The principles of risk management are fairly broadly accepted by modern businesses. It is widely recognised that an objective review of what might go wrong (or right) followed by a genuine effort to implement prevention strategies (or pursue opportunities) is just good business. But how well has the process transferred to project management?
Many large and discrete projects, such as infrastructure delivery, will certainly be underpinned by a formal risk management process (although there are frequently shortcomings). Many smaller business projects, or business activities which aren’t recognised as discrete projects, do not benefit at all from the formal application of risk management.
For projects with risk management processes in place, common weaknesses include:
- Use of a methodology which is not consistent with the organisations corporate risk management methodology
- Failure to objectively identify and assess risks specific to the project – all too often project risk registers are generic and copied from one project to another
- Inadequate consultation or involvement of key stakeholders and subject matter experts in the risk management process.
- Cluttering of risk registers with items/issues which are either not risks, or are risks which are extremely minor in their potential to impact on the project objectives
- Failure to consider the effectiveness of exiting controls/processes when rating risks, leading to many risks being “over rated”
- Failure to implement risk treatments – it is not uncommon for potentially serious project risks to be identified in the assessment with limited or inadequate controls to manage them actually implemented.
- Failure to report on the implementation and success of risk controls.
As to projects for which risk management processes have been neglected, the repercussions can include failure to meet Client and stakeholder requirements in respect to time, cost and appropriate quality.
The following checklist for successful project risk management can act as a reminder for project managers to maximise the rate of success in project delivery:
- Embed risk management in project planning and associated processes from the outset – undertake the process formally and develop a project risk register, and ensure all project personnel are competent in the application of risk management.
- Undertake early identification of risks – detecting potential risks specific to the project from the planning stage means maximising the ability to control them. Consult with all stakeholders from all project phases and revisit the process regularly.
- Don’t forget the opportunities – often opportunity, the flipside of risk, is forgotten, but with attention to this aspect of the process, significant benefits to the project may be realised.
- Communicate the risks – ensure there are lines of communication both down from the project sponsor and up from the project team so that no-one is taken by surprise due to an uncommunicated risk or problem.
- Assign responsibility – responsibility and accountability for the management of identified risks is critical to ensure that treatments and associated actions are implemented.
- Ensure risks are prioritised – treating minor safety hazards with the same level of attention and resources as something that could entirely derail the project is an inefficient and ineffective way to manage a project risk register.
- Identify and implement treatments – as QRMC frequently advises, a risk register is not the same thing as risk management, you actually have to do something to remove or minimise the risks.
- Review – checking that risk treatments have actually been implemented, determining to what extent they have been effective, regularly looking for emerging or changing risks etc., are all part of ensuring that the project reaps the benefit of your risk management efforts.
- Document – all of the above should be formally documented, in the most efficient and user-friendly way available, in order to facilitate managing and tracking the process.
Please contact QRMC for more information.