Beruflich Dokumente
Kultur Dokumente
In many projects, risks are identified and analysed in a random, brainstorming, fashion.
This is often fatal to the success of the project, as unexpected risks arise, which have not
been assessed or planned for and have to be dealt with on an emergency basis, rather than
be prepared for and defended against in a planned, measured, manner. Very early in the
preparation and planning stage, it is essential that potential risks are identified, categorized
and evaluated. Rather than look at each risk independently and randomly, it is much more
effective to identify risks and then group them into categories, or, to draw up a list of
categories and then to identify potential risks within each category. This way, common
influences, factors, causes, potential impacts and potential preventative and or corrective
actions, can be discussed and agreed on.
Categorising risks is a way to systematically identify the risks and provide a foundation for
awareness, understanding and action. Each project will have its own structure and
differences, but here are some categories that are common to most projects (to which you
can add your own local, sector, or project specific, categories). I have not given deep detail
here, but your project team and sponsors should be able to relate to these categories and
use them in the risk assessment process. For example, with "operational resources" your
team can discuss issues such as, availability, delivery timing, cost, capability, necessary
conditions for operation (eg. ground, weather, light); with "stakeholder resources" your
team can identify all stakeholders and list potential risks that these stakeholders may
generate, such as bad publicity from the media, delays caused by community or
environmental groups, delays caused by utility companies, problems with trade unions.
Related risks and potential actions, must then be documented in the risk management plan
and discussed at all the key stages as the project progresses. All the details and the actual
action taken and the outcomes, must then be recorded and reviewed during the closure and
review stage, for lessons to be learned and applied to future projects.
Here the question that most project managers ask: "how do we know if we can manage the
risk, if it arises?" Often, sadly, no evaluation is carried out to determine the expertise,
experience, capabilities of the team, individuals, organisations that would be required to
deal with, manage that risk, if it occurred. As a result, if it did, the team may not be able to
deal with it effectively, even though the initial forecast was that the risk could be managed.
This happens frequently when the planning team is not the project team that manages the
project and/or when key individuals in the original project team leave the team during the
project and are replaced by individuals with different skills, experience and capabilities. The
clear message here is that setting a risk tolerance level is a dangerous business. Each
potential risk needs to be carefully, rigorously, analysed and the project team, the
supporting teams and individuals, the organisation(s) involved in managing the project, all
need to be evaluated to determine whether there is the capability to manage that risk
successfully, should it arise. Where gaps in capability are identified, then appropriate
corrective action must be taken. During the project itself, this capability must be constantly
monitored and, where necessary, action taken to return the level of capability to the
required level.
Conflict over resources often arise during the middle to later stages of a project, because,
often unexpected other, newer demands arise which are seen as being of higher priority.
This can lead to resources that were originally allocated to the project being taken away, or
reduced in quantity or quality, almost certainly to the detriment of the project. The answer
to this dilemma is not easy, but in essence, the project management team must include
"conflict over resources during the life of the project" as a major potential risk and plan for
it accordingly by securing agreements and then monitoring the situation continuously. If a
dispute does arise, there is a role here for the project champion and or the client to ensure
that the allocated resources are not taken away.
Fundamental to many of the issues that we discuss here is the question of who should be
responsible for risk assessment and management. Too often the responsibility for risk
identification, assessment and management, are left to the project team, especially once
the project has started. But there are other individuals and groups, including some external
stakeholders, who should be continuously monitoring particular activity and feeding back
regularly to the project team leader. Some are easy to identify. They include of course, the
client, the sponsor, key specialists in the project team's organisation, or organisations, the
major external participants, such as emergency services, local authorities and contractors.
The easy way to identify other individuals and groups is to look at your list of stakeholders.
Each one has a responsibility, to a greater or lesser degree, to help identify potential risk
and give information on this to the project team. Again, the answer to managing the
question of risk responsibility is to build discussion, planning and action, on this into the
project planning and operational activity.
