Beyond the Risk Register
Risk management is a core skill for project managers, and our consultants take the management of project risk very seriously. That’s understandable. When you are measuring the success of projects against certain criteria, managing risks against those criteria becomes a critical part of keeping the project within the acceptable boundaries.
However, there is more to risk than active management of risks on a risk register, especially in the case of complex projects. At Ten Six Consulting, we’ve started to think about risk leadership as the next step after risk management.
Risk Leadership Explained
Risk leadership is when project risks are managed in full knowledge that the outcome is uncertain and that the solution may involve compromise. Let me explain: risk management typically follows a linear approach. Project managers assess the probability of a risk occurring, they work out the impact and then they propose and implement a mitigation plan that will stop (or, in the case of positive risk, encourage) the risk from materializing.
This is a very good approach to follow where the project risks can be categorized and compartmentalized easily. For example, if you are organizing an outside event, the weather is a risk. Organizing a marquee and providing the facilities to move the stalls inside mitigates this risk and is a concrete, standalone action that the event project manager can take.
Risk leadership is useful in more complicated scenarios. The future state may be slightly vague, or stakeholders may have different interpretations of what a successful project delivery looks like. In those situations there is no ‘hire a marquee’ option as a mitigation plan. Managing risks involves a careful balance of stakeholder expectations and interests, and the understanding that everyone may be expected to compromise for the good of the project overall.
Characteristics Of Risk Leaders
Project managers wanting to adopt risk leadership need to be:
- Facilitative: aiming for the best outcome means understanding all the points of view in play and creating an environment where everyone can put their points across.
- Active listeners: if you want to adapt quickly in a changing situation you need to fully appreciate the situation and active listening helps you do this.
- Politically astute: projects don’t happen in a vacuum, and project managers need to understand the context surrounding their risks, including the motivations of the project stakeholders.
- Credible: in challenging, highly complex situations, teams need to know that their leaders have the skills to be able to deal with emerging risk as it arises.
Risk leadership is more than just stepping through the process of identifying, categorizing and monitoring risk. Risk leaders need to be actively involved in the discussion of why risks are risks, and what different stakeholders perceive as acceptable outcomes. They need to be skilled in techniques that will help them and others cope with uncertainty.
David Hancock, in his book Tame, Messy and Wicked Risk Leadership, says that a key driver of risk leadership is managing risk in a way that is value-creating. Of course, ‘value’ means different things to different stakeholders. The project manager’s challenge is to understand what those different interpretations are and find ways to link risk management to them.
In other words, risk leadership should be about a positive approach that allows the organization to adapt processes and tools to get the best possible outcome in an uncertain and complicated situation.
Two ways to do this are scenario planning and building relationships with people. Both these things will lay the ground-work so that if risks do materialize, the team is well prepared and able to tackle the challenges.
Knowing what we do of software projects, having a team that is well prepared to deal with the unexpected is a great competitive advantage. However well the project is managed, things outside of the project manager’s control will occasionally impact the project.
Few projects operate so independently that their context doesn’t matter. Context provides useful background information for the project manager, but it also means that the project has other influencing factors. Context is just another word for ‘things by which the project is affected’. The contextual elements provide a level of complexity; the project interacts with the things around it, and that is where risk leadership can be beneficial. Instead of just seeing processing risk as a linear activity, risk leadership takes into account all the contributing factors, and includes an appreciation that the world isn’t as straightforward as we’d sometimes like.
Learning to live with uncertainty can be uncomfortable, but given the increasing complexity of organizational operating models and ever more challenging projects, project managers need to step up and become prepared, consultative and effective risk leaders. Beyond the Risk Register!