As most buildings have fire marshals to usher people out in case of an emergency, a good risk register has a place for risk owners. But are we using these folks to their full potential?
Planning for risks in most projects follows an established and clear framework composed of key processes. Each of these processes culminates in the hope that we have generated and put in place what is needed to take care of risks as they might come along. We have also generated by that time a risk management plan that sets out our approach to managing risks on the project, as well as started populating a risk register, which will keep us on track with our efforts to document and keep everything in plain sight.
Risk identification is by far the most time-consuming process and to me, the one that I enjoy the most as it sets the tone and provides insights into both the organization and projects alike. That’s where you get to work with cool tools like the Delphi technique, or you get to probe people in one-on-one interviews. Once identified, risks are or should be analyzed to provide a look at the probability and impact of each risk. Additionally, it will show us, through the use of a matrix and prioritizing system, the range or extent of our risks for our project. Some people will only analyze this far, while others may also pay attention to the risks that can impact time and cost. They may also further analyze risks to properly quantify what might be at stake as well as the potential impacts on our project baselines.
The next major process is to determine what our options or responses should be if the risks were to occur. I’ve discussed in a previous article some aspects of the risk response strategies and the preparation that goes into ensuring that, short of a crystal ball, we can set good plans in place for our potential risks. Another key factor that gets documented at this stage is the ownership of those risks. This is what I would like to discuss more in this article. For some, the use and documentation of risk owners is the filling of a column in the risk register, while for others it can have a much larger meaning and purpose.
What does being a risk owner mean?
I found that it depends on the organization one works for, and the risk culture established there. I will start by eliminating the one thing that it should not be so that we start out with a clear understanding. It should not mean having the project manager or the team listed as owners for every risk in a risk register.
Generally speaking, at a minimum, a risk owner will be a person close to a risk source that can trigger the “alarm” so to warn the rest of the team that the risk is about to manifest itself. That should be the minimum that is requested of a risk owner. I firmly believe that this is not enough and that we do not utilize risk owners to their full potential in most, if not all, projects.
To make full use of our owners, they should be more closely involved in the risk response planning and implementation processes from start to finish. By having the risk owners be part of the entire process, we support our risk efforts with the addition of an extra set of hands, eyes, and minds. Someone close but more often also aware of the circumstances surrounding the risk and its source. An ally in the fight against risks already established, like a spy, in the midst of the action.
A well-prepared, trained, and knowledgeable risk owner can be the difference between having the risk plan succeed or fail. The reason we selected these folks is often related to their closeness to potential risk sources. This enhances our chances of being there and prepared when the risk event materializes. Why not go all the way and complete the process by making certain they know what they are up against and also can take action if or when the risk occurs? Imagine having an owner who is also equipped to take action within close proximity. That is, I would say, over 50% of the battle turning in our favor without having too much more to do but provide authority, tools, and knowledge.
So next time you review the use and value of risk owners to your risk management process, remember to give them the power, knowledge, tools, and techniques that they need to be able to fly solo at the defense of your project. Your team and them on the frontlines can only make risk management more robust when they are working toward successful project completion.