed under certain predefined conditions.
  • 5
    Failure to develop fallback plans. What should a risk owner do if the contingency plan fails? Risk owners should develop and be prepared to execute a fallback plan for significant risks. The fallback plan may be used to mitigate further a threat or enhance an opportunity. A fallback plan may also be defined for cases where a risk may occur.
  • 6
    Failure to define risk triggers. Some risk owners do a great job of defining contingency plans but fail to define clearly the risk trigger such as missing a milestone. Triggers may be used to provide the warning that the risk is about to occur, providing time to implement the risk response plan.
  • 7
    Failure to respond to opportunities. Many project managers still struggle with the fact that risks include positive events or conditions, that if they occur, cause a positive impact on the project goals. Therefore, many project managers fail to identify these positive events and miss the opportunities that could save the project or enhance the project's value.
  • 8
    Failure to update project management plans including the schedule management plan, cost management plan, quality management plan, procurement management plan, human resource plan, scope baseline, schedule baseline, and cost baseline. As risk owners develop response plans, project managers should update the project management plans accordingly. For example, the project manager may add new activities to the schedule and further define how contingency reserves will be consumed.
  • 9
    Failure to update assumptions log. Project managers and team members make lots of assumptions, particularly in the early parts of a project, based on the information at hand. As the project team discovers new information, previously identified assumptions may need updating, or new assumptions may need to be added.
  • 10
    Failure to create contracts or agreements with third parties. Some risk owners may wish to leverage a third party to respond to risks. The project manager should ensure these decisions and contracts are outlined and approved as needed.

Taking Action on Risk Response Planning

Consider using this list as a checklist for one of your current projects. Keep your risk management as simple as possible while ensuring that the responses are economical and effective. Scale your response plans as needed; do more planning for larger complex projects and less for smaller projects.

It’s Easy to Miss Project Risks

It's easy to miss project risks. And, until a project manager has identified the threats and opportunities, the risks cannot be managed properly. Projects rise and fall with the project manager's ability to properly identify and manage their most significant risks.

Project managers don't want to spend an inordinate amount of time identifying risks—rightly so. 

Neither can project managers afford to miss the critical risks. Let's look at strategies to identify risks and save time when identifying project risks. You can choose and scale these strategies as needed.

Risk Identification Techniques

1. Use a risk list. A risk list is a list of potential risks for an industry, organization, or company. Ideally, the risks are listed by categories such as schedule, budget, quality, and scope. For example, you could identify schedule risks using a schedule risk list such as:

  • Schedule is missing key activities
  • Excessive schedule pressure
  • Schedule is optimistic, not realistic
  • The product or service cannot be developed to the size specified in the time allocated
  • Schedule was baselined without review by key stakeholders
  • Scope has increased with no change to the schedule
  • A delay in a critical path activity is causing cascading delays in the subsequent activities
  • A key resource has been reallocated half-time to another project, adversely impacting the work on this project
  • Estimates were created by the project manager, not the individuals doing the work
  • One activity may not provide the required information that a subsequent activity needs
  • Coordination issues are arising from the crashing of several critical path activities

2. Use risk categories. What can we do if we don't have a risk list? Try a prompt list, a generic list of categories used to "prompt" the identification of risks. Typical project risk categories include:

  • Schedule risk - schedule events or conditions, that if they occur, will cause a positive or negative impact to the project goals
  • Budget risk – budget events or conditions, that if they occur, will cause a positive or negative impact to the project goals
  • Quality risk – quality events or conditions, that if they occur, will cause a positive or negative impact to the project goals
  • Scope risk – scope events or conditions, that if they occur, will cause a positive or negative impact to the project goals

3. Identify internal and external risks. It’s obvious that we need to identify internal risks. However, project managers may fail to identify external risks. Out of sight, out of mind. For example, an organization may contract with a third party to provide products, services, and supplies. There is the temptation to forget about it.

