How to reduce the risk of project failure in 5 steps

What is Risk Management?

Risk management or lack of one is a key driver of project failure. You can improve the chances of your project succeeding by having a risk management plan and following it. If this is not done, things can go wrong unexpectedly and you and your team will be on the back foot to fix them. Most likely, you will not be prepared and won’t have the time and resources to resolve them before it's too late.

You are better off spending a bit of time thinking about what can go wrong and working out how to stop them from happening.

The purpose of risk management is to “...identify and prioritize risks in advance of their occurrence, and provide action-oriented information to project managers.”(Practice Standard Project Risk Management, PMI, 2009). Setting aside time at the beginning and during the project to brainstorm and identify risks, spending time managing and monitoring them will pay dividends.

A risk register is a tool that can assist you with implementing that plan. It can be as simple or as complicated as the project needs it to be. A risk is defined as “...an uncertain event or condition that, if it occurs, has a positive or negative effect on a project’s objectives.” (PMBOK 6th Ed, PMI, 2004). Project managers do not usually capture things that are positive and work out how to mitigate it.

Before we go into the risk register, let's cover the steps for project risk management.

Steps to Risk Management

1. Plan risk management: this describes how risk management should be carried out, how it fits with the other project management processes, the level of risk appetite, guidelines and rules for managing risks and how these risks will be communicated to the project and wider stakeholders.
2. Identify risks: through a series of workshops, risks can be identified.
3. Risk analysis: using both qualitative and quantitative techniques, the impact and likelihood of the risk can be assessed and the owner identified.
4. Plan risk response: using workshops response for the risks can be identified to reduce the impact and likelihood of the risks.
5. Monitor and control risks: ongoing monitoring and review of the risks.

A risk register is a template that can help identify, manage and track risks. It forms part of a risk management plan.

Risk Register

The important components of the risk register are:

• Risk name: name of the risk that is clear and succinct.
• Description: a description of the risks and what would happen if it comes to fruition. It's important to describe it in a way that clearly articulates what can go wrong and how it will impact the project or business. 
• Inherent Likelihood: the chance of it happening. Most organisations have a standard risk management framework that provides guidance on stating the likelihood of a risk.
• Inherent Impact: what would happen if it did occur. Again the risk management framework can provide guidance on this.
• Mitigating actions: It usually falls into 4 categories:
  • Accept: risk is accepted. The project will wear the impact of the risk. This usually occurs if the risk is really low and insignificant or there is no mitigating action to reduce, transfer or avoid this risk. This may require agreement from senior stakeholders.
  • Avoid: Actions are implemented to avoid this risk.
  • Transfer: Actions implemented that transfer this risk to another party, eg insurance policy.
  • Reduce Actions in place to either reduce the likelihood of the risk happening or the impact of the risk when it does occur.
• Residual Likelihood: the likelihood of the risk occurring after the mitigating actions are put in place.
• Residual Impact:  the impact of the risk occurring after the mitigating actions are put in place.
• Owner: who is responsible for mitigating actions
• Due date: when is it due. It could be a review date

Process of identifying and managing risks

Simple steps to create identifying and assessing risks are:

• Organise a workshop with project team members and stakeholders. The purpose of this workshop is to brainstorm risks. Make sure when you are brainstorming that the attendees provide proper context/ description of the risks, likelihood and impact. One word or limited description is not sufficient.
• With the attendees work through the lists of risks to identify relevant ones, get rid of the ones that are not relevant, duplicates and very low risks. Then map it out on a two-dimensional chart likelihood on one axis and impact on another. It will show you where the cluster of risks is at.
• Again with your attendees start identifying mitigating actions and how much it would reduce the likelihood and impact of the risks. Then find owners and agree to due date.

This process may require a number of workshops to complete. Once the register has been drafted, the next steps are to track the progress of the risks and have a periodic workshop to identify new risks. It is easy to forget risk management when in the middle of managing a project and drop the ball on the identified risks. It's important that time is spent on this to make sure that projects do not run into problems because the risks are not managed. 

Ongoing Risk Management

A weekly risk meeting is important. The risks must have identified owners and mitigating actions identified and tracked. This is quite difficult because it requires some hard thinking to work out what are the mitigating actions. It is easy to write down vague or fluffy actions. To help identify the appropriate mitigating actions, help break down the work and what exactly needs to be done. This may require a discussion to understand the risk better and the impact and likelihood.

Risk Matrix

Below is a generic graph for identifying the risk level of each risk. Depending on the likelihood and impact of the risk, you can rate the inherent risk. Once the mitigating action has been put in place, you can use the graph to identify the level of residual risk and residual risk rating.