This is a guest article by Dana Brownlee from professionalismmatters.com.

One of the most common questions I get when speaking to groups is “How do you deliver a difficult message to/push back on senior leaders – particularly the difficult ones?” I certainly understand the popularity of the question because that’s a sticky situation for sure. While project managers and others often find themselves in opposition to the boss’ ideas, recommendations, or preferred course of action, telling the boss they have an “ugly baby” is a different story.

One of my favorite suggestions for this unenviable predicament is using risk analysis. Indeed, I think risk analysis can be the secret weapon of managing up! Why? Because risk analysis provides an opportunity for you to focus the discussion on the objective (often quantifiable) facts and away from the more emotional opinions.

In my book The Unwritten Rules of Managing Up: Project Management Techniques from the Trenches I discuss the importance of using risk analysis to make your case for a particular point of view. Consider the following example…

Most of us have personal and career goals. Our ability to achieve those goals is dependent on our risk management skills, that is our ability to manage opportunities and threats. We seek to make good things happen and to eliminate or reduce the bad things.

Through the years, I have captured my favorite quotes related to the art and science of risk management. I hope you enjoy the insights as well as the humor.

1. "The greatest glory in living lies not in never falling but in rising every time we fall." —NELSON MANDELA, SOUTH AFRICAN STATESMAN

2. "Nothing can stop the man with the right mental attitude from achieving his goal; nothing on earth can help the man with the wrong mental attitude." —THOMAS JEFFERSON, U.S. PRESIDENT

3. “People with goals succeed because they know where they are going.” —EARL NIGHTINGALE, MOTIVATIONAL SPEAKER AND AUTHOR

4. “A winner is someone who recognizes his God-given talents, works his tail off to develop them into skills, and uses those skills to accomplish his goals.” —LARRY BIRD, NBA PLAYER AND COACH

5. "The world is getting to be such a dangerous place, a man is lucky to get out of it alive." —W.C. FIELDS, COMEDIAN AND MOVIE STAR

6. “There is a myth that people hate change. Not true! What scares them isn’t change, it’s uncertainty. They worry about whether the changes are good or bad. People love change when it involves pleasant surprises. What they fear are the unpleasant ones.” —ALAN MULALLY, CEO OF FORD MOTOR COMPANY

7. “Character may be manifested in the great moments, but it is made in the small ones.” —WINSTON CHURCHILL, PRIME MINISTER OF THE UNITED KINGDOM

8. “The only limit to our realization of tomorrow will be our doubts of today. Let us move forward with strong and active faith.” —FRANKLIN DELANO ROOSEVELT, U.S. PRESIDENT

9. "A good plan, violently executed now, is better than a perfect plan next week." —GEORGE S. PATTON, GENERAL IN THE U.S. ARMY

10. “The man who comes up with a means for doing or producing almost anything better, faster, or more economically has his future and his fortune at his fingertips.” —J. PAUL GETTY, ANGLO-AMERICAN INDUSTRIALIST

This is a guest article by Elizabeth Harrin from GirlsGuideToPM.com.

Much of the time, risk management at the beginning of a project looks like getting the team in a room to review the whole project and work out what might be coming that could affect how the project proceeds.

The project manager writes up the discussion in the risk register along with what the team is going to do to avoid or amplify (in the case of positive risk) the risks. As the project progresses, more risks are identified, dutifully added and managed.

What’s happening here is that we’re looking at the work and impacts on the work. This approach to risk management is very task driven. We ask questions like:

• What might prevent us from hitting that milestone on time?
• What might mean we need to ask for a budget increase during this phase?
• What quality problems might we come across that would give the client an issue?
• Who might be a difficult stakeholder on the project?

These are all valid questions. But they miss one crucial area that massively affects everything on the project every day. Us. The project team.

Our skills, ability to work together as a team, or lack thereof, present the biggest chance of success for the project and also the biggest risk.

Here are some examples of how the people on your team make your project inherently more risky.

Why is project quality often neglected? Well, it's hard to manage things we don't understand. And quality seems to be an esoteric concept to many people. Therefore, let's define quality and discuss some practical ways to manage project quality.

Quality Management Tips

1. Make quality management pragmatic. Many people do not invest appropriate effort towards quality because they do not understand it. The Project Management Institute defines quality as “conformance to requirements and fitness of use.” According to this definition, quality comes through clearly defining and meeting the requirements of the users and stakeholders.

