CHAPTER 1
What Is Risk Management?
Can you name the ultimate project management four-letter word? You guessed it: R-I-S-K. This word is uttered either in complete confidence or under the breath as something the project manager wished he or she knew something more about.
Risk management is an integral part of project management. Iâll start this chapter with a discussion of the basics of risk management, including the definition of risk, the purposes of risk management, the processes involved with risk management, and principles of risk management.
At the conclusion of this chapter, Iâll introduce a case study that you can follow throughout the book. The project manager in the case study will handle issues in her project that Iâve discussed during the chapter. Donât be caught off guard if there are a few surprises along the way. After all, thatâs how most projects work.
Are you ready to dive in?
Defining Risk
Most of us tend to think of risk in terms of negative consequences. Itâs true that risks are potential events that pose threats to the project. But theyâre also potential opportunities. Thatâs the side of the equation we often forget.
For instance, did you know youâre taking a risk by reading this book? Youâre investing a few hours of your time reading about the topic of risk and risk managementâand for that I thank youâbut itâs time that you canât regain once you expend it. You will (I hope) get to the end of this book and realize you learned a lot more about risk than what you knew before you started. In that case, youâve taken on a risk and benefited from it. The risk (the threat of a loss of time that you canât regain) will thus end in opportunity because youâll have achieved something at the conclusion of the activity that you didnât have in the beginning.
NOTE
Risks are like exercise: no pain, no gain. Accomplishment is rarely possible without taking risks.
Likewise, you take other risks in your daily routine of which you probably arenât consciously aware. Perhaps you cross a busy intersection on the way from the bus stop to your office. You wait for the walk sign, look both ways before stepping out onto the curb, and proceed to the other side. But letâs say youâre late for a meeting with the big boss. You can stand on the corner and wait for the walk light, making you even later for the meeting, or you can cross against the light once the traffic has cleared. You weigh the consequences of both actions and decide to walk against traffic.
Chances are you probably didnât consciously perform a complete analysis of all the risks and their consequences involved in these two scenarios before reaching a decision. You likely made a snap judgment in both cases. In the first example, you picked up this book and thought youâd learn something by reading it, so you purchased a copy. In the second, you weighed the probability of getting hit by a car against the likelihood of getting yelled at by the big boss for being late. Even though the consequences of getting hit by a car have significantly more impact, you decided that being yelled at was a more likely outcome and chose to avoid this risk by taking on the other.
Organizations and individuals make decisions regarding project risks every day. They might use a formally recognized, documented process or go with the âfly-by-the-seat-of-your-pantsâ approach. I hope after reading this book you wonât exercise snap judgment about project risks anymore but will instead develop a sound methodology for identifying, analyzing, prioritizing, and planning for risks.
Project Risk
All projects begin with goals. The point of the project is to meet and satisfy the goals the stakeholders agreed on when the project was undertaken. Risk is what prevents you from meeting those goals. (What? Your stakeholders didnât agree on the goals? Weâll talk more about that in Chapter 4, âPreventing Scope and Schedule Risks.â)
NOTE
This may come as a surprise to all you eternal optimists out there, but all projects have risks. Unfortunately, covering your eyes and saying âyou canât see meâ doesnât make them go away.
As I stated earlier, most organizations, and most individuals, really, think about risks in terms of harm or danger. Whatâs at stake, how much could we lose, and how bad will it hurt? are the initial questions that surface when we think about risk. I donât mean to be a downerâbut Iâll spend the majority of this book discussing risks from the perspective of the threats they pose to the project (and their consequences), because after all, unidentified and unplanned for risks are project killers. Chances are youâve experienced a failed project or two as a result of unidentified or unplanned risks. As you progress through the book, Iâll discuss techniques that lower or eliminate the consequences of risk and thus give your projects a head start to success.
Organizations and Project Risk
Executive managers are responsible for making decisions that benefit the corporation, the shareholders, the constituents, and the others they represent. Whether it is a for-profit company, a governmental organization, a not-for-profit organization, an education-focused business, and so on, the executives at the top have one goal in mindâmaximize benefits to the organization and to their shareholders (all the while making themselves look good for future promotional purposes, but thatâs another book). To do that, the company must minimize bad risks while maximizing the opportunities that good risks may present. This is where you come in.
