Share this
Mister Wong
Digg
Del.icio.us
Slashdot
Furl
Yahoo
Technorati
Newsvine
Googlize this
Blinklist
Facebook
Wikio
Hear this text
Export PDF
Print
E-mail
Tags
Experience shows that risk is not something to fear, but to manage, says the Risk Doctor
The novice project manager may be worried to learn that his or her project contains risk. Surely, risk is “A Bad Thing”, and it would be better if the project had none? But a more experienced colleague may explain that there are at least three reasons why this is not the correct approach, and would encourage our novice to recognise and manage risk proactively as part of routine project management.
The first reason why it is wrong to fear risk on projects is that all projects are inherently risky. Projects are all about managed change, creating deliverables within a set of constraints, in an environment that is subject to both internal and external uncertainties.
Projects exist to take risk in a controlled way, since risk is related directly to reward: the more risk the organisation is prepared to take with its projects, the greater benefits it can reap; but the organisation that plays it too safe will reduce its potential for gain.
The second reason is that some risks can be helpful. Risk can be defined as “any uncertainty which, if it happens, would affect one or more project objectives”. This definition includes the possibility of upside risk, i.e. uncertainties that may help the project if they occurred. Such opportunities are as much a part of project risk as downside threats.
Increasingly, project managers are recognising that opportunities require proactive management as much as threats do.
Thirdly, risk in projects should not be feared because most of it can be managed. While there are some uncertainties that lie outside the control of the project manager, many project risks can be tackled effectively, resulting in reduced threats and increased opportunities
For all these reasons, it is important for every project manager to adopt a structured approach to risk management as an integral part of managing the project.
Again, our novice project manager may fear a heavy process overhead, adding to the already high workload of standard project management tasks. But risk management can be conducted at different levels of detail, with a ‘lite process’ for simple projects, and a more in-depth approach for complex projects.
However, all levels of risk process should follow the same basic steps:
* First is an initiation phase, ensuring that project objectives are agreed and understood by all stakeholders, and determining the level of detail required for the risk process, driven by the riskiness and strategic importance of the project.
* After definition is risk identification, using techniques such as brainstorms, workshops, checklists, prompt lists, assumptions analysis, interviews, questionnaires, etc. Here, care is required to distinguish between risks and related non-risks (e.g. problems, issues, causes, effects, etc.), as well as being sure to look for both threats and opportunities.
* The significance of identified risks needs to be assessed, prioritising key risks for further attention and action, and giving each one a risk owner who is responsible for its management. Assessment can be qualitative (describing characteristics of each risk in sufficient detail to allow them to be understood); or quantitative (using mathematical models to simulate the effect of risks on project outcomes).
* Next comes response planning, when strategies and actions are determined to deal with risks in a way that is appropriate, achievable and affordable. Each action should be agreed with project stakeholders, and allocated to an owner, then its effectiveness should be assessed. Proactive threat responses include avoidance, transfer or reduction, and opportunities can either be exploited, shared or enhanced. As a last resort, it may be necessary to accept a risk, perhaps with a contingency plan.
* Planning must lead to action, so it is important to implement planned actions, monitor effectiveness, and report results to stakeholders. During this response implementation phase, risk exposure actually is modified on the project as a result of taking suitable action.
* Lastly, any risk process must include review and update. Risk is always changing on a project so the process must be iterative, regularly reviewing risk exposure, identifying and assessing new risks, and ensuring appropriate responses.
Having understood the steps in the basic risk process, the novice project manager may be tempted to relax, trusting in the “Three T’s” of tools, techniques and training. Though these are important, they are not enough to ensure effective risk management.
Other critical success factors will determine whether the risk process succeeds, including risk culture, people aspects, infrastructure and integration.
“Culture” describes the shared beliefs, values and knowledge of a group of people with a common purpose. It has both an individual and a corporate component.
Effective risk management requires a supportive culture. The risk attitudes of individual stakeholders on a project must be understood and managed, and the organisation’s overall approach to risk must be appropriate.
People aspects also require attention, since risk management is not performed by robots. Humans perform all the essential steps in the risk process, including identifying and prioritising risks, proposing appropriate responses, and implementing agreed actions. These all require human judgement, and are affected by preconceptions and unconscious bias.
Risk management is not ‘one size fits all’. Different organisations may implement it in varying levels of detail, depending on the type of risk challenge they face.
Having chosen a preferred implementation level, the organisation then needs to provide the necessary supporting infrastructure, so that the risk process can deliver the expected benefits.
Integration is also important, ensuring that risk management is not viewed as an optional extra for special projects only.
Since all projects are risky, all require active risk management. But the risk process should be an integral part of the project management approach, involving the entire project team rather than risk specialists.
Risk management is a key contributor to project success, and an essential element of professional project management. It is a vital part of the toolkit for novice and experienced project managers alike, offering a structured process to deal with uncertainties that may affect objectives either positively or negatively.
Done properly, it is one of the most important things a project manager can do!
About the author
Known globally as “The Risk Doctor”, Dr David Hillson (HonFAPM, PMP, FIRM, FRSA, FCMI) is director of Risk Doctor & Partners (www.risk-doctor.com). He is recognised internationally as a leading thinker and expert practitioner in risk management, and he writes and speaks widely on the topic.
David is active in the Project Management Institute and was a founder member of its Risk Management Specific Interest Group. He received the PMI Distinguished Contribution Award for his work in developing risk management over many years.
David is also an Honorary Fellow of the United Kingdom’s Association for Project Management, and a Fellow of the Institute of Risk Management, the Royal Society for the Encouragement of Arts, Manufactures & Commerce, and the Chartered Management Institute.
Articles 
Case Studies A little risk is a good thing
Case Studies A little risk is a good thing
Thursday, 07 January 2010 08:33
|
To create link towards this article on your website,
copy and paste the text below in your page.
Preview :
Powered by QuoteThis © 2008
Newer news items:
- 30/09/2010 10:05 - Remploy: a case of super-sensitive stakeholder management
- 19/03/2010 07:55 - Projecting a career
