How to Manage Risks in Project Management
If you don't invest in risk management, it doesn't matter what business you're in, it's a risky business. - Gary Cohn (Vice Chairman of IBM's board of directors)
Risk Management is one of the focal pursuits of a project. The mission of a good project manager is to identify, plan, analyze, control, and prepare projects to respond to the risks. In fact, the element of uncertainty that characterizes risk can be critical for any type of project.
What’s following is to bring order to these concepts by trying to identify a simple system of analysis to be applied in different areas without necessarily having high-level skills in risk management.
Given the definition of Project Risk, it can be said that it is an uncertain event that, when occurs, has a positive or negative impact on one or more project goals.
What is clear from this definition is that the concept of risk in project management does not necessarily have a negative meaning. The occurrence of a risk that has a positive effect on goals is also contemplated and it takes the name "opportunity".
The identification of risk
Essential is to identify all factors, fixed or variable, that must be kept under control and therefore, must be identified the project to be monitored as a system.
Why is the concept of “project as a system” so important?
Because makes it possible to define:
- the perimeter of the activity being examined;
- any tech or economic constraints;
- the possibility of splitting the system into subsystems to better and clearly understand relations and the consequences that changing one would have on the whole system;
- the potential interactions with other systems outside;
- the presence of cases - that have already occurred - with the consequential solutions that have been adopted.
These steps can be delivered using different procedures including, for example:
- specific questionnaires to gather information;
- checklists, i.e., pre-filled lists of risks that are derived from past experience;
- brainstorming, which can lead, once all the ideas have been gathered, analyzed, discussed and filtered, to formulating a shared document;
- the SWOT matrix to identify strengths, weaknesses, opportunities and of course threats.
The Risk Analysis
After identifying potential risks, the PM, with the help of the team and the tools dedicated to project management, assesses the risk based on its probability and the potential loss associated with the event.
By definition, not all risks are equal.
Some risk events are more likely to occur than others, and the cost of risk can also vary.
Assessing, therefore, the probability of the risk occurring and the actual impact on the project are the crucial steps in Risk Analysis.
Risk Treatment & Monitoring
Each risk defined, should be entered into the Risk Treatment & Monitoring model and marked with the relevant priority. You will have the opportunity to make a number of decisions that we can summarize here:
- avoid risk which means deciding not to start an activity;
- take on the risk so as to pursue an opportunity;
- remove the source of risk;
- alter the probability or consequences;
- share the risk by insuring against the risk;
- accepting the risk on the basis of an informed decision.
With the application of one of these actions, the PM will move on to define the degree of residual probability and severity that will give rise to the residual risk value.
The residual risk obtained will then have to be periodically monitored by the team members whose roles have been previously identified. This tracking activity will be essential to the achievement of the organization's goals.
In daily activities we tend to weigh the consequence of our actions and to do so, we perform, even unconsciously, a Risk Analysis. This leads to deciding how to behave by accepting or not accepting the consequences of our actions.
Why does this culture of risk often become difficult to understand in organizations? Does it cost too much time and money? Are the skills in the ream not enough?
The reasons behind this lack can be many and varied. Certainly, there is cultural trouble, but at the same time, there is also a problem with methodologies and tools.
The lack of formal project management tools is definitely an obstacle to the implementation of a risk management plan.
What about you? What kind of PM are you and how do you manage potential risks?