Wouldn’t it be nice to be able to guess everything that could go wrong — and come up with a step-by-step plan to address it before it even happens? Of course, it’s pretty much impossible to guess the future. However, we can make educated predictions and projections — PM’s equivalent of fortune telling. And risk management allows us to keep the ship moving forward, no matter how the tides turn.
But what is risk management, and how do we use it to secure the successful execution of a project?
Risk Management Is Project Management
Very few people could have predicted a global pandemic. But having a contingency plan to move online or alternative income streams that didn’t rely on in-person transactions was the lifeline for countless businesses to remain operational. And these plans didn’t necessarily have to relate to a pandemic. For instance, a brick-and-mortar shop may have considered the increasing cost of rent a risk for in-person activities and devised an online store.
Risk management refers to the practice of anticipating potential risks that could affect a project. Of course, it’s impossible to predict every little thing that could go wrong, but implementing risk management plans means you’re better prepared to deal with problems as they arise.
The Phases of Risk Management
In project management, we talk about risks, which are potential issues that could impact the project — negatively or positively. We devise plans to deal with these risks if they happen, which is when they become issues. Your risk management plan has five phases:
There are many ways to identify potential risks to your project. One common technique is to brainstorm with your team and stakeholders and come up with everything that could go wrong.
Ideally, you’ll work with experts in this phase of the project to draw on their previous experience with similar initiatives and make educated guesses.
Once you identify the risks, it’s time to assess their potential impact and how likely they are to come true. At this stage, you’ll want to research external and internal factors, such as the weather, the market or stock, and your data security, to develop an accurate assessment.
The assessment created in the analysis step allows you to prioritize the more serious risks and decide which ones you’ll create a plan to address.
Once you prioritize your risks and feel confident addressing them, it’s time to prepare an action plan for each identified risk. Your action plan should include backup vendors, procedures, team members, and actionable steps to be effective. Ideally, the people involved know about their responsibilities and can kick into action ASAP once the risk materializes.
Finally, it’s time to sit back and keep track of the project so that you can identify when a risk becomes an issue and flag it to the appropriate parties.
The Most Common Types of Risks to Your Project
For something to be considered a risk, it must impact your ability to complete the project, and there are two main categories: internal and external risks.
Internal risks are often the result of poor planning. Your internal risk can impact one or more of three elements: budget, scope or time. For example, you may have a hard deadline and leave no margin or error between tasks or milestones; or a contractor may take longer than expected to complete a task or charge a rush fee to complete the task within the window you need, leaving you behind schedule or having to redistribute your resources. Similarly, increasing stakeholder demands, aka scope creep, may jeopardize your ability to complete the project on time and meet the project expectations.
Conversely, external risks are those outside of your control. A vendor increasing their prices without enough notice, or a logistics company that takes longer than expected to deliver your product are examples of external risks. Environmental and political events are also external risks.
Projects that rely heavily on technology are also prone to risks like power outages, cyber-attacks, or technical failures that compromise the project’s success.
No two organizations are alike, and as you see, your potential risk will depend on your industry. So it pays to work with subject matter experts to assess the possibilities.
Risk Response Planning
Risk management focuses on, well, how to manage a potential risk to your project. There are four basic strategies for dealing with a risk:
First, and perhaps the most obvious choice, is to avoid the risk altogether. For example, if you find that the logistics company you’re considering has a poor reputation for delivering on time, you can select a different one and avoid the risk of delays early in your project.
This approach entails making a third party deal with the risk instead of managing it yourself. One scenario of risk transfer is hiring a provider to set up your new software instead of having your in-house team do it to prevent issues with the process. PMs typically select this approach to lower the internal burden of something going wrong; hiring a provider instead of taking a job in-house would free your team’s time to serve clients and potentially have a higher return than rejecting client work in favor or setting up the software in-house.
In this case, you take a proactive approach to reduce your chances of facing the risk — or reduce its potential impact. In the logistics company example, you might add buffer time to account for the delivery delays if you still want to work with this vendor despite their reputation.
In this context, accepting the risk means that you’re ok with it happening and will live with the consequences if it does. Project managers often choose this response when the risk is unlikely to happen or has a low impact on the project. For example, you could choose to forego insurance on a product shipping because the premium is too high and the chances of needing it aren’t worth the upfront cost.
Finding Opportunities in Risks
A risk isn’t always a negative event. Sometimes, you may find that an unexpected change in plans results in a quicker, more efficient project and happier stakeholders. In PM, we know this as an opportunity, which is a positive outcome resulting from a perceived risk. So you want to prepare for the worst-case scenario, but also be ready to identify and capitalize on opportunities as they arise.
A team that works like a well-oiled machine is better positioned to respond to unexpected events and walk away with a completed project that satisfies the stakeholders’ requirements.