I fear that many project managers live by the letter of the law and may fail to gain the actual benefits of risk management. These individuals are too concerned with checking boxes and making the risk management processes overly complex. Let’s look at ten ways to manage your project risks better.
1. Thou shalt not make risk management complicated.
Wise project managers tailor their risk management plan to each project. Pick only the necessary inputs and tools, and techniques. And speak in a manner that your sponsor, project team, and stakeholders understand. Furthermore, if you wish to introduce new terms (e.g., risk attitude, risk tolerance, Monte Carlo), define them.
2. Thou shalt not create a risk register longer than War and Peace.
Some project managers think they should identify every possible risk. Be pragmatic—identify the significant risks.
3. Thou shalt not forget your project objectives.
Heck, we can get so bogged down in the risk management processes that we forget the project objectives. Risk management performed without focusing on the project objectives is a waste of time.
4. Thou shalt not forget your project stakeholders.
One of the best things you can do early in your projects is to identify and analyze your stakeholders—individuals, groups, and organizations that may affect or be affected by your project. Forget these people, and you will pay the piper later in your projects. Consequently, influential stakeholders can negatively impact your projects at the worst times, mainly when you ignore them.
5. Thou shalt not forsake the risk reviews.
You are more likely to deliver results when you consistently perform risk reviews. Why? Because risk changes over time. Too many project managers identify risks early in their projects and never return to review current risks, identify new risks, and determine if their risk responses are working.
6. Thou shalt not own all the risks.
If I looked at your risk register, would I see you (yes, you the project manager) as the risk owner for most of the risks? If so, why? When you and your team identify a risk, always ask, “Who has the knowledge and skills to develop a risk response plan and monitor the risk?” Then, ask that individual to own the risk.
7. Thou shalt not fail to prioritize your risks.
Imagine that you’ve identified 37 risks. Which ones need a response? When developing your risk management plan, determine how you will analyze and prioritize your risks.
8. Thou shalt not quantify risks in all of your projects.
You should always perform qualitative risk analysis. However, quantitative risk analysis—which requires more time and effort, is not always needed. Therefore, only undertake the quantitative risk analysis if you need additional details to make project decisions.
9. Thou shalt identify opportunities.
Don’t forget the opportunities—those uncertain events or conditions that can positively impact your project. Work with your team to exploit and enhance these situations to advance your projects.
10. Thou shalt categorize your risks.
Where are your most significant risk exposures? Categorize your risks. For example, you could use the categories of schedule, cost, quality, and scope. For each risk, assign a risk category. Once done, you can analyze the register. For example, if 80% of your risks are schedule-related, you know where you need to focus.