Top 5 Project Risk Management Practices

Steven Minsky | May 8, 2012

Project change management involves new IT systems, new products, and new markets, or reacting to a change in the business environment, such as regulatory or competitive actions. Project risk management is about identifying new risks or changes in the threat level of existing business processes. The challenge for project managers is how to get teams, functional areas, business processes, systems, and vendors aligned to new goals; moreover, how to get the needed transparency into the activities that have been agreed upon in project execution and how to prioritize the issues that surface every step of the way, until the project is completed. Project risk management is all about using project risk assessments as a  method to gain a holistic view of risks across functions and silos. A project management office (PMO) needs this holistic view of risk to help serve their clients, which involves coordinating with multiple stakeholders and many moving parts.

The benefits of embedding project risk management are specific and measurable. The PMO can reduce budget overruns and missed deadlines—their biggest concerns—if uncertain project events are dealt with in a proactive manner, directly translating to the organization’s bottom line. Helping the PMO to formalize their risk management practices dramatically reduces the team’s stress of “fighting fires” by repairing damage due to preventable risks before they manifest.

Step 1: Formalize Project Risk Management

Every project manager is already using risk management techniques in their job informally. Relay to project managers that not formalizing this existing work with methodology and software is as inefficient as doing project schedule in their head as they go along and not using a Gantt chart software package. Studies have shown that formalizing risk management reduces overall project management task work by 30-60%.

Step 2: Project Risk Analysis

Risk managers can help project managers very early on in their process. The first step in project risk management is to identify the risks that are present in projects. A root cause approach enables managers to understand the cause of risk and connect this to the effect of not managing this risk.

Failed projects show that project managers were frequently unaware of the root cause until it was too late. The frightening finding is that frequently someone in the project actually knew the root cause, but didn’t have the structure to inform the project manager of the issue. Risk Managers can provide PMOs with this missing structure and methodology.

For example, a major concern for project managers is “Missed deadlines/project cost over-runs,” which is the outcome, or effect, of a particular risk. . The key is to help them figure out what the cause of this outcome is, of which there can be many. Until the cause is identified, it will be hard to know what action needs to be taken. Not using root cause techniques will result in risks identified like, “Schedule rigidity,” which does not provide them the ability to determine where the source of the schedule issue lies – is it a people, process, system, or vendor issue? Each of these sources of risk can cause schedule rigidity, and until they know which of these categories is causing the issue, action is still unclear. Risk analysis software can provide project managers a library of root cause choices such as, “Stakeholders unwilling to act or move,” which let’s them know it’s a people problem verses “Inefficient, non-value added workflow,” which let’s them know it is a process issue at hand to prompt project managers to think about the type of risk which greatly simplifies the important step of acting on the risk.

Step 3: Prioritize with Project Risk Assessments

As risk managers know, treating all risks equally wastes a lot of time and effort. Some risks have a higher impact and greater likelihood of occurring than others. Through formal risk assessments, risk managers can help project management offices prioritize where time and resources are better spent based on the risks that can cause the biggest losses and gains. By giving them standardized enterprise-wide evaluation criteria that applies to all risks and all projects, they will not only be able to prioritize risks within each of their projects and be able to prioritize time to the tasks associated with the largest risks across all of their projects; but their assessments seamlessly integrated into your ERM efforts. You can find risk assessment template guidance here that explains how to standardize your assessment criteria to prioritize risk.

Step 4: Business Process Improvement

The structure that risk management offers provides the ability for project managers to make clear who is responsible for what risk. The solution is simple: based on the priority score of Step 3, they can assign a risk owner for each high risks and goals that have been assessed. The risk owner is the person on the team who has the responsibility to plan activities. Ownership also exists on another level; if a project threat occurs, someone has to be held responsible. This sounds logical, but it is an issue that has to be addressed before a risk occurs, especially if different business units, departments and suppliers are involved in the project. An important side effect of clarifying the ownership of risk effects, is that line managers start to pay attention to a project. The ownership issue is equally important with project opportunities.

Step 5: Project Risk Management Software

Some project managers think they are done once they have created a list with risks and mitigation activities. The real value risk management provides is achieved by using those risks to get transparency into the true progress of a project, which is challenging. For example, 50% expenditure of budget or time does not necessarily translate into 50% achievement of goals. Progress means mitigation of the risks, achievement of the goals, and compliance with regulatory or internal standards.

Unfortunately, lots of project teams struggle to cross the finish line, being overloaded with tasks that need to be done quickly. Helping them to connecting activities to the risk assessment of Rule 3, means that each of these tasks will get a “priority score” that helps project managers to understand what is most important for follow-up to mitigate risks and achieve goals. Managing risks helps to focus on the current situation of risks and goals. Has the relative importance of risks or goals changed? Project risk management software answers this question and helps project managers pay attention to what matters most for their project to deliver business value.

The 5 risk rules above give you demonstrate how enterprise risk management techniques and software provide a structure for business process improvement throughout the organization to gain efficiency and quality improvements.

Request Demo | LogicManager Blog

Integrate Governance Areas

Learn how to integrate governance areas in this free eBook!


About the Author:

Steven is a recognized thought leader in ERM, CEO of LogicManager, and co-author of the RIMS Risk Maturity Model. Follow him on Twitter at @SteveMinsky