Managing project risk effectively contributes to project success. That is hardly rocket science. However, I’m sure you know of project managers who roll out the risk log at the beginning of a project to tick the box and then never look at it again. I certainly know a few that fall into that category. They are consistently surprised when something goes wrong and I often hear, “I don’t know why we didn’t see it coming.” Well, I know why they didn’t see it coming – they didn’t look.
It isn’t just me that says risk management is a driver for project success. Research by KPMG bears it out as well. They found that the consistent application of a risk management methodology throughout the life of the project contributed to project success. It doesn’t seem to matter whether you use an approach bespoke to your company (like 43% of people in their survey) or something prepared by an external organisation or professional body. The most important thing is that you do it.
Managing project risk
There are several methods of managing risk (PRINCE2 has a whole theme dedicated to risk) but they all broadly cover the same areas:
- Identify the risk
- Assess the risk
- Plan what to do about the risk
- Implement your plan
- Repeat, repeat, repeat.
Your company process or the standard you follow may use slightly different words but risk management best practices all follow the same concept.
In my view, the most important area here is identifying the risk. If you can’t identify them, you can’t do anything about them. Your risk log is empty. Of course, when your risk log is empty it can be hard to work out where to start.
You can identify risks in lots of different ways and it is normally best to work together with your project team. Here are some options for risk identification:
Lessons learned: dig out the lessons learned documents from previous, similar projects and find out if there is anything that caught the other team out. What risks can you raise that relate to those problems so you can manage them before they cause you the same issues?
Brainstorming: the classic ‘let’s all sit round the table and throw out ideas’ approach. It might not be revolutionary, but it is still one of the best ways to identify project risk.
Checklists: these are publicly available or bespoke to your company and have been prepared in advance, detailing areas where risk could be found on your type of project. They typically have category names to get you thinking about the sort of areas where you might be facing risk, such as Resourcing, Procurement, Financial and so on.
Risk breakdown structure: an underused technique, but one that is very helpful, especially on large projects. Create it as you would a work breakdown structure, with each area of the project broken down into the component risks. Procurement risks, for example, might be made up of supplier liquidation, contractual risk, stock management risks etc.
Improving project risk management
Doing risk management is one thing, but in order to be really good at it you have to keep improving. The KPMG study asked what initiatives organisations had in place in order to improve project risk management. The most common initiative was aligning the project risk framework with the way that organisational risk is managed at corporate level. That seems to make a lot of sense: why make managers understand two different ways of recording and assessing risk? There are, though, a number of differences between organisational risk and project risk, and the two approaches might not align as smoothly as the executive team might like.
Another interesting stat was that over 50% of businesses reported ‘communicating about our approved risk framework’. That isn’t really an improvement initiative in my books, that’s telling people how to do their job. They are expected to follow company project management practices and good risk management is one of them. Having said that, if it gets more projects to complete successfully, then I am quite prepared to be told I’m being picky.
Nearly a fifth of companies said they didn’t have any initiatives on the go to improve the way that risk is managed on projects. That’s not to say that they are doing nothing, but they didn’t tell the researchers that they were doing anything.
Managing risk is essential for project success and if you want more success, improving the way you manage project risk is one way to go about it. What can you do today to make risk management more effective on your projects?
