Risk management should be the star of project and programme management, as it ought to stop things going wrong, however it is often seen as the poor relation. Let’s face it, thinking about all the things that could go wrong is hardly exhilarating and very few people talk about their great night in trawling through a risk register.
The reality is that programmes and projects repeatedly go wrong and many of the causes of failure are very predictable. At its best, risk management should be a leading discipline in any project and should empower and support effective decision making. At its worst, it is a low-level support function that is simply generating registers to satisfy people that might be looking over the project’s shoulder. It is rare to see the former but quite common to see the latter.
As part of our Seven Deadly Sins series and as a critical component of successful projects and programmes, we have highlighted below the key reasons why risk management often doesn’t work.
- Risk watching: we see this time and again. Hours of time and great pride can be taken filling in clever spreadsheets but often, with little or no connection to the actual activities required to manage and reduce risk. Risk management means doing stuff not taking pride in a spreadsheet.
- Thinking that mitigation is a word not an action: risk descriptions should be clear and informative. It’s amazingly common to see mitigation actions like “treat” or “share” with no associated actions
- Lack of horizon scanning: often it’s events from outside the project sphere that cause problems. The risk horizon should be a broad view, but too often it is focused on micro or technical challenges within the project scope.
- Creating artificial complexity: risk quantification can be used to do some amazingly powerful and valuable modelling (time and cost); but it’s not uncommon to see wildly complex models producing results that could have been derived from something far simpler. Avoid the temptation to produce a ‘clever’ model just to make the answer appear more accurate.
- Focus on consequences not the threats: far too many risk registers are lists of bad things that could happen and do not consider the events that will trigger these. As a result risk registers tend to be too long and unfocused, they can be significantly reduced by focusing on the threats.
- Ignoring opportunities: apart from cheering people up by looking on the bright side and being hopeful, projects and programmes can make their own luck by taking actions to encourage positive events.
- Gaming the system: it’s amazing how easy it is to game risk modelling. It’s almost standard practice now to ignore any opportunities in the risk register when doing cost modelling as this will “erode my contingency”. Surely if these opportunities are real, and modelled properly, then that’s OK?
Have a look at your own project or programme and see if you think any of the above ‘sins’ might be true for you. If you think they are, get in touch as we’re keen to see risk being done really well.
If you need any further support, our services may be able to help. Visit our website at www.aspireeurope.com