Project Risk Management

On any project there are risks.  In many organizations project risk planning is completely overlooked.  Project risk is defined by the PMI as “an uncertain event or condition that, if it occurs, has a positive or negative effect on a project’s objectives.”  Note that risk is not just about negative event planning, but is also about planning for positive risks that may come up as opportunities.

A risk planning process should have three key stages:

  1. Identify the risks 
  2. Analyze the risks
  3. Develop a response plan for the top risks

The process of identifying risk is really about getting everyone on the project together and getting their ideas on what could go right or wrong on the project.  This can be done using common brainstorming methods or more advanced methods such as the Delphi technique.  It is important during this process to try and be open to any suggestions that may be made, no matter how ridiculous they may seem at the moment.  Once a list of risks has been created from this process it is important to try to analyze them to come up with risk score by deciding on a probability and rating the impact, and then multiplying them.  Once each risk has a risk rating, you can focus on the top risks and come up with a response plan.  For negative risks you can try and transfer the risk to another party, you can take actions to try and avoid the risk altogether, or you can come up with contingency plans to deal with the risk if it occurs.  With positive risks you can put plans in place to try and make sure that it occurs.  This is known as risk exploitation.

This information can be organized in the form of a risk register.  The risk register usually have the following information:

  1. An identification number assigned to each risk event identified
  2. The risk rank that was determined from the risk score (probability #10 * impact #11)
  3. A short name to identify the risk
  4. A longer description of the risk
  5. A risk category such as technology or procurement
  6. The potential root cause of the risk
  7. The triggers, or indicators, for each risk (These are events that signal that a risk event is occurring or about to occur)
  8. The potential response to the risk
  9. The risk owner, or the person who will take responsibility monitoring and dealing with the risk
  10. The probability that the risk will occur
  11. The impact to the project if the risk occurs
  12. The status of the risk, i.e. did it happen or was it avoided?

Outside of the benefits avoiding risks altogether using this method, managers, customers and team members will have more confidence in the likelihood of a successful project outcome if they can see that a good risk management plan is in place.

This video by Andy Kaufman, PMP is a great, brief introduction to risk management on projects:


The Project Manager, Leadership and Trust

As project mangers we are first and foremost, managers.  A simple definition of what managers do is to get things done through people.  There are four activities that a manager performs in order to achieve this objective:

  1. Plan
  2. Organize
  3. Lead
  4. Control

Various sources, such as the PMBOK guide, go into elaborate detail on how to plan, organize and control projects.  Leadership is a different story.  There is no clear guide to being a good leader.

The ability to lead is rooted in the sum of the persons character, integrity and soft skills.  The ability to lead is what sets great project managers apart and it is not a technique. The ability to lead is a part of the art of project management.

Even though leadership is often only thought of from the point of view of the leader, a leader is nothing without followers.  True follower-ship is a choice, and the choice to follow someone is not made willingly if that follower does not trust the person chosen to lead.

Trust is the willingness of a person to be vulnerable and take risks.  In order to do this a follower must see the leader as trustworthy, which requires that the follower sees the leader as having integrity, ability and benevolence toward them.

According to Kouzes and Posner in their book “The Truth About Leadership” there are four behaviors a leader can exhibit to be perceived as trustworthy:

  1. Predictable and consistent behavior. When people know they can count on a leader, then the leader’s words and actions are more likely to influence others
  2. Clear communication. When a leader communicates about an intention, it will be viewed as a promise by others.  Effective leaders are clear about their meaning and as a result, do not mislead.
  3. Promises are treated seriously.  When leaders treat commitments seriously, others do also.
  4. Forthright and candid behavior If leaders are forthright and honest, others will have less reason to be angry or try to deceive in retaliation.

So why is it important for a project manager to have the trust of their teams?  I think this was well illustrated for me recently when a project manager mentioned that they have limited authority over team members because in the end they do not decide their employment, promotions, or raises.  This means that they must lead their teams through influence.

This insight reinforces that project managers, maybe even more than other managers, cannot rely on authority but must truly be leaders so that their team members will choose to follow them.