5 Managing risk
What could go wrong?
Image: http://www.nbcuniversal.com/business/universal-television
Risk planning helps project managers prepare for unforeseen events. Planning involves risk identification and analysis. When implementing, project risk related activities include communicating, coordinating, monitoring and control.
The following information was sourced from a web article called “Effectively Managing Risk During Project Execution” by Saleh Wadei, on the 4th December 2017. Feel free to read the original unedited version: https://www.projectmanagement.com/articles/421532/Effectively-Managing-Risks-During-Project-Execution
Risk Communication and Coordination
Projects have failed when a team member knew of the risk but failed to inform the project manager. Open and continuous communication help the project in avoiding setbacks and encouraging collaboration among team members..
Preventing negative risks from materialising can be a challenging, because determining an appropriate amount of time to allocate something that might not eventuate can seem to be a waste. The project management team must prioritise risks and share the load by assigning to appropriate personnel. Risk is well managed when it is formally integrated into the project’s communication strategy and other work activities. For example, the project management team may add risk management as a main topic on meeting agendas, integrate risk management into routine tasks, or even incorporate risk management as a professional goal for team members.
Team members can become aware of the risk’s impact on the project schedule and budget, and the risk’s likelihood of occurrence. The project management team must be careful when assigning risks to ensure that the risk owner has the expertise to identify and promptly address the assigned risk should it occur. The risk owner will need to remain in constant communication with stakeholders who may be impacted should the risk eventuate.
There is an interrelationship with risk and quality. This short clip explains the concept of “Cost of Quality” which helps organisation minimise risk and improve quality through prevention:
https://www.youtube.com/watch?v=0N86Ook61aY
Risk Monitoring and Control
Up-to-date information is key. The project team should routinely review the project’s risk exposure and adjust using planned mitigation approaches.
Image: https://blog.masterofproject.com/monitor-and-control-project-work-process/
The risk register plays an integral role in the risk monitoring and controlling process. The risk register should describe each risk in detail, indicate the owner of each risk, and the impact of the risk on the project.
If properly administered, the risk register serves as the ideal communication tool because it informs the entire team of the status of each risk and the risk’s impact on the project, while also serving as historical data to assist with risk management for future projects. Once actions related to the risks are successfully completed, it should be reflected in the risk register.
The risk monitoring and controlling process can be very costly, as it may involve multiple mitigation options for a single risk. Some project managers will include an estimate for risk management in the project’s budget. Despite the cost, this is a critical step in the risk management process as monitoring and controlling risks provides assurance that the appropriate controls are in place and the risk management procedures are clearly understood and followed by the project team. Below are a few tactics that the project team may employ to effectively monitor and control the impact of risks on the project:
- Risk avoidance – This means that the project team will implement measures to fully thwart or reduce the risk’s impact on the project. In any event, this risk is no longer a threat to the project. For example, the project team may become aware that a key supplier is going out of business; by switching to a more financially secure supplier, this risk is eliminated.
- Risk transfer – This involves assigning the risk to a third party who will manage the impact of the risk on the project and see if there can be a viable solution. This does not mean that the risk is eliminated, but the liability is transferred to someone other than the project manager. For example, the project management team could invest in certain insurance coverage where the insurance company would be held liable should the risk occur. Another solution would be to assign that portion of work under a fixed-price contract. This process could be costly and contentious, especially where the insurance company is involved as they could identify new risks during the investigation process and deny claims based on the additional information. Because of the cost impact, it is imperative that the project management team weigh the pros and cons before employing this strategy.
- Risk mitigation – This involves acting to minimize the impact of the risk or the probability of the risk’s occurrence by influencing the causes of the risk or finding a means to decrease the negative impact. Examples of mitigation strategies include employing less complex processes, conducting more tests, or selecting suppliers who are financially stable and reliable.
- Risk acceptance – This is when the project management team is aware of the risk and is ready to accept the consequences should this risk occur. In this case, the likelihood of occurrence and impact on the project should be constantly monitored. It is also advisable that the project team develops a contingency plan to manage this risk should it occur. This could consist of making budgetary and schedule adjustments. This action is only recommended if there is a strong likelihood that this risk will occur; otherwise, it’s not worth investing resources in this effort.
- Opportunities – The project manager and the project management team must understand that there is always an opportunity to evaluate and manoeuvre when faced with a threat. It is very crucial for all team members to figure out how to turn an existing threat/risk into an opportunity which will enhance the project outcome. For example, two phases of a project are requiring a shutdown for the same substation at two separate times. The separate shutdowns of a substation (at a live plant) is a high-risk situation and would negatively impact the entire project schedule. In this scenario, there is an opportunity to request and coordinate just one shutdown to tie-in and complete both phases—thus saving valuable time and labour costs.
Risk Reporting
Last, but by no means of lesser importance than the other three factors, is risk reporting. The risk report will inform key stakeholders of the consequence of the risks, the likelihood of occurrence, and the mitigation strategy to be adopted in the event the risks occur.
A well-developed and maintained risk register can serve as the risk report, if it includes not only negative risks but also opportunities, a supporting risk treatment plan, a work performance data review, project progress, and the status of all deliverables. The following should be considered when developing a risk report.
Number of serious risks:
A project can be declared a high-risk project once it has a high number of risks (e.g., it has nine or more serious risks). Conversely, a project with a small number of risks can be considered a low risk.
Cumulative schedule risks:
Cumulative risks can be calculated by adding the individual schedule risks during the project life cycle. It is imperative to understand that, in reality, much of the schedule risk acts concurrently, which makes the value of this risk a qualitative sign only. The cumulative schedule risk is considered high risk if it is above 25%, and low if it is below 15%.
Cost risks:
This kind of risk is the total cost risk for an entire project. Again, cost risk has its own indicator where it can be considered low risk if it is below 5% of the total cost of the project, and high if it is more than 10%.
Threat factor:
This is a qualitative calculation of the level of risk within the project itself. Basically, it calculates the average risk ruthlessness for the highest 20 threats. Therefore, any figure that is below 15 will be considered low risk, while any figure above 25 is considered high risk. The impact of the threat factor depends on the number of occurrences. For example, 100 occurrences may mean all risks would have a major impact on the project, but occurrences of less than 100 may mean the impact is insignificant.
Expected Risks
Expected risks is the position that all risk should be ended. This is based on the project manager’s response plans and expectations.
In addition to the above, each risk must be assigned a tracking number and identify the risk owners. Each risk should be prioritized based on the likelihood of occurrence or severity of impact and its potential impact on the project’s outcome (cost, quality, and schedule). It should also include documentation of indicators that will trigger the risk, risk mitigation strategies, and any other information that the project team deems helpful. If all goes as planned, the risk report will assist the project management team in making key decisions without delay.