Category Archives for 4=Control

Evaluating Project Schedules Utilizing Quantitative Risk Analysis

picture of calendarDo you remember the first time you missed a project deadline? I do. I recall the embarrassment for me and my team. I promised myself I would take proactive steps to mitigate this outcome for future projects including the use of quantitative risk analysis.

Why do projects take longer than expected? Often times, risks occur and project managers lack adequate schedule reserves.

Once burned, many project managers start a bad habit – padding their project schedules. If a project is estimated at 120 days, the project manager may add a 10% pad, an additional 12 days. The project manager estimates the project duration to be 132 days.

Padding is a quick and dirty method. It provides reserves, but let’s look at a better way to estimate reserves.

Continue reading

Evaluating Risks Using Quantitative Risk Analysis

Project managers should be prepared to perform different types of risk analysis. For many projects, the quicker qualitative risk analysis is all you need. But there are occasions when you will benefit from a quantitative risk analysis.

Let’s take a look at this type of analysis: What is it? Why should we perform it? And when should it be performed?

Quantitative Risk Analysis Bar Chart

What is Quantitative Risk Analysis?

Qualitative risk analysis is a numeric estimate of the overall effect of risk on the project objectives such as cost and schedule objectives. The results provide insight into the likelihood of project success and is used to develop contingency reserves. 

Continue reading

30 Quick Risk Evaluation Tips

genius evaluating risksWinston Churchill said, “True genius resides in the capacity for evaluation of uncertain, hazardous, and conflicting information.” In this article, I share 30 risk evaluation tips to help you tap into your genius. Enjoy!

  1. One of the top reasons for evaluating risks is to determine which risks are most significant.
  2. Always perform the qualitative risk assessment. The assessment is quick, but keep in mind –it’s also subjective.
  3. Determine if organizational assets such as a risk register template and probability/impact rating scale are available to jump-start your evaluation.
  4. Be sure to update the risk register each time you evaluate your risks.
  5. When evaluating each risk, consider the causal factors, the risk itself or uncertainty, and the impacts.
  6. Probability is the likelihood that a risk may occur.
  7. Impact is the effect or consequence on the project if the risk occurs.
  8. Multiply probability and impact to calculate a risk score (e.g., 4 x 5 = 20).
  9. Be sure to define your rating scales for probability and impact.
  10. Concerned with the velocity (e.g., time-to-impact) of your risks? Consider rating velocity along with probability and impact. Here is an example of how you can calculate a risk score using velocity: Risk Score = (Probability + Velocity) x Impact.
  11. Improve the quality of your risk information through interviews and workshops before evaluating your risks.
  12. There may be multiple causal factors for a single risk.
  13. There may be multiple impacts for a single risk.
  14. Some root causes are common to multiple risks. Responding to these root causes often provide high leverage.
  15. Look out for the high power/high influence stakeholders who wish to bias risk ratings for their own benefit.
  16. Beware – some individuals may be biased in their assessments because they lack an understanding of the risks. Educate stakeholders on the risks.
  17. Perform an assumption analysis before evaluating your risks.
  18. Not all bias is bad. For example, if the sponsor says that the budget is the most important priority, consider this factor in your ratings.
  19. Things change. Therefore, conduct periodic risk reviews.
  20. Consider evaluating your risks again when there are significant changes in the project or when you hit project milestones.
  21. Lots of small risks can create a large cumulative risk exposure.
  22. When multiple activities converge into a successor activity, the risk for the successor activity is greatly increased.
  23. Sum the individual risk scores to calculate the total project risk score. You may divide the project risk score by the number of risks to calculate the average risk score.
  24. Risks that may occur later in a project should be considered as a higher risk than the risks that may occur early in the project. Why? There is less response time, greater uncertainty, and greater impact.
  25. The same risk may occur multiple times in the same project. Should you use the same risk response? Yes, if the response plan is working. Look for ways to tweak the response for a one-two punch.
  26. Want a way to analyze risks at a higher level than the individual risks? Group risks by category (e.g., time, cost, scope, and quality). Sum and compare risk scores by category. How have the risk exposures in the categories changed from one risk review to the next risk review? Why did the exposures change?
  27. Determine high-priority risks. Define a risk threshold (e.g., risks with a risk score of X or higher).
  28. Be sure to involve appropriate stakeholders in the evaluation of your risks.
  29. Right size your risk evaluation process.
  30. Perform quantitative risk assessments when more detailed information is required for project decisions. Quantitative risk analysis is not always mandatory.

