Many project managers do a great job of identifying risks. Some even evaluate risks and develop response plans. However, project managers get busy as their projects progress and fail to monitor their risks, resulting in challenged or failed projects. Here are some key factors that you should know about monitoring project risks (previously referred to as controlling risks in the PMBOK 5th Edition).
Do Project Managers Really Control Risks?
I've heard countless debates about whether project manager can control risks. First of all, what does it mean to control something? Here's the Merriam-Webster dictionary defines control as:
Can project managers really control project risks? Feels more like herding cats, doesn't it?
So, why do people push back on controlling risks? These individuals take the term control literally. They argue, "no one has absolute control over projects."
I'm not sure, but I think these issues resulted in the changes in the Project Management Body of Knowledge (PMBOK). The authors of the 6th Edition changed the Control Risks process to Monitor Risks.
PMBOK 5th Edition
The 5th Edition included the process called Control Risks which was defined as "The process of implementing risk response plans, tracking identified risks, monitoring residual risks, identifying new risks, and evaluating risk process effectiveness throughout the project."
PMBOK 6th Edition
The authors of the 6th Edition changed the Control Risks process to Monitor Risks. "Monitor Risks is the process of monitoring the implementation of agreed-upon risk response plans, tracking identified risks, identifying and analyzing new risks, and evaluating risk process effectiveness throughout the project."
Let's move beyond the debates and talk about monitoring project risks and getting results.
Four Steps to Monitoring Project Risks
1. Monitor Agreed-Upon Risk Response Plans
For each risk or set of risks, a response should be planned. Risk owners or their assigned risk action owners execute the plans. Some risks merit immediate responses; contingent risks are responded to when trigger conditions are met. For example, if a supplier fails to meet a deadline, the supplies are ordered from another vendor.
Jim, the project manager of a key strategic project, has monitored the residual risk -- the amount of risk remaining -- for his most significant risks. One of the key risks had a 60% probability of occurring with a $22,000 impact on a $100,000 project. The risk owner took actions that decreased the residual risks -- the probability dropped to 20% with an impact of $4,000.
Jim determined that it would be too costly to reduce the risk further; therefore, he asked the risk owner to monitor the risk and to develop a contingency plan. The risk owner reported to Jim once each month on the risk.
Project managers work with the risk owners to evaluate the effectiveness of the responses. Responses are modified as needed.
2. Track Identified Risks
The project manager uses tools to track the overall project risk. Are the risk response plans ensuring that the project team delivers the project on time, on budget, and in accordance with the requirements?
Trigger conditions are defined when defining risk response plans. Project managers work with the risk owners to determine the trigger conditions and the related metrics. For example, additional resources may be added to an activity if the activity falls behind schedule for two weeks or more.
3. Identify and Analyze New Risks
New risks arise over time. For example, an insurance company was implementing a new policy administration system. A vendor delivered an update while an insurance company was testing major modifications in their interfaces. As the new code was introduced, there was the risk of breaking the interfaces.
Project managers periodically work with their project team to identify new risks. What’s new? What has changed? What have we overlooked?
Project managers should identify new risks for the following events:
- Major changes to the project or its environment
- Key milestones reached
- Occurrence of a major risk
- Unexpected risks
- Changes in key team members or stakeholders
4. Evaluate Risk Process Effectiveness
So, you’ve implemented the risk management processes:
- Plan for risk management
- Identify risks
- Perform qualitative risk analysis
- Perform quantitative risk analysis
- Plan risk responses
- Implement risk responses
- Monitor risks
That’s great! Are the processes of delivering the results you expected efficiently and effectively? Are you spending too much time in certain areas and not enough time in other areas? Seek to reduce the cost of risk management while ensuring that you accomplish your project goals.
Think about your projects. If you compare the degree of variation from your baselines, how are you doing? Would you say your projects are staying within the expected limits? Or perhaps one project is like a car that is swerving all over the road. You wonder if you will ever get home. If so, make the necessary adjustments in monitoring project risks.
Join the 21 Day Challenge
Risks derail projects. We make risk management easy to understand and practical to apply, putting you back in the driver's seat.
Spend five minutes per day for 21 days--discover practical risk management techniques that can help you turn uncertainty into success!
Plus, you'll get weekly project management tips.