Written by Michael Stanleigh
Risk Management is the process of identifying, analyzing and responding to risk factors throughout the life of a project and in the best interests of its objectives. Proper risk management implies control of possible future events and is proactive rather than reactive. For example:
An activity in a network requires that a new technology be developed. The schedule indicates six months for this activity, but the technical employees think that nine months is closer to the truth. If the project manager is proactive, the project team will develop a contingency plan right now. They will develop solutions to the problem of time before the project due date. However, if the project manager is reactive, then the team will do nothing until the problem actually occurs. The project will approach its six month deadline, many tasks will still be uncompleted and the project manager will react rapidly to the crisis, causing the team to lose valuable time.
Proper risk management will reduce not only the likelihood of an event occurring, but also the magnitude of its impact.
I was working on the installation of an Interactive Voice Response system into a large telecommunications company. The coding department refused to estimate a total duration estimation for their portion of the project work of less than 3 weeks. My approach to task duration estimation is that the lowest level task on a project whose total duration is 3 months or more should be no more than 5 days. So… this 3 week duration estimation was outside my boundaries. Nevertheless, the project team accepted it. It appeared an unrealistic timeline for the amount of work to be done but they were convinced that this would work. No risk assessment was conducted to determine what might go wrong, preventing their ability to successfully complete their tasks on time. When the 3 weeks deadline approached and appeared that the work wouldn’t be completed, crisis management became the mode of operation. How to manage the successor tasks so that the project is kept on track.
Risk Management Systems
Risk Management Systems are designed to do more than just identify the risk. The system must also quantify the risk and predict the impact on the project. The outcome is therefore a risk that is either acceptable or unacceptable. The acceptance or non-acceptance of a risk is usually dependent on the project manager’s tolerance level for risk.
If risk management is set up as a continuous, disciplined process of problem identification and resolution, then the system will easily supplement other systems. This includes; organization, planning and budgeting, and cost control. Surprises will be diminished because emphasis will now be on proactive rather than reactive management.
Risk Management…A Continuous Process
The critical point is that Risk Management is a continuous process and as such must not only be done at the very beginning of the project, but continuously throughout the life of the project. For example, if a project’s total duration was estimated at 3 months, a risk assessment should be done at least at the end of month 1 and month 2. At each stage of the project’s life, new risks will be identified, quantified and managed.
Risk Response generally includes:
1. Avoidance…eliminating a specific threat, usually by eliminating the cause.
2. Mitigation…reducing the expected monetary value of a risk event by reducing the probability of occurrence.
3. Acceptance…accepting the consequences of the risk. This is often accomplished by developing a contingency plan to execute should the risk event occur.
In developing Contingency Plans, the Project Team engages in a problem solving process. The end result will be a plan that can be put in place on a moment’s notice.
What a Project Team would want to achieve is an ability to deal with blockages and barriers to their successful completion of the project on time and/or on budget. Contingency plans will help to ensure that they can quickly deal with most problems as they arise. Once developed, they can just pull out the contingency plan and put it into place.
Why do Risk Management?
The purpose of risk management is to:
1. Identify possible risks.
2. Reduce or allocate risks.
3. Provide a rational basis for better decision making in regards to all risks.
Assessing and managing risks is the best weapon you have against project catastrophes. By evaluating your plan for potential problems and developing strategies to address them, you’ll improve your chances of a successful, if not perfect, project.
Additionally, continuous risk management will ensure that high priority risks are aggressively managed and that all risks are cost-effectively managed throughout the project.
Provide management at all levels with the information required to make informed decisions on issues critical to project success.
If you don’t actively attack risks, they will actively attack you!!
How to do Risk Management
First we need to look at the various sources of risks. There are many sources and this list is not meant to be inclusive, but rather, a guide for the initial brainstorming of all risks. By referencing this list, it helps the team determine all possible sources of risk.
Various sources of risk include:
1. Top management not recognising this activity as a project
2. Too many projects going on at one time
3. Impossible schedule commitments
4. No functional input into the planning phase
5. No one person responsible for the total project
6. Poor control of design changes
7. Problems with team members.
8. Poor control of customer changes
9. Poor understanding of the project manager’s job
Unforeseen regulatory requirements
Vandalism, sabotage or unpredicted side effects
Market or operational risk
Currency rate fluctuations
Risks stemming from design process
Violating trade marks and licenses
Sued for breach of contract
Labour or workplace problem
Litigation due to tort law