The Risky Business of Project Management

Executing any project, whether in-house or in partnership with a professional services firm, involves risk. Project risk is defined as any problem area that could prevent a project from realizing its full benefits. Project risk requires careful management and includes identification, assessment and mitigation. It is important to go through the risk identification process at the beginning of any project. Not all project risks are obvious.

When identifying risks, look for areas in the project based on: insufficient or unreliable data, insufficient preparation, insufficient resources or lack of control.

Some areas that require special attention are: “Requirement Identification”, “Involvement in Project Sponsorship”, “Level of Project Management Experience”, “Third Party Involvement”

“Political/cultural environment” Management and change control procedures” Technology complexity Identifying risks is only the first step. Risks need to be assessed in order to quantify and prioritize them based on their impact on the project.
Please note that significant professional judgment is required during the assessment process to quantify the magnitude of potential adverse impacts and to develop risk control measures. The assessment process must determine (1) the likelihood of the risk occurring, (2) the range of results, (3) the estimated timing of the risk, and (4) the frequency with which it will occur. You must also determine the risk warning signs that predict the risk is imminent.

The prioritized risks form the basis for determining project success factors (PSF). Specific action plans are developed for each PSF. For example, let’s assume that the important policy changes required represent a high risk. An action plan should be developed to: ” Focus on full and frequent communication

“Implement a steering committee structure”Get strong support for the project team from senior management”Highlight project benefits”Identify training needs upfront Once risks have been identified and assessed, mitigation plans should be developed.

Plans document what the response will be if a risk event occurs. Note that a mitigation plan could be doing nothing to mitigate the risk. You have to accept the risk and be ready to face the consequences. when and if it happens. This type of action plan is generally applied to minimal impact/low priority risks of the project. A mitigation plan must describe plan B for the project area

shocked by the risk. Knowing what plan B is before you have to execute it greatly reduces the likelihood of the risk event increasing its negative impact or other unknown risks.