Risk is an interesting word in the project management world. In some corners, risk is a four letter word to be avoided at all costs. During the financial crisis of 2008-2009, risk became associated with bankrupt firms, reckless activities and economic collapse. Given that context, it’s no surprise project risk management makes people nervous.
Project risk management is like gravity. It is always present, it can be useful and it is foolish to deny its existence. In that sense, seeking to eliminate project risk is a fool’s errand. Risk simply needs to be understood and managed in order to reach project success.
Risk Management Never Goes Away
David Hillson once defined risk as “uncertainty that matter.” That definition resonated with me. For example, uncertainty about tomorrow’s weather makes little difference to a bank. On the other hand, uncertainty about inflation does impact a bank’s operations. The financial industry has a set of risks of its own to manage. The range of risk – interest rate, operational, liquidity and more – impacting finance has given rise to an entire series of books, degree programs and armies of consultants. Project managers in finance need to understand those risks.
What are the uncertainties that matter to project risk management? Two important examples come to mind immediately: people risk and vendor risk. In my view, people risk represents the uncertainty that a key project team member may resign, become ill or otherwise be unable to complete their tasks. Vendor risk represents the uncertainty about a vendor delivering against their project plan. These two examples show how contributors to your project can derail your success.
Project risk management is always present. It is reasonable to take sensible preparations to forestall disaster. However, every hour or dollar allocated to managing risk represents resources taken away from achieving the project’s ultimate results. Carefully weighing this trade off or opportunity cost is a key responsibility for the project manager.
Project Risk Management: Key To Innovation
What is your reaction when you are presented with risks in your projects? At first glance, you may seek to reduce or eliminate those risks entirely. That’s a mistake.
Projects create change in the world. Change creates uncertainty. Risk is simply an uncertainty that matters. Unless you are fighting some kind of rearguard action to preserve the status quo, change and risk go together. In fact, having to cope with uncertainty and ambiguity shows your project is making an impact in the world.
In the final analysis, projects are about innovation. What do we know about innovation? We know that some innovations fail. Consider the example of Newton personal digital assistant that Apple produced in the 1990s. Compared to the success of the iPod and iPad, the Newton was a failure. Yet, the courage to develop Newton technology gave Apple experience with handheld mobile devices. Despite the relative failure of the product, Apple learned from the experience.
From time to time, projects will fail. Just ask NASA about the Mars Climate Orbiter – it burned up in the Martian atmosphere in 1998. For most of us, project risk management doesn’t include seeing our failures reported around the world. If your project failure IS widely reported, then you will simply have to accept it as paying the price for innovation. After all, it is difficult to get someone excited about a project that simply maintains the status quo.
The Upside of Project Risk Management – Are You Ready?
Risk is not a four letter word. It’s true! Think about a time when someone gave you a surprise gift. Until you open the package, the gift is an uncertainty that matters. How about that for a change in perspective?
This new attitude changes everything in project risk management. Instead of fixating on what might be lost, you will start to look for new opportunities for gain. This mindset will also change your perspective on your project plan. The plan is no longer a rigid document that dictates each and every move. Instead, it is a flexible document that can accommodate new opportunities.
Read on to learn about three surprise gifts you can encounter in your project risk management. Any one of these “gifts” will impress management. With some thought and analysis, these upside risks also translate into excellent resume bullet points.
- Increased productivity.
A member of your project team applies their newly learned Excel programming skills to clean the data set. They were motivated to get the project done before vacation. As a result, your project is now a week ahead of schedule.
- Enhanced project sponsor support.
For weeks, you’ve been struggling to get the attention of your project sponsor. Then, suddenly a controversy strikes your competitor. That gives you the opportunity to demonstrate your project’s value in a new way. Result – your project sponsor lends new strength to your efforts.
- Decreased cost.
The project plan included a purchasing an expensive software package from a vendor, complete with consulting support. Fortunately, your firm recently hired a software developer away from the vendor. Since you have a strong internal network, you hear about the new hire quickly.
With some careful negotiation, you get the developer assigned to your project. Result – your project no longer has to spend $20,000 on consulting services. Reducing costs is also an excellent way to demonstrate thoughtful management of resources.
As you start your next project, keep an open mind for uncertainties that matter in a positive way. You may be able to deliver some of the “nice to have” features users requested. When you write a project plan, [link to Montgomery scott article], set aside time each week to check your progress. Unless you make time to look for opportunities to exceed your project plan, you may never grow.
Downside Risk In Project Risk Management: An Overview
What can we do about the downside of risk in projects? It is a three part process: identify the risk, evaluate the risk and develop a risk mitigation plan. Consider this approach to project risk as your starting point. This approach will serve you well in many different projects. My approach to risk management is based on my experience in the financial industry. You can learn a lot even if you’re in a different industry.
I’ll explain the three step approach to risk management using a simple project. This example is based on a project I recently worked on; details and scope have been simplified.
Project objective: Upgrade 100 computers for employees to the Windows 7 operation system at a large company by October 31. The upgrade will deliver faster performance to all staff who use the upgraded computers.
Identify Project Risks.
- Break Legacy Systems and Processes.
Many staff use legacy applications that date back to the 1990s and earlier. Despite their age, these applications enable mission critical processes such as invoice payment and accounting.
- Create Staff Downtime During Upgrades.
Early tests show that the upgrade process is highly variable. Some PCs completed the upgrade process in thirty minutes and some machines took up to four hours. During the upgrade process, staff cannot use the PC for work.
- Create New Network Security Threats.
Windows 7 has passed the company’s initial information security assessment. However, there are lingering concerns about the product in some departments.
Evaluate Project Risks.
- Legacy Systems and Processes.
The failure of legacy payment applications would cause late payments and trigger interest charges. In addition to monetary loss, disruption to legacy applications will upset staff who depend on those processes to work reliably.
- The Staff Downtime Risk.
Creating unexpected downtime will lower the organization’s productivity and output. In some instances, customer service may suffer. A project team investigation found that only 10% of the users impacted by the upgrade project work directly with customers.
- Network Security Risk.
Network security failures can trigger a variety of problems including data loss, public embarrassment and theft. Five years ago, a denial of service attack disabled the company’s public website for five hours. A similar disruption would cause lost revenue of $100,000 today.
In the project manager’s assessment, disabled legacy applications are the greatest negative risk facing the project. The other two risks are not deemed significant. All three risks will be covered by the risk mitigation plan.
Develop A Risk Mitigation Plan.
It is time to plan for the worst. Possible consequences for the company include public embarrassment, lost productivity and scepticism toward future technology projects. When a risk takes shape, it is vital to take swift action.
“If you don’t address risks until later on in the schedule, you’ll have fewer degrees of freedom in responding to them.” – Scott Berkun, “Making Things Happen: Mastering Project Management”
- Mitigating Legacy Application Risk
Mitigate this risk by testing customer facing applications on Windows 7 prior to testing.
- Mitigating Staff Downtime Risk.
Schedule the upgrade process to start at 5pm on a Thursday night. That scheduling minimizes disruption during the work day and makes recovery on the following day easy.
- Manage Network Security Risk
Continue actively involving the network security stakeholder during the project. Schedule at least one testing session to explore security threats.
Congratulations! You have now mastered the basics of project risk management. By repeating and expanding this process, your risk management skills will continue to grow.
Tip: To take your project risk management education to the next level, seek out the PMI Risk Management Professional (PMI-RMP) certification. The Project Management Institute introduced this certification in 2008 to respond to the demand for risk management.