This is a guest article by Elizabeth Harrin from GirlsGuideToPM.com.
Much of the time, risk management at the beginning of a project looks like getting the team in a room to review the whole project and work out what might be coming that could affect how the project proceeds.
The project manager writes up the discussion in the risk register along with what the team is going to do to avoid or amplify (in the case of positive risk) the risks. As the project progresses, more risks are identified, dutifully added and managed.
What’s happening here is that we’re looking at the work and impacts on the work. This approach to risk management is very task driven. We ask questions like:
These are all valid questions. But they miss one crucial area that massively affects everything on the project every day. Us. The project team.
Our skills, ability to work together as a team, or lack thereof, present the biggest chance of success for the project and also the biggest risk.
Here are some examples of how the people on your team make your project inherently more risky.
Why is project quality often neglected? Well, it's hard to manage things we don't understand. And quality seems to be an esoteric concept to many people. Therefore, let's define quality and discuss some practical ways to manage project quality.
1. Make quality management pragmatic. Many people do not invest appropriate effort towards quality because they do not understand it. The Project Management Institute defines quality as “conformance to requirements and fitness of use.” According to this definition, quality comes through clearly defining and meeting the requirements of the users and stakeholders.
Have you ever endured a project meeting where you spent hours evaluating risks? Afterward, team members walked down the hall saying, “What a waste of time! Now I can get back to the real work.” Today, let’s discuss the use of qualitative risk analysis to get you back on track.
What causes this frustration? First, the evaluation process may not fit the project – too complex for simple projects or deficient for large, complex projects. Second, the process may not fit the maturity level of the project team. Third, team members view the process as burdensome with little value.
Risk evaluation is the process to determine the significance of each risk. There are two ways to evaluate risks:
Watch this YouTube Video: Qualitative and Quantitative Risk Analysis: What’s the Difference?
Watch this YouTube Video: Two Simple Methods to Analyze Project Risks Qualitatively
You cannot respond to all risks, neither should you. Prioritization is a way to deal with competing demands. This aids in determining where you will spend your limited time and effort.
We evaluate in order:
If you say the word “risk” to ten people, each person may think of something different— insurance, threats, investments, bets, or potential loss. As we manage project teams, it's critical that you and your team members have a common understanding of what project risk means. Otherwise, people will be confused by your risk management efforts.
It is no wonder that there is so much confusion about the meaning of risk. Many credible sources provide conflicting definitions. The Merriam Webster dictionary defines risk as “the possibility of loss or injury: peril.”
Risk management standards, guides, and methodologies define risk in many different ways. Some include the possibility of positive risks or opportunities; others do not.
Risk - an uncertain event or condition that, if it occurs, has a positive or negative effect on one or more project objectives. —PMBOK 6th Edition
As projects start, project managers should work with the project sponsor and key stakeholders to clarify the project objectives or goals. Once the objectives are clear, share how risk management can help to achieve the objectives. Furthermore, provide concrete examples that are relevant to the project at hand.
Next, agree on a definition for project risk. I suggest the risk definition from the Project Management Institute’s Project Management Body of Knowledge (PMBOK).
So, here is the PMBOK definition of risk - an uncertain event or condition that, if it occurs, has a positive or negative effect on one or more project objectives (such as scope, schedule, cost, and quality). Let’s break down this definition of risk:
Some people argue that including positive effects in the definition creates confusion. If you decide to leave out the positive effects in the definition, consider how you and your team can identify and seize significant opportunities.
The important thing is to discuss and get agreement with your team about how to define risk. Include the definition in your Risk Management Plan. Clear communication will position your team for greater achievement.
Project managers constantly think about risks, both threats and opportunities. What if the requirements are late? What if the testing environment becomes unstable? How can we exploit the design skills of our developers? Let’s consider a simple but powerful tool to capture and manage your risks—the Risk Register.
The Risk Register is simply a list of risk-related information including but not limited to:
The Risk Register may be created in a spreadsheet, database, risk management tool, SharePoint, or a project management information system. Make sure that the Risk Register is visible and easy to access by your project team members.
The initial risk information is entered when identifying risks in the planning process. For example, project managers may capture initial risks while developing the communications plan or the project schedule. The initial risk information may include the risks, causes, triggers, categories, potential risk owners, and potential risk responses.
