We use cookies and other similar technologies (Cookies) to enhance your experience and to provide you with relevant content and ads. By using our website, you are agreeing to the use of Cookies. You can change your settings at any time. Cookie Policy.

Manage Tomorrow's Surprises Today

Steven Minsky

Top 5 Project Risk Management Practices

Vote 0 Votes

Project change management involves new IT systems, new products, and new markets, or reacting to a change in the business environment, such as regulatory or competitive actions. Project risk management is about identifying new risks or changes in the threat level of existing business processes. The challenge for project managers is how to get teams, functional areas, business processes, systems, and vendors aligned to new goals; moreover, how to get the needed transparency into the activities that have been agreed upon in project execution and how to prioritize the issues that surface every step of the way, until the project is completed. Project risk management is all about using project risk assessments as a  method to gain a holistic view of risks across functions and silos. A project management office (PMO) needs this holistic view of risk to help serve their clients, which involves coordinating with multiple stakeholders and many moving parts.

The benefits of embedding project risk management are specific and measurable. The PMO can reduce budget overruns and missed deadlines--their biggest concerns--if uncertain project events are dealt with in a proactive manner, directly translating to the organization's bottom line. Helping the PMO to formalize their risk management practices dramatically reduces the team's stress of "fighting fires" by repairing damage due to preventable risks before they manifest.

Step 1: Formalize Project Risk ManagementEvery project manager is already using risk management techniques in their job informally. Relay to project managers that not formalizing this existing work with methodology and software is as inefficient as doing project schedule in their head as they go along and not using a Gantt chart software package. Studies have shown that formalizing risk management reduces overall project management task work by 30-60%.

Step 2: Project Risk Analysis: Risk managers can help project managers very early on in their process. The first step in project risk management is to identify the risks that are present in projects. A root cause approach enables managers to understand the cause of risk and connect this to the effect of not managing this risk.

Failed projects show that project managers were frequently unaware of the root cause until it was too late. The frightening finding is that frequently someone in the project actually knew the root cause, but didn't have the structure to inform the project manager of the issue. Risk Managers can provide PMOs with this missing structure and methodology.

For example, a major concern for project managers is "Missed deadlines/project cost over-runs," which is the outcome, or effect, of a particular risk. . The key is to help them figure out what the cause of this outcome is, of which there can be many. Until the cause is identified, it will be hard to know what action needs to be taken. Not using root cause techniques will result in risks identified like, "Schedule rigidity," which does not provide them the ability to determine where the source of the schedule issue lies - is it a people, process, system, or vendor issue? Each of these sources of risk can cause schedule rigidity, and until they know which of these categories is causing the issue, action is still unclear. Risk Management software can provide project managers a library of root cause choices such as, "Stakeholders unwilling to act or move," which let's them know it's a people problem verses "Inefficient, non-value added workflow," which let's them know it is a process issue at hand to prompt project managers to think about the type of risk which greatly simplifies the important step of acting on the risk.

Step 3: Prioritize with project risk assessments: As risk managers know, treating all risks equally wastes a lot of time and effort. Some risks have a higher impact and greater likelihood of occurring than others. Through formal risk assessments, risk managers can help project management offices prioritize where time and resources are better spent based on the risks that can cause the biggest losses and gains. By giving them standardized enterprise-wide evaluation criteria that applies to all risks and all projects, they will not only be able to prioritize risks within each of their projects and be able to prioritize time to the tasks associated with the largest risks across all of their projects; but their assessments seamlessly integrated into your ERM efforts. You can find risk assessment template guidance here that explains how to standardize your assessment criteria to prioritize risk.

Step 4: Business process improvementThe structure that risk management offers provides the ability for project managers to make clear who is responsible for what risk. The solution is simple: based on the priority score of Step 3, they can assign a risk owner for each high risks and goals that have been assessed. The risk owner is the person on the team who has the responsibility to plan activities. Ownership also exists on another level; if a project threat occurs, someone has to be held responsible. This sounds logical, but it is an issue that has to be addressed before a risk occurs, especially if different business units, departments and suppliers are involved in the project. An important side effect of clarifying the ownership of risk effects, is that line managers start to pay attention to a project. The ownership issue is equally important with project opportunities.

Step 5: Project Risk Management Software: Some project managers think they are done once they have created a list with risks and mitigation activities. The real value risk management provides is achieved by using those risks to get transparency into the true progress of a project, which is challenging. For example, 50% expenditure of budget or time does not necessarily translate into 50% achievement of goals. Progress means mitigation of the risks, achievement of the goals, and compliance with regulatory or internal standards.

Unfortunately, lots of project teams struggle to cross the finish line, being overloaded with tasks that need to be done quickly. Helping them to connecting activities to the risk assessment of Rule 3, means that each of these tasks will get a "priority score" that helps project managers to understand what is most important for follow-up to mitigate risks and achieve goals. Managing risks helps to focus on the current situation of risks and goals. Has the relative importance of risks or goals changed? Project risk management software answers this question and helps project managers pay attention to what matters most for their project to deliver business value.

The 5 risk rules above give you demonstrate how enterprise risk management techniques and software provide a structure for business process improvement throughout the organization to gain efficiency and quality improvements.

Watch this 5 minute video on streamlining and improving governance activities, like project management, through ERM. Risk management is all about getting clarity on where your organization currently stands and measure the effects of efforts to continuously implement improvements to make it even better.


| Leave a comment

An excellent post about the risk management practices - something that I've seen too many projects fall prey too, after risks have been marginalised, and risk management has been non-existent.

Mike Drew
HappyTODOS Project Management


I have some questions on project management. The fact that we used a lot of project management software, some of them come to our, now use http://www.teamwox.com and now he is helping us to work together. But there is no project management module. The problem is that it is very difficult to switch from one system to another as needed. How to transition easily?

thank you

Finding the right software for your needs is a challenge. You should get the commitment from the vendors you are considering to do a free proof-of-concept before you buy and you should select a vendor that offers a monthly software-as-a-service subscription rather than purchase as this will help keep them focused on your needs.

Get your vendor to provide their pledge of what they offer you to help reduce your risk of adopting their software and ensure your success. Here is an example of a pledge by LogicManager: http://www.logicmanager.com/price/grc-software.php

Leave a comment

In this blog, risk expert Steven Minsky highlights the differences between traditional risk management and true enterprise risk management, which is about helping things happen rather than preventing them from happening. Manage Tomorrow's Surprises Today is designed to help you think about risk in new ways and learn how to benefit practically from this rapidly evolving field.

Steven Minsky

Steven is the CEO of LogicManager, Inc. the leading provider of ERM software solutions. Steven is the architect of the RIMS Risk Maturity Model for ERM, author of the RIMS State of ERM Report among many other papers, and a RIMS Fellow (RF) instructor on ERM. Steven has conducted ERM and RIMS Risk Maturity Model training for hundreds of organizations around the globe. Steven is a patent author of risk and process management technology and holds MBA and MA degrees from the University of Pennsylvania’s Wharton School of Business and The Joseph H. Lauder Institute of International Management. You can reach Steven at steven.minsky@logicmanager.com.

Recently Commented On

Monthly Archives