As project managers, we often have our plate full when it comes to tracking and documenting the success or failure of a planned outcome. We do tend to focus on cost, schedule, and scope mostly but risk events provide a particular view of how planning was done and if it achieved the desired outcomes. How else are you supposed to know if your planning worked? Beware if you are not closing that key loop.
With the recent addition, to the 6th edition of the PMBOK® Guide from PMI®, of the implement risk responses as a process within the execution process group. I was reminded how we often take for granted what it really takes to ensure that we fully understand how successful or not our projects have been. One of the easiest or simplest ways when it comes to risk management is to ensure that we follow the process from beginning to end.
We spend a large amount of time while working on risk within the earlier processes such as identification and analysis to finally come up with plans and strategies on how, if they occur, we will handle those risks. What we also often do after this is simply maintain the risk register and update it in the event of additional risks being uncovered or changes to existing ones. We tend to skip the assessment or validation of our plans and strategies. Did it work, is a simple question what we do not ask enough. Without properly documenting what occurred while trying to implement risk responses, we actually cannot rely on lessons learned for that project as being adequate. One should, in fact, consider the lessons learned process may not be complete enough to provide the data necessary for future use in planning for other projects.
I know that you are probably frowning as you read this, but let me explain further.
So, remembering that risks are events in the future for which during planning we estimate a probability and an impact based on our stakeholders’ impressions, experiences, or perspectives of those risks. How well would we be able to say that we would consider using those same strategies in a future project based on our documented lessons learned if we were not at least spending a bit of time documenting and describing if our planned strategies had worked or not?
Any information around the usefulness of a particular strategy in taking care of risks for any scenario of the past would be useless information if it was not supported with a view of the whole picture, including if that strategy had been helpful or not.
Success or failure in risk management is related to a small number of elements and getting those just right. I have found the following 3 to be very good indicators:
- That we were able to identify with a high level of certainty the risks to our project.
- That we were able to estimate with some level of accuracy the probability and impact of our risk events.
- That we were able to come up with an appropriate response to those risk events.
Once we have done the hard work of getting these pieces together, it makes a lot of sense to carry it just a bit further and spend a little more time documenting the actual results of our efforts. Why stop when we have almost reached the end? What’s another column or two in a risk register?
Some key questions that should be asked at this point:
- Did our efforts provide us with the appropriate data to manage risks properly?
- What worked?
- What did not work?
- What was the ultimate outcome?
This is also a good time to review the status of our risks identified in our risk register and update it to reflect the reality of what occurred.
In the long run, taking up this practice will ensure that you can have lessons learned that are complete, based on the real events of the project, and providing an idea of the possible success of their implementation.