Today we are going to share with you about “Evaluating and Managing Project Risk”. In other words: How to determine risk management methods and strategies? How to identify risk? How to evaluate risk? How to develop response strategy? And how to continually monitor risk?
During the execution of project, risk is a very important factor which however would be easy forgotten. Regarding to the effectiveness of risk identifying, management and monitoring, it would not only directly affect project’s baseline and objectives, but also seriously affect the quality of project delivery. Therefore, project manager should take risk management serious, meanwhile, a series of strategies are needed to guarantee the validity of risk identifying, management, and monitoring.
Here is a case about risk management.
In 2013, as project manager, Lucy was leading a team to develop an app for smartphone. This app was able to analyze the attribute and behavior of users in order to acquire users’ needs. Furthermore, based on the needs it can push specific messages to certain users. At the beginning of the project, Lucy and her team considered that risk management is not so important for this project, which leads to many problems during the execution phase.
Risk #1: Legality of collecting user information
Lucy’s app needed to collect users’ personal and behavioral information, which could lead to risk of illegality.
In a milestone review meeting, a senior manager raise this question. He said that the company might suffer loss for this. It was that meeting when Lucy realized the seriousness of this risk. After that meeting, Lucy and her team collaborated with legal operation department and several relevant experts to analyze the legality of information collecting behavior, which lead to massive amount of baseline change, caused the project to be over budget and behind schedule.
Risk #2: Risk of resource
When the project was at initiation phase, Lucy documented a resource risk in project charter, but did not plan a response strategy regarding to this risk. As the project went on, the lack of resource continually affected the project, leading to a severe extension of project duration. At the end Lucy had to cancel some requirements, which caused a certain variance of baseline.
Regarding to the two risks mentioned above, the project team resumed the entire project and offered some suggestions for the company:
1. Lucy’s company didn’t have risk class library or risk breakdown structure, therefore, the organizational assets could not help the project with risk management. If project teams could not fully identify risks of their projects, then the process improve group of the company should build up a risk class library, and provide some relative risk identification methods.
2. Project teams and project managers were lack of knowledge of risk identification and risk management. All members were not able to identify and manage risk effectively, or perform effective response strategy. The company should be able to provide some training and satisfy the teams members’ requirement of risk management in order to solve the problem.
3. There were not enough risk management strategies. Company should develop procedures and templates for risk management, and provide guidance for risk life cycle and risk management methods, so that the project managers can continually and correctly manage and monitor risks. This would result in mitigating the effect of risks.
Let’s go back to the PMBOK, there is a description about risk management like this:
“The objectives of project risk management are to increase the probability and/or impact of positive risks and to decrease the probability and/or impact of negative risks, in order to optimize the chances of project success.”
According to this description, how can we solve the problem above?
First, we would have to use project management plan, project files or lesson learned information as input, to identify any possible risks based on the project’s practical situation.
Risks could be dispersed in every aspects of the project, therefore, we need to perform a lot of brainstorms, data analysis, and maybe need a prompt list or hold some necessary seminars. We also need to compose a risk register based on the project scope, in order to register identified risks, potential risk owner and potential risk responses.
Regarding to the case mentioned above, Lucy did not realize the illegality risk because she had not perform a sufficient risk identification. If she could use some historical data at the time, or discuss with some experienced team members, it would be easier to identify that risk and plan a corresponding response strategy.
Second, we would have to further analyze the identified risks, which means to find out how high the probability of risks of occurance and how much the risks would affect the project. In PMBOK, these processes are called qualitative and quantitative risk analysis.
According to PMBOK, qualitative analysis is to prioritizing individual project risks by assessing their probability of occurrence and impact as well as other characteristics. Quantitative analysis is to analyzing the combined effect of identified individual project risks and other sources of uncertainty on overall project objectives. There are many tools and technologies used for risk analysis, which would be not listed in this article. Readers can search and study them if are interested.
Please notice that risks aren’t necessarily negative, there are positive risk which would benefit the project as well. Therefore, we have to plan various response strategies based on the risk analysis. Meanwhile, we also should be prepared for the risks’ occurrence, and develop the best contingent response strategy based on certain circumstance.
In summary, risk management is essential for project management but somehow it can be very easily neglected. Regarding to various projects, we would have to consider the project size, project complexity, importance, development method and so forth, in order to utilize various management strategies. We can improve the effectiveness and success of project execution by going through individual risk management, monitoring and managing overall project risk.