As you evaluate your risk in the planning process, you should assign risk ratings for probability and impact and calculate the risk scores.
Next, validate risk owners and have risk owners complete response plans.
Lastly, review and update your risks during your team meetings. Add emerging risks. Other reasons for updating the risk register include change requests, project re-planning, or project recovery.
Risk Register Template
The best-laid plans of mice and men oft go astray. Why? Individuals, teams, and organizations lack the healthy habits of identifying and managing the uncertainty that surrounds their world. Today, let's look at a step-by-step process to improve your strategic planning, analysis, and alignment with a particular focus on risk management.
What I found over the years is the most important thing is for a team to come together over a compelling vision, a comprehensive strategy for achieving that vision, and then a relentless implementation plan. —Alan Mulally
Strategic risk management is a process for identifying, analyzing, and managing risks most critical to the achievement of your goals. While many individuals, groups, or organizations perform risk management informally, a more structured approach has its benefits. For instance, strategic risk management can help you invest your precious time, money, resources and energy where it counts most.
PMI Talent Triangle
The Project Management Institute says, "The ideal skill set (for a project manager) is a combination of technical, leadership, and strategic and business management expertise." —PMI Talent Triangle
Organizations are looking for project managers who can manage projects. Additionally, they want individuals who can help define the organization's strategies and ensure that the projects are aligned with the enterprise goals.
During the project initiation process, a project charter should be completed. The project goals should align and support the achievement of the enterprise goals. Furthermore, the Project Steering Committee can help by defining and using project selection criteria to approve projects that fit the criteria, ensuring better alignment to the organization's goals.
Want to know more? Check out my online course: The What, Why, & How of Powerful Project Charters.
Strategic risk management may be applied to enterprise, portfolio, program, and project levels of an organization.
So, here is a step-by-step process to help you improve your strategic planning, analysis, and alignment.
In the broadest sense, strategic risk management starts at an enterprise level. Even if your organization does not have an Enterprise Risk Management (ERM) Program, you can apply this process to improve your portfolio and program risk management. Lastly, if you only manage projects, consider this process as the context for your projects. Do you understand how your projects align with the organizational vision, mission, values, and goals?
You may be thinking—interesting article. But I want you to be more than interested. I challenge you to take action, particularly if you are an enterprise, portfolio, or program manager. Develop your strategic plan, identify your risks, and start managing those risks. Most importantly, add value by keeping your eye on the achievement of your goals.
Occasionally, someone will ask me for risk management tips. I think my first answer surprises individuals—write clear goals. Yes, good risk management always starts with clear goals. In today's article, I will give you a simple method to write clear goals every time.
The Crow and the Pitcher is one of Aesop’s Fables. In the story, a thirsty crow discovers a pitcher with water at the bottom, beyond the reach of its beak. The crow did not have sufficient strength to push the pitcher over. He took a different approach. The bird dropped pebbles one by one in the pitcher until the water level rose to the top of the pitcher, allowing the crow to drink.
The crow had a clear goal. Though there were obstacles, the crow creatively solved the problem and achieved his goal. In risk management, we ask ourselves—what may help or hinder our ability to achieve our goals.
“A winner is someone who recognizes his God-given talents, works his tail off to develop them into skills, and uses those skills to accomplish his goals.” -Larry Byrd
Allow me to provide a simple but powerful formula for writing goals. What I am about to share will work for personal goals, enterprise goals, department goals, team goals, or any goal. Furthermore, it works for long-term goals, intermediate-term goals, and short-term goals.
Using this goal formula, you will write specific, measurable goals every time. You will find writing goals easier. Let's start with the formula.
Verb -> Focus -> Target -> Deadline
Example: Increase new members 5% by December 31, 20xx.
Writing goals is an iterative process. Zig Ziglar said, "Don't become a wandering generality. Be a meaningful specific." Write your goals again and again, each time refining and clarifying your thoughts. Revisit them regularly to monitor your progress.
Do you find yourself working overtime, trying to deal with unexpected disruptions? Some negative events that you thought might happen has now occurred. And it's costing you more time and energy than you thought possible. Overwhelmed? Well, let's talk about project risks and issues, the differences, and why it's so important to manage risks.
The Project Management Body of Knowledge (PMBOK) defines risk as, “An uncertain event or condition that, if it occurs, has a positive or negative effect on one or more project objectives.”
