Risk management is a way of making sure that uncertainties on a project are adequately controlled and managed. By thinking about what might go wrong, you can focus on how to stop that from happening.
There are also situations where something unknown might result in a positive benefit for your business – those are the type of risks we want to capitalize on and make the most of.
Either way, you can’t react appropriately to risk unless you know what it is. Risk management processes are the way that you do that.
In this article, we’ll share 5 simple steps for getting started with project risk management. As you can imagine, there’s more to making sure risk management is successful than what we can describe on this page, but this is a good overview of the core steps that you’ll need to go through in order to successfully use risk management techniques.
1. Get Buy In
Having the support of senior managers is crucial. They form part of the risk governance group that is a key role in the process of risk management.
It is far easier to implement a new risk management approach if you have executive level support. This should – in theory – be easy to get. You are asking for support to do work in a more structured, risk-aware way. This should lead to better project outcomes, less waste, more successful project deliveries. Plus, the whole approach to project risk management can be led by the PMO so shouldn’t involve much, if any, exec time once the go ahead in principle has been given. What’s not to like about that?
Once you have received the rubber stamp for the idea, share it. Let everyone know that the executive management team support this way of working. Then it’s time to move into the next step of working out how you will adopt better risk management across the project portfolio.
2. Choose An Approach
Business leaders should work with the PMO to design a project risk management approach that will work in your environment. You may already have project managers doing risk management on projects, and some level of corporate risk governance. All these current ways of working could provide you with some good practice and existing templates to use.
If a corporate risk management approach exists, your project-level risk management should align to that. For example, use the same risk categorization and impact/likelihood scales. This makes it easier to aggregate risks and see the whole company risk profile.
Talk to your project managers and find out what they currently do. You don’t have to adopt what they do, but it would be worth consulting them in any upcoming changes you have planned – they are definitely stakeholders in this project!
Whether you go for a prescriptive approach, or offer project managers a framework to operate within, make sure that everyone is clear on what they have to do.
3. Deliver Training
You can’t expect people to adopt a new way of working, and take risk management seriously, if they haven’t had any training in how to do so.
Risk management is often taught as an essential part of project management courses, so it’s likely that your project manager community will have had some exposure to risk management tools and techniques already. However, they may not all have the same level of understanding. Providing risk management training helps bring everyone to the same standard with the same knowledge. You can standardize the language used around risk management. You can introduce standard templates and expected ways of working.
Training goes beyond issuing people with a link to the documentation on the intranet. You should take the time to talk to project managers about why risk management is important and how you expect them to adopt it on their projects.
The Project Management Office can take the lead on training. Ideally, any training should also be extended to project sponsors so they understand the terminology and ideas behind the process.
If you have particular software that you are using to record and report project risk, such as Primavera P6, then make sure project team members have training on how to use those features.
4. Implement the Process
Now everyone is trained on what you expect them to do, the risk management approach can be implemented. All projects should adopt whatever systems, tools and processes you have specified and should start using them.
Make sure training materials, templates and documentation are easily accessible. You could store them on the intranet, in your collaboration tools, or link to them from your project management software tools.
Support people as they use the process for the first few times, and answer questions.
5. Review and Report
As with all processes, it’s sensible to review and make improvements as you go. Look at what is working and what project teams are struggling with. Tweak the process using the feedback received from the teams. For example, they may want to change the way that categories of risk are displayed in your enterprise project management software.
Often, once you start working with a process, easy improvements quickly come to light. Make these changes smoothly, and iterate towards a process that works for everyone involved.
Finally, report. Look at what risk reporting your software tools and processes are giving you. Consider ways to get the best management information out of your tools, so that project managers and senior stakeholders have access to information for decision-making.
You may find that the standard reporting templates you designed as part of the process are not really fit for purpose now that your teams are starting to use them. You’ll realize that stakeholders need other, more or less information and these changes need to be incorporated into the report. Build in all of these changes and continually keep the process under review so that you can create the best possible management information for your teams.
And that’s it! Risk management is conceptually easy to discuss, although slightly harder to make work in a real project environment. A risk management maturity assessment will help you establish where you are starting from so that you can take the right steps to embed risk management across all your projects.