Just because a contract exists does not mean that the project manager has washed her hands of these risks. The project manager is still responsible for overseeing the activities, making sure the contracted products and services fulfill the project’s needs and integrate properly into the project deliverables.

rocket

“The secret of getting ahead is getting started. The secret of getting started is breaking your complex overwhelming tasks into small manageable tasks, and then starting on the first one.” —Mark Twain

4. Perform top-down and bottom-up risk identification. With a top-down approach to risk management, the project sponsor (and sometimes senior management) declares which threats and opportunities matter. The benefit is that it provides a high-level perspective. The project sponsor defines the project goals and determines the business strategies to make it happen.

However, the project sponsor will not likely understand the project planning and execution risks. A bottom-up approach provides the advantage of getting the views of the team members and key stakeholders. An excellent tool for the bottom-up risk identification is the work breakdown structure (WBS). The project manager can work with team members to discuss the lowest level WBS activities in order to identify risks.

5. Perform risk reviews periodically. Remember—risks change over time. Imagine never having your vehicles checked or never having a physical exam by a doctor. Project risk reviews should be performed regularly. In addition, reviews should be performed for the following events:

  • Significant change of project goals, deliverables, assumptions, of constraints
  • Change in team members
  • Significant change in requirements
  • New or changing external requirements such as regulatory requirements or contract requirements
  • High number of issues are occurring

Risk Identification Tips

Keep in mind, we are NOT trying to identify every possible risk. We are scanning the project environment to find the most significant risks. If done properly, these strategies can help us identify the critical risks quickly. Then we can take the next step—treat the risks.

Some project managers take a different approach - it's called wait and see. It works like this: Don't invest time (i.e., waste time) identifying and treating risks. When the uncertain event or condition occurs, the project manager would fix it—translate, the project manager and affected stakeholders would put out the fires!

Responding to issues almost always require more time and cost more money than identifying and treating risks ahead of time. Being disciplined and applying an appropriate amount of time and focus on risks can reduce project expenses, promote the project schedule, reduce stress, and help a project team achieve its mission.

7 Things You Should Not Do When Identifying Project Risks

Known and unknown, internal and external, upside and downside—risks are woven into the fabric of every project. Project managers can waste a lot of time due to poor risk management. In today’s article, let’s look at seven things not to do when identifying project risks.

Don't do it. Written on white paper

1. Don’t wait.

Dan the project manager just kicked off a new project, adding stress to his life. He was already managing three projects. Now he had a new team, new goals, new challenges, and yes, new risks.

If Dan was like most project managers, he would wait until later to start the risk identification process. Why hurry? He had enough to do without jumping into the risk management stuff.

However, risk waits for no one. In fact, the project risk exposure — the level of risk due to uncertainty — is highest at the beginning of projects. Why? We know the least.

Dan is smarter than most project managers. He starts identifying and capturing risks as he initiates and plans the new project. He proactively asks his team and stakeholders to help him identify the things that may hinder or help the project. His teams benefit from his early focus on achieving the project objectives.Continue reading

How Poor Risk Management Is Hurting You

Poor risk management is costly. Project managers are caught off guard by emerging risks. And these risks may turn into issues costing more time and money.

But, it doesn't have to be that way. We can identify risks early. We can assess and prioritize our risks, allowing us to make better use of our limited time.

poor risk management

Let's look at the cost of poor risk management through the life of Tom Whitley. We will discuss his mistakes. Lastly, I'll provide you with a simple project risk management checklist to keep you from making the same mistakes.

The Risk Management Mistakes of Tom Whitley

The Star Mutual Insurance Company (SMIC) hired Tom Whitley as a project manager to manage information technology projects. Although Tom missed a few deadlines, he implemented most of his projects, though small, on time and under budget in his first year.

Tom was promoted to program manager after only 12 months with the company. He was assigned his first SMIC program, a combination of projects aimed at helping the company achieve a consistent underwriting profit. The program included projects to implement a new imaging system, a new policy administration system, and a new claims system, each led by a different project manager.

Tom pushed the project managers to take action quickly. He wanted to see progress within two to four weeks.

When one of the project managers spoke of identifying, evaluating, and managing risks, Tom cut her short, “We’ll get to the risk management later. I want an agile approach with the minimum process.”

