Risks can be foreseeable and unforeseeable. In both cases, astute project managers are prepared with some means of dealing with them. Many risk management plans address only foreseeable risks and fail to address the unforeseeable ones. For that reason, project planning must include a degree of schedule, cost, and scope margin.
Michael Taylor, a project manager with more than 30 years of experience, suggests that the most effective way to manage project risks is to adopt a process that systematically deals with the overall problem of uncertain events and conditions that might affect a project’s objectives. This process involves the following five steps.
Click through for five steps to effectively manage project risks, as outlined by Michael Taylor.
Identification of project risks is not a one-time only event. As projects progress, new risks will become evident and must be addressed accordingly. It is imperative that project managers take full advantage of the skills and experiences of subject matter experts, and other project managers of similar past projects.
The challenge facing risk management teams is knowing where to begin the process of risk identification. Typical risk sources that should be examined are poorly defined product requirements, design drift, exceeding technical capabilities, accepting an unproven technology , making too many changes to an existing product, limited availability of needed skills, project deadlines and budget/funding limits
To avoid this phenomenon, the project manager can take advantage of any one of the following risk identification tools — process flowcharts, analogous project comparisons, risk checklists, work breakdown structures, brainstorming, Ishikawa diagrams, affinity diagrams, and risk breakdown structures. Each of these tools enables the team to focus on parts of the project rather than the project as a whole. By doing this, the focus is more concentrated and more likely to give better visibility of potential project risks.
Risk is always to be analyzed by the probability of the event occurring and the consequence if it does occur, and should focus on the project schedule, costs, scope and quality.
- Probability – the likelihood that a risk condition will actually occur.
- Consequence – the impact that might occur from the risk
The estimates of probability and consequences are completely dependent upon subjective estimates. This means that if an estimator is unskilled or inexperienced, the estimates will be inaccurate. If the project manager is not confident in the estimator’s judgments, then subject matter experts from other projects should be invited to participate in the qualitative analysis process.
Once the qualitative assessments of project risks are completed, the estimates can be examined to determine the magnitude of the risks. A technique that not only considers risk probability and risk consequence but also takes into account the project priorities is the “weighted risk factor (WRF)” technique. For each set of project risks, a WRF is calculated as follows:
- “RF” means Risk Factor = (P+C) – (P x C).
- The value for weight (W) is dependent upon its project priority within the triple constraint.
- W1, W2, and W3 are valued 0 through 1.0 depending on the priorities of the project, and together must sum to 1.0.
Risks may be viewed as negative or positive. Negative risks are those that might impact the ability to reach project goals. Positive risks are those that can be exploited, as opportunities, for positive benefits.
Responses to negative risks may include the following: transfer the risk, avoid the risk, reduce the risk, share the risk, increase risk tolerance, accept the risk (do nothing). In some cases, risks cannot be avoided, mitigated, transferred or shared. In such cases, potential risk impacts must be accepted. This is usually the most inferior response to project risks.
Responses to positive risks (opportunities) may include the following: exploit the risk, share ratios, and enhance the risk. Enhancing a risk involves the pursuit of activities that might produce a greater return-on-investment. This is accomplished by strengthening or maximizing the chances for a positive benefit.
As stated previously, risk management is not a one-time-only effort. New risks may present themselves as projects progress. For this reason, project risk teams must constantly be on the lookout for potential risks. New risks that surface at various points in the project must then be subjected to the same risk management process. Risk control takes place when project managers remain aware of possible imminent threats and take adequate measures to implement responses in time. Inserting decision points in the project schedule will prevent project managers from getting caught off guard.