If you say the word “risk” to ten people, each person may think of something different— insurance, threats, investments, bets, or potential loss. As we manage project teams, it's critical that you and your team members have a common understanding of what project risk means. Otherwise, people will be confused by your risk management efforts.

It is no wonder that there is so much confusion about the meaning of risk. Many credible sources provide conflicting definitions. The Merriam Webster dictionary defines risk as “the possibility of loss or injury: peril.”

Risk management standards, guides, and methodologies define risk in many different ways. Some include the possibility of positive risks or opportunities; others do not.

As projects start, project managers should work with the project sponsor and key stakeholders to clarify the project objectives or goals. Once the objectives are clear, share how risk management can help to achieve the objectives. Furthermore, provide concrete examples that are relevant to the project at hand.

Next, agree on a definition for project risk. I suggest the risk definition from the Project Management Institute’s Project Management Body of Knowledge (PMBOK).

So, here is the PMBOK definition of risk - an uncertain event or condition that, if it occurs, has a positive or negative effect on one or more project objectives (such as scope, schedule, cost, and quality). Let’s break down this definition of risk:

• Positive effect. When I share the PMBOK’s definition of risk, I ask if anything seems strange about the definition. Many people say it seems odd that risk can have a positive effect. I provide examples of how “opportunities” or up-side risks can help achieve the project objectives.

• Negative effect. I do not normally have to spend much time on the negative effect. This is how most people think of risk. I introduce the term “threat” for the downside risks.
• Project objectives. To bring value to the risk management processes, keep your teams focused on project objectives such as scope, schedule, cost, and quality. The heart of risk management is helping your sponsor and team to achieve their objectives.
• Minimizing the use of the term risk. Because the term “risk” is often misunderstood, I use the terms threats and opportunities more often. If I am leading an exercise to identify risks, I will ask the participants to identify threats or potential problems first. Then I ask the participants to identify opportunities or potential benefits to the project.

Some people argue that including positive effects in the definition creates confusion. If you decide to leave out the positive effects in the definition, consider how you and your team can identify and seize significant opportunities.

The important thing is to discuss and get agreement with your team about how to define risk. Include the definition in your Risk Management Plan. Clear communication will position your team for greater achievement.

The best-laid plans of mice and men oft go astray. Why? Individuals, teams, and organizations lack the healthy habits of identifying and managing the uncertainty that surrounds their world. Today, let's look at a step-by-step process to improve your strategic planning, analysis, and alignment with a particular focus on risk management.

Strategic risk management is a process for identifying, analyzing, and managing risks most critical to the achievement of your goals. While many individuals, groups, or organizations perform risk management informally, a more structured approach has its benefits. For instance, strategic risk management can help you invest your precious time, money, resources and energy where it counts most.

Strategic risk management may be applied to enterprise, portfolio, program, and project levels of an organization. 

So, here is a step-by-step process to help you improve your strategic planning, analysis, and alignment.

In the broadest sense, strategic risk management starts at an enterprise level. Even if your organization does not have an Enterprise Risk Management (ERM) Program, you can apply this process to improve your portfolio and program risk management. Lastly, if you only manage projects, consider this process as the context for your projects. Do you understand how your projects align with the organizational vision, mission, values, and goals?

1. Define the Vision, Mission, and Values. What is your preferred future? What is the purpose of your organization? What do you value?
2. Define Long-Term Goals. What are the long-term goals (typically 3 year goals) to support the mission? These goals will likely be broader than your annual goals.
3. Define Annual Key Performance Indicators (KPIs). What will you measure? For example, you may have a KPI for profit or expenses. What is the target for the KPI? How do you calculate the KPI?
4. Define Annual Goals. Using the KPIs, we can define specific, measurable goals. For example: “To increase profit by 5% over the prior year by 12/31/XX.” Cascade the goals. Lower level goals should align and support higher level goals. For example, you may have a hierarchy like this:
   • Corporate Goals (i.e. Enterprise Goals)
     • Business Goals (i.e. Business Unit or Division Goals)
       • Functional Goals (i.e. Department Goals)
         • Team Goals (i.e. Project Goals)
5. Define Strategy. How will you get from your present state to the desired future state? Strategies may include action plans, projects, and programs.
6. Identify Risks. Here is where risk management comes into play. What are the opportunities and threats for each goal? Who are the risk owners?
7. Analyze Risks. What is the priority of the risks? Which risks matter most? At a minimum, complete a Qualitative Risk Analysis to prioritize the risks. In some cases, you may wish to complete a Quantitative Risk Analysis.
8. Plan Risk Responses. Develop the risk response plans for the highest risks.
9. Build a Scorecard. Develop a scorecard where actual results are reported for each of the goals. Determine the frequency of reporting (e.g., monthly, quarterly, bi-annual, annual).
10. Monitor Risks. Periodically review the risks. Update assessments and response plans as needed.

