There are still a great number of projects led by competent Project Managers (PMs) out there that do not use risk management to its full capacity or intent. Most of the time, these situations are caused by senior-level executives within the organization that still believe that risk management is more often than not a waste of time and money, especially on smaller projects. Let’s have a look at the five key reasons why any and every PM on small, medium, or large projects should be using risk management.
Not all organizations are set up or think the same when it comes to using risk management on their projects. Some PMs are provided with strict guidelines and thresholds as to what constitutes a project, be it large or complex enough to use full risk management more than in passing. This, I believe, to be of great disadvantage to a PM and the team and, in the long run, the organization itself.
Just recently, I was called into an organization as a consultant to help in providing an audit of the currently “live” projects to establish a baseline for other projects to come. What I was provided with at the start of this engagement was a table establishing what processes such as risk identification and risk analysis that were to be used for each category of projects within that organization. For projects smaller than $50,000 in cost, it was deemed unnecessary to perform organized risk management, instead as part of status reporting, a PM would report on any potential risks the team might have had to deal with.
It was clear for this particular organization that applying only some of the processes some of the time that people had lost sense of the importance of using risk management on every project.
Let’s discuss what I believe are the five core and key reasons why we all need to do risk management and why it needs to be on every project.
1. We need to be aware
- One of the biggest reasons is that we simply need to know what risks we are facing. Otherwise, we will get blindsided if or when they occur. Without the work we do that warns us of potential risks, our normal human reaction will be to ignore their occurrence. And that reaction is almost always fatal.
2. We need to be vigilant
- Risk events, almost all without exception, give some warning that they are occurring. This warning can be enough to react successfully. But to be aware of the warning, we need to be watching for it. And that means we need to perform tasks specifically to alert us when the risk event is occurring. Those tasks need to be included in the task list for our project.
3. We need to be ready
- One of the characteristics of surviving a risk event is the speed of our reaction. The faster we react, the better. Having a plan in place to reduce the effect or take advantage of the effect can speed up our reaction time immensely.
4. We need to prioritize
- There is a limit to how many balls we can keep up in the air at one time. Trying to juggle more than that limit can have disastrous results. Identifying our risk events in advance allows us to watch only those that matter. We need to prioritize, by keeping the less important balls in their case and out of our awareness.
5. We need to be prepared
- If you stand in front of the plate often enough, eventually, you are going to be hit by the ball. It’s inevitable. Maybe not this time. But eventually. That’s the nature of probability. Not only is there a cost and time that the project needs to absorb — for monitoring and so on, but there is a cost and time that the organization must absorb. This is known as contingency or reserves. Think of it like insurance or an emergency fund. Not all projects will spend their “allowance.” But over time, you know one of the projects might spend the whole amount, and you need to be prepared.
What do you do if your organization thinks that risk management is not for all projects? Or worse if it thinks risk management is a total waste of time and energy? Show them the way!
Going back to my example that I introduced earlier, how you make a change in these situations is to show the executives the value of having a full set of data to use for analysis in the organization. Having partial data on success or failure rates due to circumstances such as risks or objectives not being met is never a good idea. The better the data set, the better the decision potential that can be related to the work at hand.
Another point to take into consideration of using full risk management is the fact, it does not, in reality, take that long to accomplish and often does not need a large expense of money to establish. Having a good risk management plan that includes a tailorable framework as well as a flexible, sortable, and easy to manage risk register are often enough. The larger part of the whole expense will be around ensuring that your team members, PMs, and other stakeholders are trained in the process. With experience, both time to establish and time to accomplish will diminish, as will the costs.
Start small and keep the continuous improvement, growing with the knowledge and the team expertise, and before long, you will have a sturdy risk management process in place. As your confidence grows, you can introduce other elements of analysis, and after a while, the data collected will start paying off.
The only great way to be prepared for the projects is to look ahead, and looking ahead means doing full-on risk management and improvement.
Sylvie Edwards, PMP, MCPM, STDC, CMP, FPMAC has 25 years of project management experience spanning various industries and is the owner of SRE Solutions, catering to clients in need of project management course development, education, project risk management, PMO setup/evaluation or recovery services. She has worked with one of the top five consulting firm, where she led projects in the information technology, banking, government, and securities sectors as well as being a manager in the risk management practice. Sylvie writes about risk management, communication, and PMO.