Major Sources of Risk in a Project
I headed out without an umbrella yesterday – and given the look of the sky, that was quite the risk. It paid off as I made it back home before the storm started.
Risk is everywhere, and your business is full of it. Projects are a specific risk zone because they focus on delivering new things and perhaps working in new ways. Newness always brings an element of risk with it.
If you are starting a new project, or considering your internal risk management processes, it helps to have a list as a starting point for the major sources of risk in projects. Your project managers and teams can use that as a starting point for brainstorming what could potentially cause problems during their work.
We’ve done the hard work for you. Here’s a list of 4 causes of project risk.
1. Project scale
How big is the project? There are two ways of looking at project scale:
- Absolute size: Measured by how much money is being invested in the project, how large the team is, how long the work will take and the change impact expected as a result.
- Relative size: Measured by the same factors, but in comparison to other projects in the portfolio.
For example, building a nuclear power station would rank as a megaproject, but for a company that routinely builds nuclear power stations, a small one would be an easier, less complex project than a site expected to generated five times the electricity.
Typically, the larger the project, the more chance there is that some aspect of the scale will cause risk.
2. Project environment
The environment the project is taking place in can also create or worsen project risk. A management culture that doesn’t pay much attention to risk would lack the oversight to act appropriately, and therefore increase the likelihood that any risk would have a more significant effect, because it wouldn’t have been managed properly in the first place.
As you are reading this, I’m assuming your workplace does not fall into that category. However, it’s still worth reviewing your project environment to see what aspects of it could influence and introduce risk. For example:
- How resilient is the organization? If something went wrong, what is the capacity to bounce back?
- Is there a culture of learning from mistakes and tolerance for experimenting with new approaches?
- Is there an adequate governance process?
- Is there a way of tying project risk to program and portfolio risk, and ultimately aligning all those with enterprise risk management processes?
3. Project uncertainty
It’s no surprise that the more uncertain the outcome, the more likely it is the project will fall into the ‘risky’ category.
Uncertainty is driven by lots of things. Here are the three main aspects to consider.
- Uncertainty of the solution. The team isn’t clear on what it is they are supposed to be delivering or what the client wants. The scope is managed by progressive elaboration and experimentation, and may evolve significantly over time.
- Uncertainty of the delivery approach. The team isn’t clear on how they are supposed to be delivering the work. This includes lack of clarity around the project management approach – iterative, predictive or hybrid. It also covers uncertainty around the tools to deliver the solution, for example, new IT systems or innovative manufacturing techniques.
- Uncertainty of context. There may be socio-political factors that affect the stability of the team and the project. For example, changing government policies, internal leadership challenges, the impact of pressure groups or social lobbyists and so on.
- Uncertainty of resource. The project may be a challenging ‘ask’ for the team, especially if they are new to working together or there is a low maturity in project management culture.
4. Project significance
The more significant the project to your business, the more important it is to adequately manage risk – and the more risk to the business the project is likely to carry.
‘Significance’ can take various forms and will mean different things to different businesses. Here are some common ways to determine how significant a project is to your organization.
- How much money are you putting on the line with this project? This is another measure of scale. It’s important to have the whole financial picture so the team fully understands the amount of money exposed by failure.
- How much reputational damage will the organization suffer if this project is not successful? Reputational damage can have more impact than loss of money, in some cases.
- Change implications. What are the implications for the business if the project is delayed or doesn’t complete at all? There could be implications for staff morale, hitting strategic goals, promises made to investors and so on.
- Client impact. How much impact will this project have on clients if it is not successful? In an agency or consulting environment, the damage to client relations could adversely affect the business overall.
All of these aspects will drive risk and also your approaches to managing risk.
The good news is that all project risk is manageable. You simply need to have the risk management processes in place to uncover it and manage it. If you aren’t convinced your current processes are up to the job, a risk maturity assessment is the place to start.
It’s a good idea to review your existing processes and look for opportunities for improvement before taking on any new, complex, significant piece of work. Then you can have confidence that the framework is in place to support your teams, whatever risks they might be facing on their projects. Even on the days that it rains.