According to a 2008 Gartner report, one out of three IT projects either had high cost variance or were substantially late. If we know this, then why don't we proactively manage project risks? In this article, we'll introduce you to three risk management rules that'll help you keep risks manageable.
Risks are an inevitable part of a project. They exist for various reasons, such as inaccurate scope definition and management, unforeseen circumstances, and ineffective stakeholder management. Hence, the ability to foresee and mitigate risks is critical to project success. Follow these simple rules and you are bound to have a less turbulent project:
- Make risk management a recurring process
- Analyze and prioritize risks
- Track risks
During Project Kickoff, you document risks and make a list of mitigation strategies in a Risk Register. The risks identified will vary from project to project. However, the Risk Register will always need to be created at the start of a project. Use the SWOT Analysis tool to identify risks during Project Kickoff. You’ll use the identified risks to create appropriate project plans. When the project is executed, do not forget about the Risk Register. As a project manager, you are expected to update the Risk Register as the project progresses.
Best Practices:
- Block your time once a week to review and update the Risk Register.
- Gather risks from team members in the daily team meeting. This will help to train them in proactive risk identification.
- Review the Risk Register with all stakeholders frequently. If you are following Agile Project Management practices, then an Iteration Kickoff can be used to identify risks.
If you follow Rule 1, Risk Management should be a part of your project’s DNA. If all goes well, you will have a litany of risks coming from various project stakeholders. Not all risks are equally dangerous or good (remember there are ‘good’ risks, also known as opportunities), therefore risk prioritization is necessary. This is where risk quantification comes in handy.
To quantify risks, assign each risk a value out of 4 based on the probability of the risk occurring and the impact of the risk on the project. For example, suppose you have identified the following risks:
- The vendor will not be able to deliver on time given labor problems.
- The client’s requirements will keep developing as the project progresses.
Looking at the first risk, the probability of occurrence may be low if the vendor is located in a country that has few labor problems. However, the impact on the project will be high when the risk is materialized. Therefore, the risk would be classified as high with a value of (3). This risk could be mitigated by choosing a vendor in a location that does not have labor problems.
Now, looking at the second risk, the probability of occurrence is high and so is the impact. Therefore, this risk would have the highest value (4). One way to mitigate this risk would be to use Agile Project Management practices.
Note: There are several other techniques used to quantify risks, which have not been discussed in this article.
Rule 3 is about not losing focus. In the Risk Register, you would have mentioned a mitigation strategy for each risk. This strategy needs to be implemented so that the risk doesn’t surface. It is important to track all tasks associated with the risk mitigation to closure. This activity is similar to how you would track other project tasks and activities to closure.