You may be thinking—interesting article. But I want you to be more than interested. I challenge you to take action, particularly if you are an enterprise, portfolio, or program manager. Develop your strategic plan, identify your risks, and start managing those risks. Most importantly, add value by keeping your eye on the achievement of your goals.

Occasionally, someone will ask me for risk management tips. I think my first answer surprises individuals—write clear goals. Yes, good risk management always starts with clear goals. In today's article, I will give you a simple method to write clear goals every time.

The Crow and the Pitcher is one of Aesop’s Fables. In the story, a thirsty crow discovers a pitcher with water at the bottom, beyond the reach of its beak. The crow did not have sufficient strength to push the pitcher over. He took a different approach. The bird dropped pebbles one by one in the pitcher until the water level rose to the top of the pitcher, allowing the crow to drink.

The crow had a clear goal. Though there were obstacles, the crow creatively solved the problem and achieved his goal. In risk management, we ask ourselves—what may help or hinder our ability to achieve our goals.

Allow me to provide a simple but powerful formula for writing goals. What I am about to share will work for personal goals, enterprise goals, department goals, team goals, or any goal. Furthermore, it works for long-term goals, intermediate-term goals, and short-term goals.

Using this goal formula, you will write specific, measurable goals every time. You will find writing goals easier. Let's start with the formula.

Verb -> Focus -> Target -> Deadline

Example: Increase new members 5% by December 31, 20xx.

1. Verb. I typically start goals with a verb such as increase, decrease, maintain, or have. (I use verbs like implement, develop, establish, utilize, or revise for strategies, broad statements of direction.)
2. Focus. What is the focus of the goal? The focus of the example above is "new members."
3. Target. The target specifies the measure. The target may be a specific amount, range, or percentage.
4. Deadline. The deadline makes the goal time-based. A goal without a deadline is simply a wish.

Writing goals is an iterative process. Zig Ziglar said, "Don't become a wandering generality. Be a meaningful specific." Write your goals again and again, each time refining and clarifying your thoughts. Revisit them regularly to monitor your progress.

Do you find yourself working overtime, trying to deal with unexpected disruptions? Some negative events that you thought might happen has now occurred. And it's costing you more time and energy than you thought possible. Overwhelmed? Well, let's talk about project risks and issues, the differences, and why it's so important to manage risks.

The Project Management Body of Knowledge (PMBOK) defines risk as, “An uncertain event or condition that, if it occurs, has a positive or negative effect on one or more project objectives.” 

Let's examine a risk statement and underscore some key attributes of risks. Here's a risk statement:

Because the project team failed to review the requirements with the users, the project team may not meet the user's needs, resulting in unsatisfied users.

• Cause: Failure to review and validate the requirements
• Risk: Project team may not meet the user's needs
• Impact: Users will not be satisfied with the product

Notice the risk: project team may not meet the user's needs. Think of risk as events or conditions that might happen in the future.

Are we splitting hairs? The distinction between risks and issues matters for a few reasons.

• Proactive Management Saves Time. “An ounce of prevention is worth a pound of cure.” Project managers should manage risks proactively. Project managers can save valuable time through prevention. As often noted, Project managers can eliminate up to 90% of threats through risk management.
• Measure of Management Effectiveness. If a project manager is experiencing lots of issues, it may be a sign that the project manager has not been managing the project effectively. 
• Different Type Response. Issues require a different response than threats. Project managers respond to threats with different strategies: avoid, mitigate, accept, or transfer. Issues require corrective action to bring the performance of the project in alignment with the project management plan. 

While we are on this topic, let's clarify two other terms—assumptions and constraints.

• Assumptions. Assumptions are “a factor in the planning process that is considered to be true, real, or certain, without proof or demonstration” according to the Project Management Body of Knowledge. Assumptions may be a source of risks. Be sure to perform an assumption analysis periodically to validate assumptions.
• Constraints. A constraint is “a limiting factor that affects the execution of a project, program, portfolio, or process.” Constraints such as a budget or schedule constraints are factual. The project manager must continually consider these defined limits when managing risks, particularly when planning risk responses.