A key element that contributes to the clear understanding of any risk is its description or definition usually found in one of the first columns of the risk register. Based on this simple description, we will support an entire risk process. There is no room for being vague or unclear. Unfortunately, we generally spend no time or thought on this important component which might lead us to over or underestimate the risks of the project in the long run.
The project has started, and with it, a brand-new risk register is created, being filled with our understanding of risk and the requirements for the job at hand. The team is busy setting up for a risk identification meeting, and participants are being invited or scheduled to participate. Before you know it, that risk register has taken a life of its own and contains a lot of details that should assist us in making the right decisions for the project going forward.
For a lot of projects out there, this would be the way that we establish our risk register. As time progresses, not to mention, with the help of progressive elaboration, the PM and the team generate a valuable risk register. Over the years, I have seen this exercise create a small but easy to fix the problem which could make our work on risk management better as we go forward if we address it early in the risk process. That small problem is the result of us trying to cut time out of the identification process. We do not spend enough time on our description of the risk so that it is framed properly.
Look at any recent risk register from your organization. Tell me what you see in the risk description column? For most, it will be something similar to weather, inflation, a rise in the price of gasoline, or the quality of part ABC…
What is wrong with this picture?
Well, it does not really provide a complete or clear description, and it certainly does not paint a picture of our risk in a way that it is easy to analyze or assign responses or strategies to. Associated with the description is the fact that we clearly need to understand the extent or magnitude of the risk in order to make future decisions that can handle the totality of that risk.
What is a proper definition that would help us in our risk management process?
I do not pretend to have the perfect solution, but years ago, when I was first introduced to risk management, a wise manager in the risk department I worked in introduced me to a simple formula that I have in turn used countless times and taught most of my students.
Sylvie Edwards, PMP, MCPM, STDC, CMP, FPMAC has 25 years of project management experience spanning various industries and is the owner of SRE Solutions, catering to clients in need of project management course development, education, project risk management, PMO setup/evaluation or recovery services. She has worked with one of the top five consulting firm, where she led projects in the information technology, banking, government, and securities sectors as well as being a manager in the risk management practice. Sylvie writes about risk management, communication, and PMO.