The risky business of project management

Undertaking any project, whether internally or in partnership with a professional services firm, carries risk. Project risk is defined as any area of ​​concern that could prevent a project from achieving its full benefits. Project risk requires careful management and involves identification, assessment, and mitigation.

It is important at the beginning of any project to go through the risk identification process. Not all project risks are obvious. When identifying risks, look for areas in the project that are based on:

1. insufficient or unreliable data,

2. insufficient preparation,

3. inadequate resources, or

4. lack of control.

Some areas to pay close attention to are:

“Identification of requirements

” Involvement of the sponsorship of the project

“Level of experience in project management

“Third parties Participation

“Political/cultural environment

” Change control procedures and management

“Complexity of technology

Risk identification is only the first step. It is necessary to evaluate the risks to quantify them and prioritize them according to their impact on the project. Please note that significant professional judgment is required during the assessment process to quantify the magnitude of potential negative impact and develop risk control measures. The evaluation process must determine (1) the probability of the risk occurring, (2) the range of results, (3) the estimated time of the risk, and (4) the frequency with which it will occur. You must also determine the warning signs of the risk that will allow you to predict that the occurrence of the risk is imminent. The prioritized risks provide the basis for establishing the Project Success Factors (PSF). Specific action plans are developed to address each PSF. For example, suppose the key policy changes required are high risk. An action plan should be developed to:

“Focus on complete and frequent communications

“Implement a steering committee structure

Obtained strong support for the project team from executive management

“Highlight the benefits of the project

“Identify training needs early

Once the risks have been identified and assessed, mitigation plans must be developed. Plans document what the response will be when a risk event occurs. Note that a mitigation plan could be to do nothing to mitigate the risk. The need is to accept that there is a risk and be prepared to face the consequences when it happens. This type of action plan is generally applied to risks of minimal impact/low priority of the project. A mitigation plan should outline Plan B for the area of ​​the project affected by the risk. Knowing what Plan B is before you have to execute it will greatly reduce the likelihood of increasing the negative impact of the risk event or causing other unknown risks to occur.

An effective project risk management process means choosing and implementing risk control strategies that work. The identification, evaluation, and development of mitigation plans are not one-time events. These processes should occur throughout the life of the project. As the project progresses and changes in project risks occur, the documentation resulting from the identification, assessment, and mitigation planning processes needs to be updated.

The risk management process must be continuous.