How to Actually Perform a Qualitative Risk Analysis Mini-Course. I’ve developed this course to help you quickly review the concepts of qualitative risk analysis. Click here to enroll!

How to Evaluate Risk Velocity

Life is filled with risks. Some risks occur slowly. Others strike with little warning. Let’s look at how to evaluate risk velocity and why it matters.

What is Risk Velocity?

Risk velocity is the time to impact. Think of velocity as an estimate of the time frame within which a risk may occur.

Why Risk Velocity Matters

When the velocity is low, we have more time to respond to the risks. For a threat, we may take steps to reduce the probability and impact. The risk owner has time to develop a contingency plan (i.e., a plan we will execute if the risk occurs) and a fallback plan (i.e., a plan we will execute if the contingency plan fails).

If the velocity is very high, threats strike quickly. Thus, these risks are more likely to become issues, costing more time and money. Here are some causal factors for high-velocity risks:

  • Sponsor notifies you that two critical team members need to be transitioned to another project within two weeks
  • The servers that you ordered for your test region are going to be two to three weeks late
  • Wildfires are emerging into the area of your offices

Imagine that two risks have a risk score of 20 on a scale of 25. But Risk A will likely to occur in a two to three weeks where Risk B will take at least six months. Which risk merits your attention most? See the difference?Continue reading

How to Reduce Risk Evaluation Bias

We all have biases; many are helpful. In projects, we have biases towards successful projects and motivated teams. If a project sponsor says that schedule is the top priority, the project team has a bias towards meeting the schedule.

However, some biases are harmful. Stakeholders may attempt to sway project decisions in unfair ways. These biases undermine the health of the project and breed distrust.

Let’s look at different types of biases and ways to reduce bias in the risk evaluations. These steps will help ensure the right decisions are made for the right reasons.

What are the Motives and Perception?

Stakeholders may exhibit different types of bias. PMI’s Practice Standard for Project Risk Management explains motivational bias is “where someone is trying to bias the result in one direction or another.” Cognitive biases occur as people make inferences in an illogical fashion. Cognitive biases are based on people’s perceptions.

How to Manage Bias

  1. Uncloak the bias. Project managers should watch and listen for bias. Expose the bias in one-on-one meetings or team meetings, whichever is most appropriate. Be careful – do not judge or challenge too quickly. Be slow to speak. Listen. Seek to understand.

  2. Have open conversations. When a bias is not understood, the project manager should dig deeper. If the bias is based on the wrong perceptions, provide the facts. If the bias is ill intended, ask non-threatening questions that allow the individual to understand how the bias may negatively affect the project.

  3. Reduce the subjectivity. Project managers use qualitative methods to evaluate risks quickly. Some project managers fail to understand that they may be creating greater bias. Let’s look for ways to reduce the subjectivity while keeping the convenience and speed of the qualitative methods.

How to Reduce Bias When Evaluating Risks

For small projects, I use a KISS (Keep It Super Simple) Method for qualitative risk assessments. This one-dimensional technique involves rating risks as:

  • Very Low
  • Low
  • Medium
  • High
  • Very High

While the KISS Method is a simple and quick way to prioritize risks, it is also subjective and open to greater bias. When I use this method, I focus on open and honest conversations about the ratings.

A more common qualitative method is the two-dimensional Probability/Impact matrix. With this method, we rate probability and impact on a scale such as 1 to 10, with 10 being the highest. This method provides a more in-depth analysis of risks as compared to the KISS Method. However, a scale of 1-10 is still highly subjective.

How can we reduce the subjectivity?

The first step is to define qualitative terms (e.g., Low – Very High) for the ratings. Here is an example:


Another step is to define ranges for the scale (e.g., 0-5% for Low). Defining the scale reduces subjectivity and drives greater consistency in the ratings.


If the probability or likelihood of a risk is approximately 15%, we assign a probability rating of 5. If the potential impact on the budget or schedule is 55%, we assign an impact rating of 9. The resulting risk score would be 45 (i.e., 5 x 9 = 45).

