Project Risk Management

Hello, project managers, not pmps. Today we’re going to talk about risk management. Yes, we should have had this session long time ago well before the implementation phase, of course. But let’s face it, how many of you in real life I have real projects now? Quite a few. But how many of you have a system to monitor risks on a regular basis, not too many. So it appears that as project manager, I am not really different. But I am a certified recovering project manager. And that means that I have some experience that I am ready to share with you. Risk Management is often skipped or ignored. But the root cause of the problem is that many managers believe that it’s a complicated process. But it’s not difficult. Not at all. It’s a simple process, and a very important one, you will be able to manage risks or run an exemplary risk assessment session in 1015 minutes from now. So get yourself a coffee, call your team and about 1015 minutes, you will know how to go about it. Stay with some risks management gurus suggest to visualize risks as something that stands between your project and your project purpose. Thus, if we eliminate the risks, we get to the purpose right away. In order to understand this modal, we first have to make sure that the team understands what these three elements of the project risk management are. Because the entire risk management process is very subjective. So in order to get meaningful results, you have to be on the same page with your team. So to get started, you make sure that your team remembers the purpose of the project. And you ask this question, why are we doing this? We asked the same question during the planning phase of our course. In order to focus the team on the purpose, the purpose of the project doesn’t change throughout the project. Another thing that you have to remind your team is the project constraints. And you should remember, especially as project manager, that you have three key project constraints. And out of the three constraints, you have to remember which one you are willing to let go in order to achieve the project purpose. Finally, before we get into the risk assessment, we have to clarify what risk is by definition, risk is an event that has a non zero probability to happen with either positive or negative effect on the project outcome, in simple words, risks, something that may or may not happen, and maybe will help or hinder the project. Let’s agree here that within this course, we will consider only negative risks. Again, some gurus will disagree. And actually I know where they’re coming from academically they are right risks are something that could have positive or negative impact. But because the purpose of our class and this lesson is to learn quickly, how to get going with risk assessment risk management, we will consider only negative risks. Now, at the same time, we will remember that in project management to the zero we absolutely consider positive risks, but we call them opportunities. As you remember, we considered opportunities where we’re doing optimization of project plan in one of our previous lessons. Now that we have established the baseline understanding, we can go to the first step of risk management process, which is risk identification. In this step, you ask your team, what might affect our success. Now that we know the goal, we may identify the risks, which are the things that may or may not happen and they may affect our progress towards the project purpose. This risk management exercise is a must have for any endeavor that has the status of a project even if relatively smaller. And for the first risk management session, which is actually risk identification. I suggest to have a separate standalone event where you have your extended team collected and focus entirely on the risk identification for the next session. Within the risk management process, you may decide to have a separate meeting or best practice is to have a standing item on your team meet on a regular team meeting agenda, which is called risk management. Likewise, it is good to create a risk register right in the beginning of the risk management process, and to have this risk register stored somewhere on the server so that it is shareable with the entire project team. The best way to collect risks, at least at this first risk identification session is similar to what we use during the optimization session when we collected positive ideas or opportunities. Not surprising that here we would I suggest to use the same technology consistent or whiteboard and sticky notes. And as a meeting leader, then you collect all the notes and register them in the risk register file. The only guideline for risk register is to keep it simple. Keep the number of columns to the minimum, of course, not at the expense of clarity. But it is up to the project management to decide what is the right balance. Eventually it will come with a form that is best for your project and for your project environment and for your organization. In most cases, you will have about probably 10 fields or 10 columns. And they will absolutely include the following the sequential number just to see the number of risks risk ID to make it easy to refer to same risk name a short name of the risk that you can use when you discuss risks, risk description, sometimes it also helps and risk category, which may be used when later on when you have many risks on your table. It helps to categorize and analyze the situation with Project risks. And now we’re ready to go to the next step of the risk management process, which is risk assessment. Risk Assessment is answering the question, which of the risks are most important? For risk assessment, we will add three more columns to our risk register. They are risk probability or likelihood, which is a one to five maximum scale. You don’t need to be more precise because it’s a very subjective ranking anyway. Next column is risk impact. And the third column is risk score or rank, which is actually an automated field that gives you the product of risk probability and risk impact. There are several ways to assess these risk parameters. But they’re all very subjective anyway, and so reaching a consensus by a simple open vote, and calculating the average number is probably the most effective. If we set up our file properly, then all the data at this stage it will color code our risks and we will see which risk is more important. But in any case, now as we’re doing it as soon as spreadsheet, it’s the best way forward is to use the native functionality for Excel sorts to them as in the database by the last column in descending order. This is called risk prioritization. Depending on your project and what’s at stake and how many risks you may have already identified, you will have to agree on the cut off rank that is if your risk has ranked below a certain number you will not consider for the time being there is no state interest register, but you will attend to it only after you will have finished with more reporting risks that are prioritized higher with a higher rank. Let’s assume that we decided to just ignore for now, any risk that is rated six or below. Your next question is What should we do about those prioritized risks? There are four types of risk response as you remember from regular project management and risk management which are avoid, mitigate, transfer or accept So and that is what we will reflect in the next field in the risk register. Optionally, you may add another column and include a short action plan, and perhaps yet another column with a due date. And then maybe yet another call with the new expected risk rank after your intervention. Some project managers prefer doing just that. But I find that dangerous because your risk register grows out of proportion and may blow up creating yet another risk. So, basically, once again, keep it simple. I would say that it is also against project management to the zero approach to have so many coins because here, you will be trying to control it. And this is micromanagement, it only makes things worse, because you can force people to work harder, but you cannot force them to work better. The only way to work better is if you motivate them, and you can motivate them if you make them owners of this risks. So the best practice here is to have just one column with the name of the risk owner and by the way on the one owner to risk we will get back to that in the next lesson. And as for this lesson, for now, Congratulation, you are done with a major step in risk management process. If you had wisely separated this part of the process into a specially organized event, a separate meeting, then now you can close the meeting. The continuation will be either at the next special meeting, or during your next regular team meeting, where I suggest to have a standing agenda item which will be called risk management. Here is how it is done. From now on. Risk owners will follow the risk mitigation plan that you have just developed and documented at the risk identification and assessment session and report their progress to visualize the progress. Another best practice for you use this stoplight chart. Your next question has to be asked regularly whenever you revisit the risks during your team meetings. The question is did our risk mitigation plan work? This is called risk monitoring. The effectiveness of your mitigation action will be seen right away from your stoplight monitor because the risks will shift from red to green. While updating your risk register on a regular basis, you will eventually drop some of the risks when the rank will go below the cutoff level. And actually you will get some new risks that your team will suggest and you will start monitoring them. And unless it’s a very huge and very risky project, you do not really need another risk identification session in order to start monitoring and mitigating those risks. However, at every project meeting during the risk management part, you have to ask your team or the risk owners what has changed, what new risks Do we have and if they have any new risks, they will report to you and you will add them to the register and proceed in the same manner. That’s the entire risk management process is actually a circle, you have to run this circle continuously with your team and thus you will successfully reach your goals and the project purpose. So now you know everything you need about project risk management and you can do it on your own with your team and get a step closer to success. Do not put it off, start a good habit of risk management and share your best practices with us. Man I can do when we meet again next week. Whether risk side this is part of project managers not PMP is course to stay in the know subscribe to collective