Some project managers make a big fuss over risk management. And others use lots of acronyms and big words to impress people. But at the end of the day, all that really matters is getting results.
For eighteen years, I worked for a property and casualty insurance company. Each year, our senior management team would meet with a credit rating agency to share our goals, strategies, and progress. The presentation included what we were doing for enterprise risk management.
One year, the rating analyst said that insurance companies can talk a good game. Companies may regularly identify, analyze, and respond to risks. And yet, some of these companies were floundering.
Then the analyst said, “All that really matters is that you are getting results.”
Project managers may be guilty of talking a good game too. We have a risk management plan. We perform all the risk management processes, but for some reason, we may fail to get the desired results.
So, let’s review the risk management processes and see how we can improve the results.
Project Risk Management Processes
1. Plan Risk Management
When planning for projects, project managers develop a risk management plan, an approach to how they will identify, evaluate, respond to, and control risks.
What may be limiting your results? First, the plan may not fit the project. Tailor the plan for each project. Your risk management plan for a small project may be a single page. Scale up for larger projects.
Second, some project managers fail to engage their project teams when developing the plan. Share your thoughts with your team and ask for their feedback. You’ll develop a better plan and increase buy-in.
2. Identify Risks
Project managers use a variety of risk identification techniques such as brainstorming, cause and effect diagrams, surveys, affinity diagrams, and risk lists.
What may reduce your actual results? Are you using only one risk management technique. Consider using a couple of risk identification techniques. For example, you might conduct an early risk survey with your stakeholders and follow up with the review of a risk list with your project team.
3. Evaluate Risks
Wise project managers understand that they cannot (nor should they try to) address every risk. There will always to be some uncertainty and residual risk in your projects and that’s okay. But we should respond to the most significant risks.
How do we know which risks matter? Start with a quick and easy qualitative risk analysis. In a spreadsheet, you can rate the probability and impact of each risk on a scale of 1 to 5 with 5 being the highest. Multiply the probability times the impact to get a risk score (e.g., 4 x 5 = 20). Lastly sort your risks in descending order by the risk score, resulting in the highest risks at the top of your list.
Only perform the quantitative risk analysis when additional detailed information is needed to make project decisions. You can use a technique such as the expected monetary value (EMV) to quantify the risk exposure for your top risks.
4. Respond to Risks
Individuals may make the mistake of haphazardly reacting to risks rather than planning risk responses and executing those responses in a disciplined and controlled manner.
If possible, identify risk owners—individuals who have the knowledge and skills to develop risk response plans. These people can develop response plans, monitor their assigned risks, and respond when necessary.
5. Monitor Risks
Some project managers fail to monitor their risks. New threats emerge without notice; new opportunities slip by. Like a boat with a bad leak, water is seeping in faster than we can bail it out.
Successful project managers develop the habit of performing risk reviews. Periodically discuss your project risks with your team and update your risk register accordingly. Focus on whether you are actually getting the results you want.
Are You Getting Results?
If you were evaluated based on results, how would you score–poor, fair, good, or excellent? Are you consistently achieving the project objectives? If not, how should you change your approach?