Importance of Risk Management
With today’s unforgiving economy, the topic of risk management of major programs and the maturity of general project management within an organization is dominating discussion among senior management, executive leadership and boards.
What is project risk management?
Project risk management is not limited to one specific activity or task. Rather, it formalizes the risk monitoring process and provides project managers (PMs), management and the board with a framework for measuring project risk and milestones.
Why is project risk management difficult?
Project risk management is difficult because it requires considering future implications rather than focusing heavily on present day challenges; it deals with likelihood and probability of a project related event, and takes valuable time away that could otherwise be spent addressing here and now project issues.
However, effective risk management and, in turn, achieving superior project performance requires raising the bar within an organization. For example, while all project managers likely would point to a project plan they are following, the successful project managers are the few that have a plan they actually believe in. Developing a plan one believes in depends on a psychological shift, as it requires project managers to focus on preparing for the worst and actively monitoring missed problems.
On large transformation projects, project managers frequently can see project communication tools, such as a risk register, being misused. The purpose of a risk register is not simply for documentation, but so often it stops there. The real question is whether the risks identified have been disseminated to affected parties and whether project managers are actively using the register to guide their work. Too often, these project artifacts are out of date, cursory and their implications not well thought out or acted on.
Given the continued scrutiny over budgets and doing more with less, project efficiency and effectiveness are important factors in today’s project environment. And while time is a precious commodity, the successful PMs consistently are the ones that find the time to apply more rigor to what traditionally has been informal, such as dependency mapping and tracking. They then actively manage the plan.
Six Pillars of Project Risk Management
The six pillars of project risk management can help provide appropriate oversight on projects of any scale and gain confidence that a project has all the elements in place to be successful.
• Project scope–Make sure the scope is well defined and that there is clarity around how the project will be managed, controlled and communicated over time.
• Project team–Assess whether the right people, with the right skills and experience have been identified and that they will be available when they are needed during the project.
• Schedule and risk management plan–Determine whether the schedule makes sense, major risks have been identified and whether contingency plans are adequate. Consider the predictability of potential risks, and understand the impact of potential worst-case scenarios and contingency plans.
•Stakeholder commitment–Ensure there is stakeholder commitment to the project prior to giving the go-ahead, and monitor commitment over time as the project, management and stakeholders evolve, as well as while opinions and objectives change.
•Benefits–Make sure the project benefits are understood, measurable and achievable. Maintaining a focus on benefits realization can help keep a project on track when issues or scope creep occur.
• Risk management–Be proactive in identifying and managing risks, and be prepared for new risks to arise over the duration of a project. As project plans change, so do project risks. Keep abreast of changes to the project plan and make sure that the risk managementplan is updated accordingly plan.
When trying to recover or regroup from something that didn’t work as you’d hoped, try these actions:
1. Increase your focus on your customers.
A company or team that has been thrown off-course can start to feed on itself.
And people who are burned out, or stressed, can start to see customers as “the enemy”* instead of the reason their jobs exist.
The situation can quickly degenerate in a downward spiral.
Focus on your customers and what they need from you.
2. Be clear and consistent in your instructions, feedback and guidance to your team.
Grow your trust in this uncertain time, if you can.
It will reduce your stress and that of your team if you trust people to do their jobs (unless you have proof through poor performance that trust is misplaced…and then you have a different problem to solve).
If your stress response is to micromanage, you make things for worse for your team AND yourself.
Ask for coaching to get over the need to manage by microscope, perhaps by developing a delegation process, and practicing to build comfort with the skills.
3. Reinforce what’s most important.
Keep your eyes on the prize as you regroup, and prepare to take a new path forward.
Make sure everyone on your team has current information about current circumstances and, when you’re ready to share them, the plan for moving forward. (The real issue here is that you’d hate to make a high-risk situation worse with poor communication).
Get rid of extraneous tasks and other drags on your energy and attention right now.
You don’t need distractions when you’re trying to regain control management your focus and forward motion.