For executives to make good decisions, they need information. Risk identification and analysis is a part of the vital information theyâll use when determining a go or no-go decision regarding the project. And you are the one responsible for reporting on the risks and their potential impacts to the executives to assist them in their decision-making process.
Risk management, unfortunately, is probably one of the most often skipped project management knowledge areas on small-to-medium-sized projects. Many project managers I know take the attitude that theyâll deal with the risks when and if they occur rather than take the time to identify and plan for them before beginning the work of the project.
On a small project, even just an hour or two of time spent on risk management can mean the difference between project success and project failure. The information you learn doing simple risk analysis could prove invaluable to your organization. I canât guarantee you project success, but I can guarantee you a much higher potential for project failure if you donât practice basic risk management techniques and inform your executives of the potential for bad juju before it hits.
Applying the risk management processes youâll learn about in this book will help you manage successful projects that improve your organizationâs performance, profits, efficiency, and market share; provide better market presence; and meet the organizationâs goals.
The Spotlight Series is geared toward those of you who manage small-to-medium-sized projects. You and I are the ones out there keeping the everyday business functions forging ahead with the small-to-medium-sized projects such as consolidating servers, launching websites, conducting space planning, implementing new purchasing procedures, and so on.
You may be asking, âWhat does small mean?â Well, the answer is relative. A small project with minimal impact to one organization could be huge with devastating impacts to another. For example, your $50,000 project in an organization that generates $500 million a year in revenues is relatively harmless to the bottom line if the project should fail. Conversely, the failure of a $50,000 project to a small business owner could send her into bankruptcy. A small business owner likely couldnât afford the impact of even one risk consequence whereas the large organization could easily invest twice the original amount of the project without batting an eye. Therefore, the risk to the organization is relative as well. (Donât fool yourself, though; youâll have to report to someone about why the original $50,000 wasnât enough. The risk in this case rests with you. Did you plan the project appropriately? Did you estimate activities and budget accurately? And did you identify and plan safe, client-approved strategies for managing risks that could have caused the need for more project funds?)
Remember that your success with small projects will win you larger and larger project assignments. One way to assure you get those juicy assignments is not skipping the risk management processes.
Your company takes on risk with every project the executive team approves. They supply resources, time, money, and sometimes even stake their reputations on projects. Those same resources could be applied to other projects. But the decision makers weigh the possible outcomes of your project over another and decide to run with the project youâre assigned. When projects are approved, the benefit, or perceived opportunity, outweighs the perceived threat of not completing the project. When the opposite is true, the project never sees the light of day.
NOTE
Most organizations (and individuals) will take risks when the risk benefits outweigh the consequences of an undesirable outcome.
You may be scratching your head right now wondering why the co-worker downwind from you got his project approved while yours was nixed for no apparent reason. Many things can come into play in decisions such as this, including power plays (someone somewhere doesnât like someone else who may benefit from the project), the executive in charge doesnât like the project, favoritism, and other similar office politics. More apparent reasons might play a part as well, such as the project isnât in keeping with the companyâs mission, no money exists for the project, enough resources arenât available to apply to the project, the risks outweigh the benefits, and so on. Iâm certain you can come up with as many reasons as I can.
As you explore risks and consequences and their impact on the organization through the course of this book, keep in mind that executives sometimes seem to defy logical reason when making decisions. They choose projects that have risks with potentially devastating consequences to the organization while brushing off other projects that to us seem like a no-brainer. So when youâre wondering about why your project wasnât approvedâmy advice is donât. Move on to your next assignment and apply solid project management and risk management techniques to help assure its success.
Purpose of Risk Management
The good news is risk isnât the enemy. The bad news is the consequences of ignoring risk can be. What you donât know can hurt you when it comes to risk. The goal of risk management is identifying potential risks, analyzing risks to determine those that have the greatest probability of occurring, identifying the risks that have the greatest impact on the project if they should occur, and defining plans that help mitigate or lessen the riskâs impact or avoid the risks while making the most of opportunity.
Project management means applying skills, knowledge, and established project management tools and techniques to your projects to produce the best results possible while meeting stakeholder expectations.
Risk management means applying skills, knowledge, and risk management tools and techniques to your projects to reduce threats to an acceptable level while maximizing opportunities.
More specifically, risk management concerns these five areas:
⢠Identifying and documenting ...