Message to Som Gollakota

Please Enter All Requested Information Below
Your Name
Email Address
Leave this Blank:
Woodinville, WA
Project Management - Managing Project Risks
June 1, 2009
isk, by definition, is a future event that, when occurred, would affect the project’s execution. Risks are positive as well as negative, each with an appropriate response strategy. Regardless, if there is a project, there will be risks. When there are risks, they need to be managed. PMI (and most management schools) have devoted an entire knowledge domain for Risk Management. I dare not wrap it up in a single webpage. However, while I focus next several days/weeks building a section on Risk Management, here is a 50,000 ft How-to of Risk Management. In this article, as is the common practice, the term Risk is discussed as a negative risk (threat). Positive risks (opportunities) are goodies that we all want to have in our projects.
Risk Identification and Management is an on-going process throughout the lifecycle of a project. It is not isolated to one phase or the other. However, as the project progresses and moves closer to delivery, the overall risk reduces (more about this later).
While there are several well-known and standard project risks (which must be noted, tracked, and managed), every project has its own unique set of risks that, when ignored or not identified, may fail the project. The following method served me well in the past to identify risks throughout the life of the project.
  1. Conduct regular/periodic project reviews, of the deliverables, plans, phases, status etc.
  2. Review at least once a weekly the risk logs, update existing risks, and possibly identify new dependent/consequent risks (and document them as well)
  3. Encourage team discussions on project needs, requirements, plans and schedules to further identify any associated risks.
  4. Involve the project team and stakeholders on all project related decisions through the decision-making process and understand any risks in the decisions. From time to time, review the decisions previously made to verify if there are any changes that might result in new risks or issues that must be managed.
  5. Document every risk, issue, or even an unanswered technical question as a potential risk to the project (if left unhandled, it could become an issue), and publish them to the benefit of the team and stakeholders
Effective Risk Management, in my opinion, is more of a practice than just a process. Like any other process, it is only as effective as the ones who are practicing it. However, from a practice standpoint, (get help from your team and)
  1. Identify a risk and document it
  2. Analyze and prioritize the risk, document the analysis/priority
  3. Identify owners of the risk
  4. Identify the date by which, if not handled, it would become an issue as well as a trigger event (what would trigger the risk to become an issue)
  5. Formulate a response strategy (do I mitigate it, transfer it, avoid it, or ignore it?)
  6. If decided to mitigate it, identify, document and execute a mitigation plan
  7. If decided to avoid it, identify, document and execute a plan of avoidance (remember to assess the risks of avoiding a risk)
  8. If decided to transfer it, identify the entity to whom you would transfer the risk, gain their support/acceptance and complete the transfer (ASAP)
  9. If decided to ignore it, document the reasons for ignoring (Absolute MUST)
  10. Review the list of risks from time to time and perform a brief analysis to verify if anything has changed that would either escalate or deescalate the risk (change the status of the risk)
As a Project Manager, it is your responsibility to ensure the project runs smoothly. Negative risks are those nasty li'l creatures that, when ignored or not identified, would come and hit you from nowhere and derail the project (consider yourself incredibly lucky if they do not derail your career as a project manager). A smart project manager has the ability to foresee project risks far ahead of time, and be prepared. At the very least, a good project manager knows how to build and leverage a self-breathing project team that is capable of identifying risks.