CJ Williams is a tutor and management consultant currently working with Brighton School of
Business and Management in the UK, specialising in Business and Management courses
taught via distance learning. The writer, CJ Williams, can be contacted
atcjwilliams@brightonsbm.com or via Brighton School of Business and Management
By Cliff Murphy
IT systems are at the heart of modern business and the development of new software
applications and maintenance of existing systems are critical to productivity and
profitability. Advances in software technology over the last 20 years have allowed
progressively more complex business solutions to be created enabling companies to offer
their customers exciting new services and products. And yet, software development projects
still suffer from similar problems and characteristics, regardless of the technologies being
used, that they suffered from more than ten years ago.
A report from the Standish Group clearly shows that the reliability of delivery of IT software
applications has not improved over the years. Figure 1 is for 2001 and this looks remarkably
similar to a diagram from the same source in the early 1990's.
Figure 1: Software Projects
The important question that needs to be addressed is why is software development so
risky?
Change Is Inevitable
All software projects implicitly have associated risks. One of the major sources of risk
results from changes that occur during the project's lifecycle. In its most common form, this
is seen as changing user requirements. It is, however, not just confined to this area. For
example the following changes all present real risk to projects:
3. Changes to any external systems with which the new software must work
How you deal with changes to the project is the key to reducing your development risks,
and to increasing the overall chances of success of your project.
But what is the best way to do this? The major influence lies in the development process
you choose and not the technologies being used.
3. Do the system requirements actually reflect the true needs of the users?
4. etc...
Adaptive software development processes realise that producing software is a risky business
and highly unpredictable in nature. They also recognise that the best mechanism for
achieving successful delivery is to contain and mitigate risk by means of the regular and
controlled delivery of testable software code to provide a reality check on progress and to
give feedback to the users throughout the entire lifecycle of the project.
Key Principles
There is no single overriding rule that guarantees project success but the following key
principles will greatly increase your chances:
Change Control
This is very different from stopping change from occurring to your project. Instead the
emphasis is on the careful consideration of new requests and deciding (with the users) how
these should be accommodated. For example, if the delivery date is fixed, does a new
request mean that an existing requirement has to be removed from the live release, or that
a further system release should be considered?
The benefits of risk management in projects are huge. You can gain a lot of money if you
deal with uncertain project events in a proactive manner. The result will be that you
minimise the impact of project threats and seize the opportunities that occur. This allows
you to deliver your project on time, on budget and with the quality results your project
sponsor demands. Also your team members will be much happier if they do not enter a "fire
fighting" mode needed to repair the failures that could have been prevented.
This article gives you the 10 golden rules to apply risk management successfully in your
project. They are based on personal experiences of the author who has been involved in
projects for over 15 years. Also the big pile of literature available on the subject has been
condensed in this article.
26 Sep
2010
Risk management is the heart and soul of project management. Failing to practice it right
can have fatal consequences on projects and programmes. Doing real effort in the planning
stage can save the entire investment and will increase the likelihood of project success.
However, planning alone is not enough if monitoring risks is not handled seriously. These
are seven deadly sins of risk management and how to take preventive actions to avoid
them.
3. Ignoring Subjectivity
Subjectivity can make risk management lose its essence. You will find that risk averse stakeholders
will identify large numbers of risks; in contrast, risk takers may be oblivious to real risks. It is
important to mediate these conflicts during risk identification.
The risk identification process is substantial for successful risk management. I believe that
identifying risks will always get 60% of the job done, and the rest is sort of "Just Do It!"
There are different information gathering techniques to solicit stakeholders' input. The
perpetual problem of risk management information is subjectivity. Different people will
perceive risks in different ways. For instance, a financial risk may not grab a technical
manager's attention, and a technical risk is very unlikely to be deemed as a risk by a
financial manager. It is the responsibility of the risk management team to remove
subjectivity and ensure quality of risk information. Subjectivity can be avoided by using the
Delphi Technique, as it keeps the views of different subject matter experts anonymous,
even after finishing the identification phase.