The senior management team praised Tom for the early action.  The imaging team had started building workflows. Check. The policy administration team started developing the interface to the claims administration system. Check. The CEO told the board of directors that things were going well for the first two months of the program (or so she thought).

In the third month, significant issues emerged. First, users were continuously changing the requirements for the policy administration system. Second, Tom started having problems with the third-party vendor resources. Third, the test regions were unstable, making it impossible for the testing teams to stay on schedule.

Tom and the project managers were spending more time dealing with issues and less time preparing for upcoming project activities. Things spiraled out of control. Eventually, SMIC replaced Tom as the program manager. The CEO reported the problems to the board and promised to get things back on track. But, it never happened.

After two years of trying to get the applications implemented, the company terminated the program and wrote off $15 million in expenses. SMIC continued missing revenue goals while expenses rose sharply. The CEO was fired after the company was downgraded twice and after four years of underwriting losses.

Learning from others...

“Human beings, who are almost unique in having the ability to learn from the experience of others, are also remarkable for their apparent disinclination to do so.” —Douglas Adams

Risk Management Mistakes

Although this is a fictitious story, many project managers (and companies) fail to use risk management as an effective means of achieving their objectives. If you were leading the next program, what would you do differently? Take note of Tom's mistakes.

  1. Tom failed to see risk management as a smarter way to plan and execute projects. Beliefs drive behavior and action. Because Tom thought that risk management was a waste of time, he failed to leverage the benefits.
  2. Tom got behind the eight ball. Risk exposure is highest as projects start. Why? Project managers have the least amount of information; therefore, uncertainty is greatest. Tom should have identified, evaluated, and responded to risks in the first few weeks of the program and continued this process throughout the program.
  3. Tom failed to take a systematic approach. Project managers are expected to show results quickly, but they should never skip planning altogether. Project managers can show progress while, at the same time, developing their project management plans.
  4. Tom failed to take a balanced risk management approach. Some project managers take unnecessary steps, wasting time; other project managers fail to do enough. Tom was successful on small projects with very little risk management. But, he skipped risk management all together in the larger, more complex program. Consequently, the negative events became material issues that harmed the company and cost Tom his job.
  5. Tom had no wiggle room. Why? Because he failed to identify risks and evaluate the risks, leading to the development of the budget and schedule reserves.
  6. Senior management undervalued project management. Rather than developing a strong project management program to support its strategic goals, senior management saw project management as a necessary evil. When management needed operational transformation, they lacked the skilled resources and framework to make it happen.
  7. The company failed to identify the operational risk of losing skilled program managers. Some companies take employees for granted, increasing the likelihood of losing skilled employees. Successful companies identify and retain the employees critical to their strategic plans. Succession plans should be developed to ensure competent resources are available if key resources leave the company.

Your Risk Management Checklist

How about you? How would you describe the health of your projects? Review one of your projects with this checklist:

  • Do you have a risk management plan (it does not have to be lengthy or complicated)?
  • Have you identified and captured your risks in a risk register?
  • How have you evaluated and prioritized your risks?
  • Have you engaged the appropriate stakeholders in the risk identification and evaluation processes?
  • What about risk owners? Does each risk have a risk owner?
  • Have the risk owners developed risk response plans for the highest risks?
  • Are you facilitating a review of your risks periodically, resulting in updates to the risk register and effective risk responses?

Five Things to Start and Five Things to Stop in Project Risk Management

Risk management gets a lot of fanfare, but many project managers fail to cash in on the benefits. Here are some simple and practical project risk management tips that can aid project managers in getting better results.

Five Things to Start

  • 1
    Start risk management early in your projects.
  • 2
    Start discussing the most significant risks each time you meet.
  • 3
    Start educating your team members on how to integrate risk management into other project management processes such as Schedule Management and Quality Management.
  • 4
    Start defining your Risk Management Plan during your Planning Process.
  • 5
    Start using a Risk Register to capture your risks.

