Risk management is one of those strange things that we know we should do it, but when we do, it doesn’t seem that interesting. We have conducted numerous gateway reviews, health checks and maturity assessments and invariably organizations seem to be just going through the motions, we have termed the phrase “risk watching” rather than managing.
One Programme Director, when considering the MSP® Risk Management Strategy, concluding that whatever he did, risks seemed to happen so their strategy would be not to manage risks but manage them all as issues, pragmatic at least.
So here are our Magnificent Seven for Risk Management:
- The approach aligns with objectives of the initiative – if it is high risk then much more attention should be given to managing them, this can be achieved by putting it at the top of the agenda
- Focus on the threats and understand what could trigger them, far too many programmes and projects focus on the consequences, for example, stakeholder resistance can be the result of poor communications, so it is the impact or effect of the threat of failing to communicate effectively.
- Engage stakeholders in the process of identifying and managing risks, normally business operations will understand the risks much better than project staff so should be fully involved
- Focus on the aggregating effect of risk, a wise man once said the worst thing that happened to risk was the risk register, as it hides the relationship between individual risks.
- Clear and simple guidance that is provided in the context of the organisations vocabulary and culture, don’t overcomplicate guidance with jargon.
- Informs decision making through the availability of current information and that lessons are being learned and shared.
- Innovate in the way risk management information is presented to a programme or project board, avoid laying a large risk register in front of them, keep it simple and they will stay engaged, they don’t want to the initiative to fail, if they are disengaged when discussing risk then rethink the approach – basically worrying about what might go wrong is never going to be fun