5 steps of project risk management
Strangers from distant lands, friends, we have gathered here to answer the threat of risks.
“Life is more risk management, rather than exclusion of risks” – Walter Wriston
I will tell you why I love this quote. The very definition of risk tells us that you may be in a situation involving potential exposure to danger, harm or loss. How often do you find yourself in such situations? The best answer is “more often than not”.
What I mean is that nobody is safe from potential risks in life. If you’re managing a project, those chances are even higher. Every smart project plan should include a section on risk management mandatorily. But the problem is you can’t perfectly plan for every possible outcome there might be.
Risk management isn’t only about preventing disaster. Risks can also have unexpectedly great outcomes. They say “if you don’t risk anything, you risk everything” – this means that you need to take risks every once in awhile to achieve success, but the difference is in the knowledge of those risks, the ones you take voluntarily and the ones that hide in the dark, waiting to strike when you are least prepared.
Being on a lookout for potential risks, having extraordinary skills of estimation and project planning is very good, but you also need to understand that you are never safe. You need to be prepared to fight back whenever your project is exposed to harm.
Here are the 5 steps of risk management that every PM has to know about:
The first and probably the most important step is to identify the risk as fast as you can. In earlier stages the risks may be easy to eliminate or minimize their impact, but if you leave those unattended, you may just end up in disaster.
It’s very similar to cancer. The early stages of cancer most of the times go unnoticed and the person suffering from it doesn’t feel inconvenience so the corrupted cells are never found until it’s almost too late. The best way to counter this is seeing your doctor on a regular basis, once every 4-6 months.
The same concept can easily be implemented for projects. While 6 months may be too long in this case, regular monitoring will be your best friend. Depending on the project, establish regular overseeing days when you will assess the whole project from top to bottom, scanning for those corrupted cells that aim to destroy your project from within.
After you identify the risk it’s time to analyze it. What stage is the risk in? What is the nature of the risk? What can you do to eliminate it or maybe make a change in your plan to avoid it? Also you need to assess the consequences of the risk. What will happen if you continue with your plan without any changes? What are the chances of the risk materializing into something harmful?
Try to calculate or estimate every possible outcome and weight everything accordingly. It’s important to look at both sides of the matter. It’s never a good idea to avoid each and every risk you encounter. There may be cases when you would want to consider taking a calculated risk to try and achieve success faster or maximize the efficiency of your work.
After carefully calculating each outcome, it’s time to evaluate those outcomes. Are the outcomes important enough to care about them at all? Is it worth going for something that may or may not result in success? What will you gain or lose in the best and worst case scenario?
Questions like these will help you understand whether you need to take corresponding action to answer the threats or not. Don’t forget about the possible positive outcomes: calculated risks are tricky, but they may just be the thing you need to achieve your best case scenario in a given situation.
This is also known as risk response actions. After calculating the possible outcomes you need to decide how to respond to each risk. While small risks may not affect your project at all and may not be worthy of spending time on those, leaving matters completely unattended isn’t a wise decision.
Some kind of response has to be generated for every potential harm or opportunity, even if it’s a small one. If you are not sure of the outcomes or your calculations tell you that something has a high chance of failure, you may want to avoid the risk just in case. Better safe than sorry.
The last step will be to monitor the risk to ensure that everything is going as it should. Just like in case of cancer, when a person has been treated for it, doctors still monitor the patient and schedule appointments every once in a while to make sure everything is going fine.
What this means for PMs is that after you take action, you absolutely need to keep a close eye on the matter to ensure nothing goes amiss.
Risk management can be tricky, but it also can be mastered. As a project manager it’s your job to defend against incoming harm, whether it’s coming from inside or outside. Be on the lookout for potential threats and schedule regular monitoring and assessments, regardless if you are aware of any risks or not.
At the end of the day, you will never be able to defend against every possible threat by 100 percent, but doing everything you can to get as close as possible to the 100 percent outcome is your best defense tactic. Keep it real -)
Pavel is a doctor who happens to have an MBA degree and a strong passion for writing. "I am a do-it-all kind of person: When I am not writing, I am busy curing people, when I am not curing people, I tend to kill WCG competitions. Life is fun, and full of wonders: Do what you enjoy most, even if it’s everything at once."