7. Doing it Once
Risk management is an iterative process and should be practiced in all project stages, from
inception to closure. It is not right to do it during the planning stage only, nor is it right to
stop looking for new risks during the execution phase. Many project managers conduct risk
identification at the beginning of the project, and shelve risks until they turn into issues.
The project manager should elevate the culture of risk management and ask team members
to report new risks. The new risks have to go through the process of analysis and response
strategy planning. The project manager has to visit the reserve balance and make sure that
no risk will have no contingency. It is also important to put risk management on the agenda
of frequent progress and status update meetings.
These are the seven deadly sins of project risk management as I could identify them. It
would be great if you can share your experience and articulate what could be a sin in risk
management from your perspective and how to avoid it.
Kareem Shaker, PMP is a project manager at Dubai World, he has over 10 years of
experience in IT projects, consulting, and pre-sales. Read his blog
atwww.KareemShaker.com
Opportunities Arise
Risks happen in any project and some may have been predicted and planned for while
others may not have been. The project is the project with its set requirements, that's what
everyone accepts as the truth. But, what if a risk occurs which starts to make you think
seriously about the validity of the project or the direction in which it's going? When
reviewing the project risks and looking at those that have occurred ask yourself the
question "Does this project still need to go in this direction or should we consider altering
it?" Of course, the ultimate might mean cancelling the project altogether, never an easy
decision for anyone.
So, are all risks bad? Of course not. Make sure you are managing the risks that are
appropriate to the project and make related programmes and projects aware of them and
you are most of the way there. Opportunities can be anywhere within a project space, but
just remember to think about them as you go through the risks; it starts to make that risk
review meeting far more meaningful.
Paul Slater owns and runs Mushcado Consulting in the UK, advising businesses and
organisations on how best to employ project management techniques to improve project
delivery. As a leadership coach, he works with individuals and organisations to bring out the
potential inherent in people. You can follow Paul on Twitter @Mushcado
Organisational Context
A fundamental principle of all generic management methods, including PRINCE2 and MSP as
well as M_o_R, is that all organisations are different. Project managers, programme
managers and risk managers need to consider the specific context of the organisation in
order to ensure thorough identification of risks and appropriate risk treatment procedures.
The term 'organisational context' encompasses the political, economic, social, technological,
legal and environmental backdrop of an organisation.
Stakeholder Involvement
It is easy for a management team to become internalised and forget that stakeholders are
also key participants in everyday business procedures, short-term projects and business-
wide change programmes.
Understanding the roles of individual stakeholders and managing stakeholder involvement is
crucial to successful. Stakeholders should, as far as is appropriate, be made aware of risks
to a project or programme. Within the context and stakeholder involvement, "appropriate"
concerns: the identity and role of the stakeholder, the level of influence that the stakeholder
has over and outside of the organisation, the level of investment that the stakeholder has in
the organisation, and the type, probability and potential impact of the risk.
Organisational Objectives
Risks exist only in relation to the activities and objectives of an organisation. Rain is a
negative risk for a picnic, a positive risk for drought-ridden farmland and a non-risk for the
occupants of a submarine.
It is imperative that the individual responsible for risk management (whether that is the
business leader, the project/programme manager or a specialist risk manager) understands
the objectives of the organisation, in order to ensure a tailored approach.
M_o_R Approach
The processes, policies, strategies and plans within the M_o_R framework provide generic
guidelines and templates within a particular organisation. These guidelines are based on the
experience and research of professional risk managers from a wide range of organisations
and management backgrounds. Following best practices ensures that individuals involved in
managing the risks associated with an organisation's activity are able to learn from the
mistakes, experiments and lessons of others.
Reporting
Accurately and clearly representing data, and the transmission of this data to the
appropriate staff members, managers and stakeholders, is crucial to successful risk
management. The M_o_R methodology provides standard templates and tested structures
for managing the frequency, content and participants of risk communication.