“The first step in the risk management process is to acknowledge the reality of risk. Denial is a common tactic that substitutes deliberate ignorance for thoughtful planning.” —Charles Tremper

Five Things to Stop

  • 1
    Stop making risk management overly complex for smaller projects. Scale your risk management practices to fit the size and complexity of your project.
  • 2
    Stop making risk management a big deal early in your project and then forgetting about it later.
  • 3
    Stop thinking of risks as only threats. You may be missing some wonderful opportunities to improve your schedule, cost, and quality.
  • 4
    Stop spending time and responding to insignificant risks.
  • 5
    Stop owning all the risks. Identify appropriate risk owners.

5 Ways You May Unintentionally Create Schedule Risks

Do you feel uncertain about your project schedule? Does something see out of order but you just can’t put your finger on it. In this article, let’s look at five causes of schedule risks and ways to avoid or reduce these risks.

Many times, it starts with pressure from a sponsor to deliver the project early. For sure, project managers have a responsibility to work with their sponsors to understand the requirements and to complete the projects within the sponsor-imposed deadlines. Rather than wasting our time complaining about the deadlines, how can we work with our sponsors and team members to find solutions to schedule issues?

My friend Colin Gautrey has some wise advice on 8 Ways You Can Better Respond to Unrealistic Demands.

As we work to develop and compress our schedules, let’s be aware of the common causes of risk. We will be in a better position to manage the risks and deliver our projects on schedule.

5 Causes of Schedule Risk

  1. Crashing the schedule. It’s always been funny to me that the Project Management Body of We have too many cooks in the kitchenKnowledge uses the word “crashing” as a schedule compression technique. The term makes me think of an uninvited guest crashing a party, but with schedule management, the individuals are actually invited. Project managers use crashing to shorten the schedule for the least incremental cost by adding resources, typically to the critical path. It can be great. Just be aware that crashing may increase your risk. Too many cooks in the kitchen spoil the broth.
  2. Fast tracking. Here’s a technique to shorten the schedule by performing activities in parallel for at least a portion of their duration. For example, we might start work on a software design while the team is working on the requirements. Consequently, this technique may increase your risk and requires good communication and coordination; otherwise, it may be anything but fast.
  3. Assigning the wrong resources. You ask a manager for a resource for your project. In return, you get the person who is least busy, not the skilled resource you need. Rather, Susan, an experienced project manager describes specific skills needed and uses her influencing skills to persuade the manager, greatly improving her chance of securing the queen resource. What’s a project manager to do when resources are preassigned?
  4. Making sequence mistakes. John, an inexperienced project manager, failed to work with his team to sequence the project activities properly, resulting in issues which were discovered after the schedule was approved. As a result, John has learned to engage his team members when identifying and sequencing future project activities.
  5. Failure to baseline your schedules. The project manager and team did a great job in breaking down the project, identifying activities, and creating the project schedule. However, the project manager failed to get approval for the schedule. What happened? Yes, the schedule changed. The team did not have a baseline for comparison resulting in significant uncertainty about the health of the project. Like building a house without a plumb line, who knows if the walls are straight?

Question: What other ways have you seen project managers unintentionally create schedule risks?

How to Overcome 12 Common Requirement Mistakes

How often have you neared a project implementation date, only to find new requirements? Or perhaps your team said they had gathered the requirements, but in reality, the team had hastily rushed through the requirement process resulting in rework, missed deadlines, and another blown budget.

If you want to improve your chance for project success, focus on improving your requirement processes. You can’t overcome all the issues overnight, but here are a few things to consider.Continue reading

Why Project Managers Need Business Analysts for Project Success

project managers need business analystsThe Standish Group says three of the biggest factors that lead to failed and challenged projects are:

  1. Lack of user input
  2. Incomplete requirements
  3. Changing requirements

We should attack these threats with a vengeance. How can we do this? We add skilled requirements analysts to our teams.

When Do Project Managers Need a Business Analyst?

The role of the project manager is to achieve the project’s goals or objectives. Who performs the business analysis tasks for the projects? That depends.

For small projects, the project manager may assume many roles including but not be limited to:

  • Project manager
  • Requirements analyst
  • Tester
  • Facilitator and scribe
  • Trainer
  • Chief bottle washer (just kidding)

For larger projects, project managers must find ways to complete project tasks through others. They must not fall into the trap of doing everything themselves. Wise project managers recruit team members with the necessary skills and talents.Continue reading