Picking up on the series regarding the PMI PMBOK areas (started with “What is the PMBOK all about”), I want to explore the area of Risk Management. I wrote a short post last May (Is Project Management a risky business) but wanted to cover what the PMBOK has to say in more depth.
Racing enthusiasts and fighter plane jocks find taking risks exciting. Businesses and project managers do not! I think that a project manager has two roles in dealing with risks. One is to identify, analyze and plan to deal with risks to their project’s success in terms of cost, time, scope and quality. The other is to help senior managers and business intelligence analysts identify broader risks to the organization.
Dealing with Project Risks
Chapter 11 of PMBOK is devoted to risk management and offers reasonable process and procedure recommendations for project managers. The risk management tasks listed in PMBOK include:
- Defining the risk management process – The Plan
- Identifying risks (see post on “Why identifying software project schedule risks is essential” for some ideas on schedule-based risk analysis)
- Performing qualitative risk analysis
- Performing quantitative risk analysis
- Planning risk responses
- Monitoring and controlling risks
Because it is not possible to identify or deal with every conceivable risk to project success, I want to focus a bit more on the risk analysis process. The analysis of probable occurrence and the assessment of potential impact provide the deciding factors to select which risks to planned for and which risks to accept.
Qualitative Risk Assessment relies on judgment and experience. New project managers should seek out lessons learned from the organization’s knowledge management system (hint, hint) or ask for input from experienced PMs. You can guide thinking about potential risks by posing theoretical questions to yourself or to a brain storming team working the project such as:
- What would happen if Sam left or got sick – assuming Sam is a key contributor with unique skills?
- Have all important decisions on platform, language and process approach been made?
- Do all stakeholders understand and agree on the project objectives?
- What if subcontractor X fails?
- Does the cost and schedule accommodate a learning curve for new hires or new technologies?
- Do schedule dependencies – see “How to create and use predictive project scheduling” – show any tasks that could bring down the entire effort if unsuccessful?
Quantitative Risk Analysis uses percentages, probabilities and numbers to assess the effect of risks on project success. For some senior management types, quantitative risk analysis is more powerful than qualitative. For example, telling your boss’s boss that failure to train personnel in the use of project tools might delay the project in meeting milestones is not nearly as persuasive as telling her that the potential schedule delay ranges from six to ten weeks with a cost overrun of $58K at a level of 85% certainty.
Quantitative risk analysis, according to PMBOK, also includes a sensitivity analysis – which risks have the greatest impact – and expected monetary value analysis. Some organizations provide meaningful quantitative risk analysis using simulations and modeling tools to show possible consequences to cost and schedule.
As a project manager, your technical background can help business intelligence professionals and senior managers understand the potential impact of emerging and disruptive technologies. In your interactions with other PM professionals or through tracking events and announcements in trade publications, provide alerts when you see or hear news that affects your organization’s core businesses.
You should approach each project with a checklist of common risks to look for before the project begins. I have a list I keep handy of the top risk areas that I find need to be addressed on all types of projects. Then, I get the project team to uncover and identify others as an exercise prior to the kickoff. If you will capture your risks at the beginning of the project and then continue to identify and update your register, you will find that you have a valuable list of risks to look out for on the next project. Additionally, you will begin to have good mitigation strategies even before your next project begins.
In the near future, I will dig deeper on this subject and talk about monitoring and controlling risks and creating a risk mitigation plan. Your comments on risk identification and analysis will help other project managers meet their challenge.