If stakeholders need objectivity, perform a quantitative risk analysis. Quantitative risk analysis takes more time than qualitative risk analysis. However, this method provides objective information and data for business decisions.

Read: How to Actually Perform a Qualitative Risk Analysis>>


7 Ways to Identify Risks

Successful project managers have a common trait – they identify and manage risks. Let's look at seven tools and techniques to identify risks.

Often project managers start with a splash. They get the team together, identify lots of risks, and enter them into an Excel spreadsheet. However, the risks are never discussed again.

What happens when project managers and their team fail to identify risks in an iterative fashion? Teams spend their time and energy on things that do not matter. Risks are not identified and turn into more costly issues. Furthermore, project teams are not aware of emerging killer risks.

When to Identify Risks

The risk exposure is greatest at the beginning of projects. The uncertainty is high because there is less information in the beginning of projects. Wise project managers start identifying risks early in their projects. Capture these risks in your project charter.

Want to know how to improve your risk identification? Identify risks:

  • Early in the project
  • In an iterative manner
  • On a consistent frequency such as weekly
  • When change control is performed
  • When major milestones are reached
Continue reading

How to Improve Results With Better Risk Statements

Vague risk statements lead to poor risk response planning. When organizations or project teams fail to respond to significant risks (i.e., threats and opportunities), these groups fail to achieve their goals and reach their potential. Risk management starts with identifying risks and writing clear risk statements.

man writing better risk statements

Why do people define risks poorly? I am convinced that most people simply don’t know how. Allow me to share some simple tips that can improve your ability to write clear risk statements.

Test Your Risk Statements

When I ask someone to identify a risk, individuals often respond with something  like “there is a conflict between two executive sponsors” or “the estimates are incorrect” or “we are experiencing system outages.” But these are facts or conditions that are true, not statements of uncertainty. In other words, these are causes that give rise to uncertain events or conditions.Continue reading

How to Identify and Manage Secondary Risks

Have you ever tried to address an issue and created a different problem?

A response to risk can create other risks. These secondary risks may be more significant than the primary risks if we are not careful.

Secondary Risks

Photo courtesy of Adobe Stock (edited in Canva)

One of the Pink Panther cartoon episodes pits the Pink Panther against a mouse in his house. The mouse was driving the Pink Panther crazy; he had to find a way to eliminate this problem.

The Pink Panther, dressed in a catsuit, chased the mouse out of the house and down the street. The neighborhood dogs pursued the “cat.” The Pink Panther ran for his life but was torn to shreds.

What is a secondary risk?

A secondary risk is a risk that is created by a response to another risk.Continue reading

7 Things You Ought to Know About Identifying Risks

Every project manager deals with risks. We all face significant uncertainty. Allow me to share seven things you ought to know about identifying risks.

Project managers must address unrealistic time frames where failure seems unavoidable, scope creep, ambiguous requirements, delays from third parties, and the lack of required skills, to name a few.

man stopping dominoes from falling

How do we manage risks and the causal factors?

Risk management begins with the practice of identifying risks. In this process, we consider future events or conditions that may impact our ability to achieve our goals. Risk identification includes figuring out where, when, how, and why such events may occur.

Not sure how to get the most value from risk identification? Well, here are answers to common questions. If you understand these basic principles, you have the foundation for an effective and efficient risk identification process.

[Tweet “Risks cannot be managed if they are not first identified. -Harry Hall”]Continue reading

15 Awesome Ways to Manage Your Project Stakeholders

Projects can be engaging and even enjoyable, or it can be a source of aggravation and stress. If you put some care and time into identifying, analyzing, and managing your project stakeholders, you’ll have a better project experience and improve your chance of success.

picture of team working together

Remember what Charles Schulz said through the character of Linus: “I love mankind…it’s people I can’t stand!!” Schulz is saying that he loves mankind. But the problem is that individuals have flaws that can make life difficult.

One of the most critical elements of project management is developing relationships with key stakeholders—individuals, groups, and organizations. It is through these relationships that we can better define and control scope, understand requirements, mitigate risks, and improve project processes. One of the top reasons that projects succeed is stakeholder involvement.Continue reading