Risk Management Quick Fixes – Risk management is a large topic, and there are whole books written about it. So where do you start when you know you want to do something different – better – but don’t know exactly what that would look like?
Here are five questions, and five risk management quick fixes quick(ish) that you can implement in your business to improve the way you manage risk.
1. Do You Understand the Data From Risk Reports?
Project risk management processes generate risk reports. So do program managers and your Project Management Office team. Sometimes it feels like there is plenty of information being produced about risk, but does it really give you what you need to make the best choices?
On top of that, sometimes risk reports can be so complicated to interpret that it’s easier to do nothing with the data. We can (often wrongly) assume that because someone has handed you a summary report, they understand the detail and are actively managing the risk. Therefore there isn’t any need for us to take action ourselves.
Risk reporting shouldn’t just be to tick a box. It’s there to help business leaders make informed decisions about which projects need more management oversight, and which are potentially exposed to problems that need attention.
But if your risk reports are too complicated, or too basic, you aren’t able to take those steps.
Fix by: Using visual reporting to make sense of the information. Make sure you understand the risk reports well enough to be able to explain them to someone else.
Read next: What to consider with risk reporting
2. Do Risks Cascade Up and Down?
A program risk log should be made up of risks affecting the program as a whole and those major risks from the subsidiary projects. Equally, a portfolio risk log is made up of the significant risks from each program.
Risks cascade down, as well as up. If a program-level risk is identified, the project teams should be checking whether that could have an impact on their project, or other projects within the program, and if so, adding it to their lists too. In other words, risks should flow up and down through projects, programs and portfolios. And so should management actions.
When this doesn’t happen, management teams at the level above don’t have full visibility of the potential challenges for their work.
Fix by: Get the project managers and the PMO team to make sure risks are aggregated properly. Then you’ll be able to see the cumulative effects of risk across programs and portfolios.
3. Is There Strategic Alignment?
The risk profile for projects should be aligned to the level of risk your company is prepared to take in. For example, you might consider yourself a low risk business – you don’t want to introduce unnecessary risk to your shareholders at this time. But when you look at all the projects, the cumulative effect of all the project risk is high.
There’s no strategic alignment here. Check that your project mix, and the risk this presents, is what your business is prepared to accept.
Fix by: Look at the risk profile overall and make sure it fits with the profile you thought you had. Make changes if it doesn’t. You can take active steps to mitigate risks more aggressively, or change the priority of projects in the portfolio to manage the risk profile of the business overall.
4. Do People Talk About Risk Management?
Project, program and portfolio managers should be talking about risk regularly. To their teams, and to each other. They need to understand about risk, and work it into conversation in a way that feels natural. If you have to force yourself to get risk on the agenda, then it isn’t fully embedded in the culture of the way the team works.
Ideally, conversations about risk should be part of the fabric of the organization. Teams and leaders should be building risk management into their daily work.
Fix by: Making sure risk is on the agenda. Have risk management updates as a standard part of team or leadership meetings. Make sure the culture is open to talking about risk and there is no blame attached to bringing new risks to the attention of management.
5. Do You Have the Right Tools?
Are your teams equipped with the tools they need to manage risk in a productive and effective way? Or does it take your PMO team three days to prepare the monthly risk reports?
As your business grows, you need more sophisticated tools. There is definitely an efficiency benefit in upgrading your risk management tools, because you can get detailed information out with a click of a button instead of hours wrangling with spreadsheets. But there’s also a maturity benefit. Because the data is easier to collate and see, you can do more with it.
Having the right tools contributes to building a culture of business risk management, and that is definitely something to strive for.
Fix by: Invest in the tools you need to do risk management in a mature and considered way. A spreadsheet might work when you are a tiny start up, but as your business grows, you need enterprise tools that are capable of aggregating risk and producing powerful risk reports. Tools like Primavera will grow with you, and give you the visibility and management information you need to make the right decisions for your business.
Risk Management Quick Fixes
A risk management maturity assessment will help your teams work out what their next steps should be to building a risk culture. It can also consider the tools you have to help you manage risk across the organization, and give you the information you need to assess whether they are the right ones for you.
The fixes above are easy to write down, but a little harder to implement in real life. However, they aren’t impossible, and they certainly aren’t beyond any team wanting to make sure that business and project risk is adequately managed across their company.
Pick one fix to work on today and focus on that, then pick off other elements week by week. Over time, you will improve the way your business manages risk, and give your leadership team more confidence that the business is going from strength to strength.