Risk management, please not another session like that one, ever.

I just survived one of those mind numbing risk management sessions at a project board meeting.
As PM, I was expecting to handle this myself, but this particular project executive was determined to do it his way.
We’d just sat through nearly two hours of meandering discussion when it was announced. Last item (not even on the agenda) risk management.
We then went round the table of business stakeholders and interested parties and began to record all their thoughts, fears and imaginations and give them scores. At one time I definitely believe that we had two in hot contention for the title.
Eventually we wrapped it up and I asked my assistant to make sure that was all circulated so they could enjoy their handiwork.
Actually I had picked up a really important risk in there, if you encourage people with wild imaginations to get creative, you may never make it home, at least not sane.
Why do we do risk management?
We want to spot things on the horizon that are heading straight for us and figure out if we need to ignore it, take evasive action or prepare to absorb it and then to make someone responsible for watching it in case it becomes closer or more dangerous or both, or goes away.
It’s a bit like Indian scouts in the old westerns, a bit of recce saves much bullets and many scalps.
What is it we are after? And what is it we are not after?
Well mostly, we want to recognise real risks that are there, visible or discernable and with a real likelihood of occurring and causing us significant damage. If they are things that could become risks then they are shadows and should be ignored. “The horse that is wary lives long, but the one that dodges at shadows is eaten by his master.”
Who do we rely on for risk management?
This is one area where there is no substitute for experience. Only the battle hardened can tell the difference between risks and shadows and can really estimate likelihood and severity. When carrying out risk management it is critical to talk to the most experienced people you know, whether or not they are involved with your project and learn from their experience.
Don’t ask turkeys if Xmas is a good idea, as I have seen done in many a business change project, you know the answer you are going to get.
What information do you need?
1. A good unique memorable name so you can discuss it without confusion
2. A succinct and accurate description of what will happen if it comes to fruit
3. A measure of how likely it is to happen based on the current situation (today)
a. What will happen that will tell you the likelihood is increased
4. A measure of the impact it will have on you project (severity)
a. What will happen to tell you the likely impact has increased
5. Who is responsible for monitoring 3a and 4a and sounding the warning to you
6. At what score will this risk “go red “, the project is in critical danger and action is required.
7. What is the current action if any required .
8. Next review date, who is involved, what format.
9. Escalation procedure if it goes red
What should you do with this information?
Assign the risk to someone, but make everyone aware and ask them all to watch out for the signs
Put the review date in your diary.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.