Managing Risk

Projects and Risks

Unfortunately, introducing business or technical change introduces risk. This article discusses: how to identify and analyse negative project risks; how to take effective ownership; and how to judge the correct level of response.

During a career managing projects and work programmes, a key lesson – learnt first-hand (ouch!) and when brought in to turn around a failing project – is that not managing risks effectively increases the chances of project delay, cost overrun or even project cancellation.

Follow the process

You may follow a standard project methodology, or you may have developed an in-house methodology, to meet your needs, but each requires the effective management of project risks. The following steps are key, no matter which methodology you use or what timescale you are working to:

Identify and log your risks

Risks must be identified as soon as possible, and I do not mean ‘project manager making notes and storing them in a spreadsheet to be dug out at the next stage gate review’. Risk identification must be a collaborative effort from key project members and stakeholders – and it needs to happen throughout the project lifecycle.

Where possible, use a collaborative tool to log and maintain a risk register that team members and risk owners can access.

Risk analysis

Once a risk has been identified and logged, the project team must be able to analyse its likelihood and severity. One effective way of prioritising risks is to ‘score’ them and then to make sure that those with a higher severity and likelihood are addressed as a priority. This information must be logged within your risk tool.

Risk ownership

All too often, a risk log has the same project manager’s name against each registered risk. Within a stakeholder group the correct owner must be assigned. This person should have the right level of authority to effectively manage that risk.

Risk Response & Deadlines

Each risk should have a corresponding response that is clearly logged within the collaborative tool, with an agreed date for the risk response action. Typical responses to risks will be:

Avoid

Change the strategy or adjust your plan to completely avoid the risk.

Mitigate

Act to reduce the risk’s likelihood and severity.

Transfer

Move responsibility for the risk from the project to another entity: an external team to the project; outsourcing; assigning it to a third party.

Accept

It might be too costly or too time consuming to undertake one of the other risk responses. Or the likelihood or severity of the risk is very low. It can be a perfectly justifiable decision to accept a risk and this should not be viewed as a ‘do nothing’ approach. Accepted risks should be logged and explained in the same manner as those that merit a proactive action.

Manage the risk & communicate

You have identified, logged, assigned owners and have risk responses in place, now is the time to ensure that the risks are effectively managed. Regular reviews of the open risks with the project stakeholders should take place and risk owners must be accountable for the risk responses. Your project communication plan should detail how senior stakeholders are notified of risks, including those that require escalation.

As the project progresses, new risks will become apparent and existing ones will pass without materialising, it is important that the project team identify and review new risks at regular intervals, through to project completion, including any post-project support periods.

Highpath’s experienced project leaders will ensure that your project risks are managed effectively and, with access to industry-leading collaboration tools, your project teams will remain up to date.

This Article was originally commissioned by our Partner Winterhawk and can be found here.