Support Structure
A support structure is the provision within an organisation of standardised guidelines,
information, training and funding for individuals managing risks that may arise in any
specific area or project.
This can include a centralised risk management team, a standard risk management
approach and best-practice guidelines for reporting and reviewing organisational risks.
Review Cycle
Related to the need for early warning indicators is the review cycle. This establishes the
regular review of identified risks and ensures that risk managers remain sensitive to new
risks, and to the effectiveness of current policies.
Overcoming Barriers to M_o_R
Any successful strategy requires thoughtful consideration of possible barriers to
implementation. Common issues include:
Supportive Culture
Risk management underpins many different areas and aspects of an organisation's activity.
A supportive culture is essential for ensuring that everybody with risk management
responsibilities feels confident raising, discussing and managing risks.
A supportive risk management culture will also include evaluation and reward of risk
management competencies for the appropriate individuals.
Continual Improvement
In an evolving organisation, nothing stands still. An effective risk management policy
includes the capacity for re-evaluation and improvement. At a practical level, this will
require the nomination of an individual or a group of individuals to the responsibility of
ensuring that risk management policies and procedures are up-to-date, as well as the
establishment of regular review cycles of the organisation's risk management approach.
Simon Buehring is a project manager, consultant and trainer. He works for KnowledgeTrain
which offers management of risk training in the UK and overseas. He can be contacted via
the M_o_R Practitioner training website.
• Time. Because market forces today are continually changing, and at such a fast
pace, the longer a development project takes to get off the ground and cycle through
to completion, the more likely it will be that the software will fail to meet the current
needs of users. Requirements and priorities can change multiple times as projects
progress through planning, development, testing, and production.
• Scope. Poor communication, time creep, and intense market competition lead to
scope creep, where requirements are frequently changed and added to the project
without a proper evaluation of their true importance and without corresponding
increases in resources, budget, or schedule. A project whose scope is too broad will
become too complex, exceed allotted costs, overrun schedule, and ultimately fail. A
project whose scope has been defined too narrowly may finish on time, but likely will
fail to perform according to customers' real requirements.
• Risk. Success for any IT project, particularly in software development, is very much
dependent on effective management of risks, both early on in the project and
throughout its lifespan. Not long ago, risk was defined almost exclusively in negative
terms, but in the past seven years or so, risk management philosophy has expanded
to include unexpected opportunities. "Risk can be defined as uncertainty that
matters," says David Hillson, director of Risk Doctor and Partners, a well-known
global consulting firm specialising in project risk management. "Uncertainties, when
they happen, can damage a project, but some uncertainties can help."
For example, new hires can bring new expertise that takes a project in a positive new
direction. A company could discover reusable code that it didn't know it had. Certain parts
of a project could finish early, opening up possibilities that seemed impossible at first. "You
can either rely on good luck or be proactive and seek out those opportunities."
There is more than one approach to risk management. The most widely known is probably
the one detailed in A Guide to the Project Management Body of Knowledge (PMBOK Guide)
published by the Project Management Institute (PMI), considered by many to be the project
management bible. Like any religious text, the PMBOK Guide has its legions of followers as
well as its fervent detractors, and alternative methodologies abound. But most approaches
to risk management follow steps similar to those outlined below.
• Avoid it. Sometimes it's possible to find a strategy for avoiding a risk completely.
For example, if there's a risk that a certain supplier will deliver an essential item too
late to meet your deadline, it may be possible to use a different supplier.
• Minimise it. Some ways to minimise risks include lining up contingency plans and
funding, bringing in team members who have the expertise to take over a key task if
other members quit, or nurturing a positive relationship with people outside of the
team whose co-operation is essential for success. "No one person should be so
indispensable that losing this resource would mean a significant delay for the
project," says Fitzgerald. In one of her projects, Fitzgerald had to add $80,000 to the
budget in order to hire a consultant who could take over if an unhappy critical team
member quit. "In every organisation, there's an off-org chart network of people who
get things done," says Fitzgerald. "Build your team so that you are tied into that
network from the start." Fitzgerald also points out the importance of putting together
a team of people who are known to be flexible and eager to adjust to new
circumstances.
