27th July 2011.
Risks Must Have Some Level of Uncertainty.
If an event is identified as a risk, there has to be some level of uncertainty involved. In other words, if an event has a zero percent likelihood of occurring, it would not make sense to identify it as a risk. It is not even a low risk. It is not a risk at all. On the other hand, if an event is 100% certain to occur, it is also not a risk. It is not even a high risk. It is a fact. (Sometimes these 100% “risk” events are also called constraints. A constraint is an event or limitation that impacts your project and must be planned around. For instance, you may not be able to get a resource you need until 30 days after the project starts. This is a constraint, not a risk. This constraint may cause a scheduling risk, but the constraint itself is not a risk.)
A risk has some probability between 0% and 100% chance of occurring. When you are managing risks, be sure to focus on the risks and not on facts and fictions.
Distinguish Between Risks, Causes and Effects.
There is a cause for every risk and an effect if the risk occurs. When the project risks are identified, make sure that the risk itself is noted and not the cause or effect of the risk. The cause is a situation that exists that sets up a potential risk. In general, the cause is a fact or a certainty for the project. On the other hand, the effect is the likely outcome if the risk occurs.
Look at the following example. Let’s say that a project solution needs to be implemented in all of a company's worldwide locations, including those in developing countries. If the telecommunications lines are not upgraded on time where necessary, the solution will not be viable in those locations.
In the previous example, what is the risk?
Is it a risk that you have to implement the solution in developing countries? No, that is the cause. It is a fact or a requirement.
Is it a risk that the solution will not be available in certain countries? No, that is the potential effect of what might occur in this scenario.
Is it a risk that the necessary telecommunications upgrades are not performed on time? Yes, this is where the uncertainty lies.
Understanding the true risk will allow you to more clearly define a risk management plan.
Try to Include Budget and Schedule for Unknown Risks.
A project manager can request a risk contingency budget based on a qualitative risk analysis at the beginning of a project. However, risk identification is not something that only happens at the beginning of a project. The project manager needs to assess risks throughout the project. Therefore, it can make sense for medium to large projects to include time and budget for unknown risks as a part of your estimating process. This would especially make sense for projects that have a number of high-risk events. If you do an effective job of periodically reassessing risks, you may find new risks to manage that were not included in the original risk contingency budget. There is some industry evidence that a 5% contingency can be added to the project for dealing with risks that are unknown when the project starts. (Remember that the time to mitigate and manage known risks should be included in the original estimate.)
Include Team Members in Risk Identification.
If team members are familiar with the circumstances of the project, they can take an active role in identifying and evaluating project risks. Joint participation from the team can help identify project risks, lay out effective actions to manage the risk and provide consensus and buy-in for execution.
Weigh the Cost of the Risk Management Plan Against the Level of Risk.
All projects have some risk, and the activities associated with managing risks obviously have a cost. The project manager and clients should make sure that the effort and cost associated with managing the risks do not exceed the threat to the project if the risk occurs. For high risks, this is normally not the case. However, if you are managing medium risks, make sure that the costs and benefits associated with responding to the risk make sense for the project. If the cost of managing the risk is more than the risk impact to the project, it does not make sense to manage the risk in that manner. It is possible that if the cost of managing the risk is greater than the risk impact, you may choose to just leave the risk alone and allow. |