Mistake-proof the way work gets done, to the degree that is possible and helpful now.
Taking that action could be a distraction under present circumstances, or it could save you from further damage in regrouping, recouping and moving on mode.
6. There may come a point when you need to stop stressing, pressing, and just accept what’s underway.
It’s important to know when stopping to accept current circumstances…really accept them…is your best and strongest move.
You may be sad. You may be mad.
But you have to accept the present situation to be able to understand it, let go of it, make the best of it and move beyond.
Strangely enough, at times of great risk and stress, you may gain control when you just let go.
Risk Identification Techniques and Tools
Most risk management programs and risk managers begin by identifying the risks that threaten a particular organization or situation. Prevention is better than cure and this risk management technique is aimed at identifying risks before they materialize, with a view to minimizing the risk itself or seeking ways and means of reducing the potential outcome of the risks, should the identified risk scenarios materialize.
There are a number of common tools and techniques that are used by risk managers to help them identify possible risks to the organization or product. There tools and techniques are often used in combination to ensure that all potential risks are identified within the organization. Risk managers also try to ensure an environment where employees feel open about discussing potential risks without reprisal or consequences. Tools commonly used by risk managers to identify risks within an organization include creating and controlling:
- Brainstorming sessions
- Collection of event inventories and loss event data
- Interviews with staff
- Facilitated workshops
- SWOT analysis
- Risk questionnaires and surveys
- Scenario analysis
Risks identified by a risk manager generally fall into four categories namely financial risks, strategic risks, operational risks and hazard risks.
For a comprehensive overview of what risk management entails, check out the Risk Management course. This course is aimed at business owners who want to implement a viable risk management process within their organizations. The course covers the principles of risk management and the techniques taught can be applied to any organization. The course will teach you how to identify risks, how to analyze them and how to take corrective action to reduce and control risks.
Once a complete list of risks has been identified and compiled, then the risk manager needs to begin a comprehensive analysis and assessment of each of the risks identified.
Risk Analysis and Assessment
Risk analysis and assessment involves evaluating the various identified risks or risk events, to determine the levels of risk posed by that particular identified component or event, and to quantify the risk in order to assess the level of prevention or control that is required by that risk.
Analysis includes who might be harmed and how that may occur. Groups of people are generally identified when dealing with who might be harmed, rather than listing people by name. Groups commonly include customers, employees or the general public. It is important to identify how they may be harmed to assess the potential consequences of each identified risk event. The type of harm can contribute to the level of management and control required by that particular risk event.
“What if” type scenarios are often used in risk assessment and analysis to provide valuable insight into the various risks that have been identified. Assessment can also include quantifying risks in terms of the financial costs to provide insight into which risks pose more of a threat to the organization or to the groups identified in the risk assessment. There are also a number of quantitative software applications that a risk manager can use to help determine the potential costs of the identified risks.
It is also important to consider the implications of control within the risk assessment process. The ease with which the risk can be avoided, the costs involved in risk avoidance and the costs associated with risk events, need to be considered and balanced to ensure the best possible profile for each type of risk is developed.
Once the identification and assessment processes are complete, it is time to create the structures and processes to control or avoid risk. The processes and structures will be determined by the type of risk identified and the type of analysis associated with the risk. Risk control includes identifying procedures for risk avoidance, loss control, risk transfer strategies and potential risk retention.
Risk avoidance will include setting up procedures and controls that allow the organization to avoid the risk completely. Avoidance strategies include dropping hazardous products or removing potentially hazardous situations from the organization completely. Risk avoidance can be one of the most successful strategies for risk management but not all organization risks can be avoided. For ones that cannot be avoided, the risk manager needs to identify loss control measures and risk transfer strategies. A good risk manager should also consider risk retention and the consequences of risk retention as well.
Risk Management as a Lucrative Career Option
Risk management forms part of most industries these days. The construction industry relies on risk managers to ensure construction projects are built safely and are built with safety in mind.