• Transfer it. Sometimes you can hand over responsibility for certain risks to a
vendor, an outside consultant, or even a stakeholder.
• Accept it. If the impact and probability are minimal, it may not be worth addressing
the risk at all.
Again, it's always a good idea to keep records of successful strategies from past projects
that could be useful for addressing the risks of a current one. This is also the time to assign
each risk to an owner who will be responsible for detecting and addressing it.
Get Real
A structured risk-management process is vital to success, but it's also important to align the
structure to the size and type of project and to your company philosophy. "Your risk process
should be scalable," says Hillson. "A small project probably requires a light touch, perhaps
an hour-long meeting every couple of weeks." On the other hand, a large project at a large
company with many players and stakeholders very well could require a highly structured,
detailed approach to managing risk. Perhaps more important, however, is to cultivate an
organisational culture in which everyone understands and lives the concepts of risk
management instinctively. Fitzgerald offers this suggestion: "Your company should adopt an
attitude that likens risk management to breathing."
ExecutiveBrief, the technology management resource for business leaders, offers proven
tips, techniques, and action plans that companies can use to better manage people,
processes and tools - the keys to improving their business performance. To learn more,
please visit: http://www.executivebrief.com
© ExecutiveBrief 2008
By ExecutiveBrief
Risks your project or business is exposed to may be worth reviewing now more
than ever to see which ones need more attention than others.
Risk is a concept that denotes a potential negative impact to an asset or some characteristic
of value that may arise from some present process or future event. In everyday usage, risk
is often used synonymously with the probability of a known loss. Risk is measured in terms
of impact and likelihood. Since risk is directly correlated to loss, it is important to be able to
assess risks in one's business and to address them. Needless to say, inattention to risks can
definitely affect a company's bottom line.
Some businesses actually go by without a formal risk assessment policy, nor is there a unit
that directly assesses the impact of risks in the organisation. We have been so accustomed
to risk in our everyday lives that the tendency is to ignore minor ones and react when major
ones occur. Moreover, effective risk management carries with it some costs, which, when
presented to stakeholders, naturally would lead to questions on how the costs could be
justified.
Risk management is a modern buzzword, but in no means a new science. More and more
businesses and organisations recognise the need to identify risks within them so that they
can be controlled and mitigated. It is important to exercise risk mitigation when it affects
people, the environment, and one's business, to name a few. Risk avoidance cannot make
the potential of even greater loss from happening go away.
The question is, as a manager, how would I know which particular sets of risks need a
special level of attention? Given limited resources, how would I know which particular types
of risks need to be prioritised and addressed?
A risk matrix is a risk assessment tool which exposes aspects of risks that could be
subjected to some form of ranking. The matrix has ranges of consequence and likelihood as
axes. A risk matrix shows the manager and the decision maker a clearer view of what the
risk is, what is involved (in terms of procedural changes, costs, behavioural adjustments,
and the like), and what amount of time can be afforded given the severity and probability of
the risk event. It can help a manager visualise, in an organised manner, the risks he or she
faces in quantitative and qualitative terms and plan and make a more informed decision
when the situation arises.
How does one construct an effective risk matrix?
• Closure to business.
• Violation of law/regulation.
I recently posted an entry on a risk assessment tool you can download and use. Risk
management (or more precisely risk avoidance) is a critical topic, but one that is often dull
to read about and therefore neglected. One of the few useful and entertaining books on the
subject is "Waltzing with Bears: Managing Risk on Software Projects" by Tom Demarco,
Timothy Lister, authors of the ever popular "Peopleware" . This post provides a useful
summary of their top 5 software project risks.