Let's examine a risk statement and underscore some key attributes of risks. Here's a risk statement:
Because the project team failed to review the requirements with the users, the project team may not meet the user's needs, resulting in unsatisfied users.
Notice the risk: project team may not meet the user's needs. Think of risk as events or conditions that might happen in the future.
So, how does an issue differ from a risk? Where a risk might happen, an issue has happened. When a threat occurs, it becomes an issue or problem. By the way, when an opportunity occurs, it becomes a benefit.
Are we splitting hairs? The distinction between risks and issues matters for a few reasons.
Risk vs. Issue Debate
Some project managers and risk managers are not convinced that the differentiation between risk and issue adds any value. Even though the risk has occurred (i.e. it is now an issue in terms of the differentiation) there is still uncertainty regarding the impact and the objectives that will be impacted.
While we are on this topic, let's clarify two other terms—assumptions and constraints.
Have you ever conducted a project brainstorming session and found yourself drowning in a cloud of ideas? Not a bad thing, but how can we make sense of the ideas? Well, let's see how to create a project affinity map to sort your ideas. As a bonus, we'll also look at Dot Voting, a simple and quick way to prioritize your ideas.
An affinity map is a tool that can be used to organize ideas into groups based on their natural relationships. The ideas commonly come from a brainstorming session. So, how do project managers actually use this tool?
For instance, a project manager may ask a project team to identify reasons why a project is behind schedule. Imagine that the team identifies fifteen reasons. Next, the project manager asks the team to sort the ideas into groups. The team discovers that the reasons fall into the following groups: processes, people, product, and technology. This is a great way to create a Cause and Effect Diagram.
There are countless ways to use a project affinity map after brainstorming. Here are some examples. Identify and sort:
So, what steps do we take to create an affinity diagram? Let's walk through the process.
When you complete the exercise, the team should have a deeper and more comprehensive understanding of the issues. Sometimes the team may need additional help to identify the most significant items. Let’s look at another simple tool to prioritize the items.
Cling On Sheets
Have you ever used Cling On Sheets? They work like a whiteboard, but the nice thing is that you can put them anywhere on a dry wall and then move them as needed. After my brainstorming sessions, I take them back to my desk so I can complete my documentation and minutes.
The Affinity Map and Dot Voting provide a powerful one-two punch. You and your team will be able to sort and prioritize the ideas in a quick and organized manner. Give it a try!
Someone decided that it was a good idea to bring project management into your organization. Perhaps it was your CEO or operations manager or IT Director. But for some reason, it never took off. Project management has not been supported by your culture. Let's look at how to get things in flight with a project steering committee.
Start with an evaluation. Here are some questions to aid you in discovering the deeper issues. Interview your stakeholders to get their feedback.
Sometimes, the person responsible for project management (e.g., PMO Director or Project Services Manager) fails to involve stakeholders in evaluating project management. This person makes changes in project management with little to no input from the people being impacted. A better approach is to get regular feedback through a Project Steering Committee.
The purpose of the committee is to improve process and results. The Steering Committee determines the required changes, how much change is needed, and how fast changes need to occur.
It is best if an influential senior member of your organization sponsors the committee. The sponsor helps to establish the vision and ensures the commitment of resources. But this person doesn’t have to manage the committee.
The Steering Committee may be managed by the person responsible for project management, a person with the proper credentials and experience. The team should include representatives from different areas such as IT, project management, and business operations. Ideally, team members have had project management training and have project experience.
An optimal team size is six to eight people. Team members should serve no longer than a year. You may wish to implement a staggered rotation where you add a couple of new team members and drop a couple of team members periodically.
The Steering Committee may meet as often as desired—for example, monthly, quarterly, or twice per year.
How should the team approach the evaluation and improvement? Determine the problems and define a plan for improvement.
Try executing the changes for one of your projects to test the improvements.
Once the team has executed and tested the improvement plan, the team should report their findings to the Steering Committee. The team should recommend one of the following:
Implementing project management in an organization is not an easy task. Why? Because people are resistant to change, particularly when individuals do not understand the reason for the changes. Be patient. Listen carefully. Evolve at a healthy pace, not too fast and not too slow. Your Steering Committee can provide the feedback necessary to guide your pace and maturation.