Risks are a given for any initiative or enterprise across industries. No wonder, PMI has dedicated a detailed process around risk management as part of their PMP certification.
Projects small or large all involve risks. Having the right understanding and strategy to handle risks is crucial to the project success and the enterprises’ too.
Risks can be of various types and probability and can be lurking across various corners of your project be it regulatory, natural, competition, change of business landscape, the advent of disruptive technology. You name it.
Take the e.g. of Nokia and Research in Motion (RIM). Both were the superpowers of the mobile phone industry. But the risk of not adapting to the new technology and user sentiment cost them their business and drove them almost to a point of no return.
To begin with, it has to be a mainstream activity and a must-have component of your projects. Right from the beginning!
It is a tough ask; no doubts about it. And neither is it everyone’s cup of tea.
Risk Management requires experience, thorough knowledge of your business, the projects you are dealing with and a lot of foresight.
But if done rightly, the rewards are significant. When the project stakeholders accord the due importance to risk management, they have increased their chances of success by 50%.
Having established the significance of identifying risks, let us take a look at some of the common risks in project management and strategies to mitigate them.
Budget and Cost Risks
Enterprises with an established PMO and that follow the project management practices thoroughly usually place a “contingency fund” into the project budget.
This is something that is controlled by the project sponsor and is typically between 5-20% of the total project budget.
A smart thing to do. But what warrants the need for the contingency funds? Risks!
When you think of risks associated with cost, the usual suspects are:
- Incorrect project cost estimation
- Change is the cost of materials involved in the project
- Delivery delays
- Outsourcing of work to expensive contractors and service providers
- Unexpected travel, purchase & licensing costs, etc.
- New regulatory and compliance requirements, policy changes
- Natural disasters
Be fully aware that managing and mitigating risks involve a lot of costs. A simpler e.g. is that of building a disaster recovery site for your IT infrastructure (data center). It is a risk mitigation plan baked right into the project management plan. And building such site requires quite an investment.
Again, understanding risks is important. Because it isn’t about building a DR site but how many, where? A lot of experience and planning goes into it.
Unclear Requirements or lack of Scope
Take a moment here and think, what the major contributors are towards the budgetary risks?
A deep hard look at your project scope will say it all. Nine out of ten times you will find that lack of a proper signed off scope is the source of a lot of man risks in the project.
How can a less than complete scope be so dangerous?
Well, to start with, you do not know what you are dealing with i.e.
- The project goal is unclear
- The extent of efforts and resources required isn’t known
- Skills required to deliver the project is unknown
- Technology requirements are missing
- Training, travel and tool costs cannot be estimated rightly.
Now running anything with so many vague elements is always dangerous and very soon the project is more of a rudderless ship.
Just translate this for the large and complex projects run by enterprises; 1000s of hours are at stake, a lot of skilled resources (expensive resources) coupled with delays. You are all set for a major cost overrun.
No one would like to run projects that aren’t profitable and further the organization’s vision.
It is not only the financial impact but a lot of intangible losses are joined at the hip too. To start with:
- Loss of employee satisfaction and morale
- Customer satisfaction and trust is dented
- Chaos all around leads to bickering among the teams
- Loss of reputation and impact on the brand
Lack of the Right Processes
Anyone with basic knowledge of PMP would know that there are 5 process groups and 47 processes. 47! Is something wrong with PMI?? Absolutely Not!
And there are 10 knowledge areas among these 5 process groups.
Integration Management, Scope Management, Time Management, Cost Management, Quality Management, Human Resources Management, Communication Management, Risk Management, Procurement Management, and Stakeholders Management.
“A quick look into these knowledge areas will give you enough context as why processes are so important to your projects.”
All the vital elements that go into project success are covered by these knowledge areas starting from the triple constraints to risk management and stakeholder management.
The logic here is noteworthy. All of these processes and the knowledge areas are to ensure all project elements function seamlessly and are tightly coupled.
Be it your signed scope, the resource plan, communication plan, risk plan, quality assurance, and the overall project management plan; all are there for a purpose –
I.e. each and every person involved in a project knows what he needs to do, when, why, how and where he can find all the information, tools and privileges to get the job done!
It is a grand puzzle that takes shape when each component is well-defined and implemented.
Imagine a scenario –
When the project teams aren’t aware of what they are supposed to do, whom they turn to in times of crisis, where do they find the project scope and if their deliverables are of acceptable quality? What do you think a project like this would look like?
The above scenario clearly indicates there is no proper scope document, no communication plan, no risk management plan, and no quality assurance plan.
So, as a Project Manager, ensure that the components applicable for your project are rightly baked into your project management plan. All of it and always!
Let us shift our attention towards taking charge and keeping our project risks to the minimum.
Getting Ready for Risk Management
Risk Management begins with risk identification, analyzing risks, making a strategy – risk response and continuous monitoring through each of the project phases.
The whole concept of documenting all of these is known as the risk management plan.
As a first step –you build a risk register! The risk register is the central home of all your risks.
But note: it is a team activity. You must aim to get as many hands-on the deck possible because one person can just not know it all. Secondly, it has to be a living document throughout the course of the project.
To identify risks you would deploy strategies like – brainstorming sessions, interviews with the SMEs, reviewing similar past projects, etc.
Risk analysis is a slightly complex process where the goal is to
- identify which identified risks are most likely to occur
- their impact on various project objectives
- likely investment required to mitigate and deal with those risks
Once you are done with Risk Identification and Risk Analysis you plan your risk response strategy!
So far it looks as if risks are bad. Very bad! Not entirely. Here it is fun.
Risks are usually categorized as – Positive Risks and Negative Risks
As the names indicate Negative Risks are threats which if realized will adversely impact your project and its outcomes.
On the other hand, Positive Risks are more often opportunities that you can plan to enhance and exploit to your advantage.
The typical response plans for negative risks are usually to avoid & transfer and if not escalate and accept.
Similarly, when it comes to positive risks your best bet is to enhance the probability of it occurring, exploit when it occurs. At the same time if it is too big for you to exploit alone you share and partner to realize the benefits.
If not, then you escalate and accept.
Note that escalate and accept are common response strategies for both risk types. In escalate you put the onus on the decision-makers, project owners and in accept – you just document it and take no action!
2 Right Steps!
In my experience, risks is a game of unknowns and is all about dealing with uncertainty. But the assuring part is there is enough information and guidance available to mitigate and deal with them effectively.
It is not the risk that cause failure. It is the act of negligence on our part to not prepare for it that puts us in harm’s way.
A Gartner research points out that
“Among IT projects, failure rate corresponds heavily to project size. An IT project with a budget of over $1M is 50% more likely to fail than one with a budget below $350,000. For such large IT projects, functionality issues and schedule overruns are the top two causes of failure (at 22% and 28% respectively)”
- The key is to focus on the right project management knowledge areas and actively implement the processes to track scope changes, defect management, time management, resource management, and project schedule management effectively.
- Project Management solutions have proven to be highly effective in delivering projects successfully with optimum satisfaction. On-premise or SaaS both provide a host of key project management features that are the need of the hour.
Thus, invest in proper adoption of the project management practices and the right enterprise project management tool for your teams!