While not an agile focussed book, I find it interesting that of the top five software project
risks identified in Waltzing with Bears, all have suggested solutions rooted in agile methods.
Demarco and Lister rate the top five risks and their mitigation strategies as...
On Agile Solutions
It should really be no surprise that agile methods have techniques built right into them to
address each of the top software project risks. They were created out of the experience of
what worked well for practical software development. Given that these problems occur time
and time again on software projects it is natural that their solutions should become baked
into the DNA of agile methods.
So, while risk management is a dry and dull subject to many, Waltzing with Bears brings the
subject to life with valuable pointers for software project managers and is a recommended
read.
Mike Griffiths is an independent consultant specialising in effective project management.
Mike was involved in the creation of DSDM in 1994 and has been using agile methods
(Scrum, FDD, XP, DSDM) for the last 13 years. He serves on the board of the Agile Alliance
and the Agile Project Leadership Network (APLN). He maintains a leadership and agile
project management blog at http://www.LeadingAnswers.com
2. Insufficient preparation
3. Inadequate resources
4. Lack of control
• Requirements identification
• Third-party involvement
• Political/cultural environment
Risk identification is only the first step. Risks need to be assessed to quantify and prioritise
them according to their impact on the project. Keep in mind significant professional
judgment is required during the assessment process to quantify the magnitude of potential
negative impact and to develop risk control measures. The assessment process should
determine the (1) likelihood of the risk occurring, (2) range of outcomes, (3) estimated
timing of the risk, and (4) the frequency with which it will occur. It should also determine
the warning signs of the risk that will forecast that the occurrence of the risk is imminent.
The prioritised risks provide the basis for establishing Project Success Factors (PSFs).
Specific action plans are developed to address each PSF. For example, assume that required
key policy changes are a high risk. An action plan must be developed to:
• Obtain strong support for the project team from executive management
Once risks have been identified and assessed, mitigation plans should be developed. The
plans document what the response will be when a risk event occurs. Keep in mind a
mitigation plan might be to do nothing to mitigate the risk. The need is to accept that a risk
exists and be prepared to deal with the consequences when and if it happens. This type of
action plan typically applies to low priority/minimal project impact risks. A mitigation plan
should outline plan B for the project area impacted by the risk. Knowing what plan B is prior
to having to execute it will greatly reduce the probability of increasing the negative impact
of the risk event or causing other unknown risks to occur.
An effective risk project management process means choosing and implementing risk-
control strategies that work. Identifying, assessing, and developing mitigation plans are not
one-time events. These processes need to occur throughout the life of the project. As the
project progresses and project risk changes occur, documentation resulting from the
identification, assessment, and mitigation planning processes need to be updated. The risk
management process must be continuous.
Canadian Management Centre has earned the reputation as a trusted partner in worldwide
professional development, project management and management education.
In this article we'll address the people swirling around your project: stakeholders. You'll find
some tips and other resources for optimising stakeholder involvement in your project.
• Who cares?
1. Identify risks.
So on your next (or current) project consider treating your stakeholders as opportunities or
threats.
Step Two: Analyse and Quantify the Risk (What do they care about?)
Risk management calls for prioritising the risks according to probability and impact. We can
prioritise stakeholders similarly - by authority and interest. Interest means "how much do
they care?" and authority equates to their ability to affect the project.
Now analyse the high priority stakeholders. You won't be able to quantify your stakeholders
as much as your project risks, but you can organise some key information: What do they
care about? How will the project affect them? How does this project fit into their priorities?
What do you need from them for the project to run smoothly?
Step Three: Develop a Risk Response (What are you going to do about
it?)
What we do to leverage our supporters and minimise the effect of our opponents will
depend upon the answers to the questions above. The more we know about our
stakeholders, the better we can plan to work with them. One thing is certain: ignoring them
will sap their support and inflame their opposition, so plan for communication.
