Risk Management in Projects

Sounds simple enough, but this is where the theory and practice of project management often times do not line up. Instead of making risk management part of the project, some project managers take the so-called ostrich approach: They simply ignore potential risks. At other times, project threats are being deliberately concealed in order not to discourage future investors. Even though project teams are known to be understaffed, allocating resources to risk management always pays off down the line.

Risk Management in Projects

One of the essentials is to identify and address potential risks from the onset of a project. This is not to say that risk management will eliminate project related risks; no one can foresee the future. But focusing on potential risks already in the planning phase and determining how to deal with them will help deliver projects on time and on budget. And project teams are more productive when they don’t have to jump into firefighter mode to smooth out the damage that could have been prevented. Can all potential project risks be identified before they occur? Probably not. However, identifying the large majority of threats and dealing with them in proactively leaves enough time to handle risks that arise unexpectedly.

Project managers are primarily responsible for a project’s risk management but failed projects show that they were mostly unaware of the blow that was about to hit them. At the same time, in most cases other team members recognized the imminent threat but did not voice their concerns. All the more important is effective risk communication with all team members and stockholders. Team members should be encouraged to voice concerns without getting labeled as naysayers. A good approach is to make project risks a default entry on the agenda of regular team meetings.

Risk Management Life Cycle

Risk management is the process of identifying potential risks, assessing their consequences, as well as developing and implementing plans to minimize any negative effects. The benefits of risk management are substantial in any project and should be a priority especially with high risk projects.

Risk management comprises the following steps:

Risk Identification:

In general, all aspects of the project should be defined that may fall short or exceed the targets due to changes in the project environment. This task is made easier when using the project plan and project phases as a basis for the risk analysis. In a second step, potential consequences can be assessed and the likelihood of occurrence can be evaluated. Experience has shown that project risks mostly arise from the project environment, insufficiently communicated project goals and conflicting targets. Working with a check list has proved to be effective when identifying risk factors.

Risk Assessment:

The next step is to assess all identified project related risk factors. This includes evaluating the probability of occurrence of each risk factor and determining the potential negative impact. This is when experience from previous projects comes in most handy. If the company experience is limited, industry statistics are helpful and should be taken into account. Depending on the complexity of a project, it can be sufficient to visualize potential negative consequences with a “risk map”. When assessing projects that are especially risky or complex, it is important to apply more statistical methods. One method of evaluation is to use an ordinal ranking scale both for the risk’s likelihood of occurrence and its negative potential. Multiplying the values signifies the priority a specific risk factor should hold within the overall project risk scenario.

Risk Response Plan:

Implementing risk responses helps to minimize negative effects or may even prevent a threat from occurring. Strategies include taking team members on board that have a strong project management expertise and incorporating buffer times in the project schedule as well as back-up resources. However, any risk response plan should be designed in a way that it adds value to the project. Therefore, project risk factors should not all be treated the same way. Based on the risk analysis and assessment, most efforts should be directed towards risks that have the greatest impact. Sometimes the best choice may be to accept a risk because avoiding the risk is more expensive than the consequences associated with the risk factor.

Risk Status Monitoring:

Risk management strategies should be monitored all throughout the project lice cycle. Not only does the project environment change but so do risk factors, their likelihood of occurrence and potential consequences. Therefore, it is key for successful project delivery to include risk status monitoring into the continuous project monitoring.