Rapid changes in information technology continue to bring us new ways to flood our
stakeholders with data, but that doesn't necessarily make us effective communicators. Who
needs information? What information? How often? In what format? These questions form
the basis of your communication plan. As you develop your communication plan remember
these two tips:
2. Use two or more mediums of communication for every stakeholder. For example,
meetings should be accompanied by documentation.
Conclusion
Risk management is an on-going process, and is a combination of proactive management
directed activities within a programme that are intended to accommodate the possibility of
failures.
Paul Bower wrote the article "Risk Management Options" and recommends you
visitwww.afaprojects.com/training_m_o_r.asp. for more information on MoR
management of risk training courses in London.
Some experts have said that a strong risk management process can decrease problems on a
project by as much as 80 or 90 percent. In combination with solid project management
practices, having a well-defined scope, incorporating input from the appropriate
stakeholders, following a good change management process, and keeping open the lines of
communication, a good risk management process is critical in cutting down on surprises, or
unexpected project risks. Such a process can also help with problem resolution when
changes occur, because now those changes are anticipated and actions have already been
reviewed and approved, avoiding knee jerk reactions.
Defining "Risk"
Before one can embark on a risk management process, one must have a solid
understanding of some key definitions. Project risks as defined from a PMI perspective are,
at their core, unknown events. These events can be positive or negative, so that the word
"risk" is inherently neutral. That said, most of the time and focus is spent handling negative
project risks, or "threats," rather than positive project risks, or "opportunities."
Often, companies that do perform a risk management process on a fairly typical multi-
month project (no longer than 12 months) will identify and manage possibly five to ten
easily recognised project risks. However, that number should in fact be much higher. With a
high number of project risks identified early on, a team's awareness of what to look for is
increased, so that potential problems are recognised earlier and opportunities are seen
more readily.
It may seem that project risks cannot be managed without taking away from the actual
work of the project. However, this can effectively be accomplished with a seven-step risk
management process that can be utilised and modified with each project.
Conclusion
A risk management process does not have to be complicated or time consuming to be
effective. By following a simple, tested, and proven approach that involves seven steps
taken at the beginning of each project (fewer if a generic list of project risks has already
been established), the project team can prepare itself for whatever may occur. Of course
there will always be changes and there may still be surprises, but the end result is that they
are fewer, that the team feels prepared and that the project is not taken off course.
Vicki Wrona, PMP, is the president of Forward Momentum, LLC, an 8(a) consulting and
training company, and an instructor with Westlake Training and Development . She has
20 years of project management experience, has trained over 3,800 people, has mentored
individuals and organisations, and has authored multiple white papers. She is currently
serving on the PMI's committee to write the PMBOK Guide 4th edition in general and a
content reviewer specifically on the Communication and Procurement knowledge areas.
By Chris Wright
Several years ago, I was concluding a project risk review meeting, and I received a text
page from my project's executive sponsor ("Jim") summoning me to his office. As soon as
the meeting concluded, I went to Jim's office where he launched into a lecture about the
need to cultivate a "positive environment" for the project team. After a few minutes of his
diatribe, I explained to Jim that I did not know what triggered this discussion. Jim then
explained the regular risk review sessions I was facilitating had created a "negative vibe"
throughout the project team, since we were focusing on reasons that the project could not
be done. He went on to request that we limit our discussions on project risks and focus on
the things we can control instead of those things we cannot. As a seasoned project
management professional, I was admittedly stunned that our project sponsor advised his
project manager to virtually eliminate our risk management efforts from the project!
I have learned in the years since that this scenario is not that uncommon in the project
management environment. The competitive market and stakeholder risk tolerance levels
exacerbate the myth that risk management initiatives are a waste of project resource time;
that time should be focused on the actual work of the project, not events that may or may
not occur. The fact is, however, that it is either contingency planning now or emergency
relief later for our projects.
The Common Constraints
In most cases, risk management initiatives either do not occur at all or are done as a mere
checklist formality early in the project. The three most common constraints with project risk
management are: