All you need to know about risk management
Some too many inexperienced managers neglect risk management, an essential step in project management, regardless of scope. By not considering risk prevention at its fair value, we condemn ourselves to endlessly repeating the same failures. Slackening risk management is nothing but a serious management error. Let's see how to identify the risks of the project and assess them to control them better.
What is risk management?
It is the process of analyzing, identifying, and controlling the threat to the organization's earning and capital. Risk is a more or less foreseeable possible danger that can affect the outcome of the project. It will not be possible to eliminate them all, and zero risk does not exist.
The whole question rests on the ability to anticipate the risk:
Are we capable of estimating the probability of occurrence of the risk and anticipating the possible impacts in terms of severity if the worst happens? How to prevent them? And, if so, how can it be remedied to cushion the impacts?
These are questions that deserve specific answers. But beware, not all risks are predictable, and you will have to reckon with the intangibles.
How to assess the risks?
Of course, it is inconceivable to consider guarding against all the dangers inherent in running a complex project. It is essential to carry out a complete and reasoned study of the more or less foreseeable potential risks to go beyond the stage of founded or unfounded beliefs. Rigorous analysis is a good guarantee of success. The simplest approach takes place in five major steps. The "heat" card
The following heat map is an example of a breakdown of the risks inventoried, taking into account the criticality and the probability of occurrence.
The red, "high heat" zone lists unacceptable risks at no cost. The yellow zone, "of medium heat," identifies those who require previously defined palliatives. Those in the green zone are acceptable according to the conditions defined when the table was drawn up.
The five steps of the Analysis method
Now let's see how to proceed in order to start the project while limiting as much as possible the risks of failure. This process takes place in 5 major steps, each as important as the other.1st step: Establish the risk inventory.
It is a matter of raking broad and considering all forms of risk (human, financial, organizational, and technological)
Type of potential risks: financial, organizational, technical, social, environmental are taken into account without exception.
- Information sources: Field surveys, exploration of the archives, analysis of the memory of previous achievements, consultation of experts. A wide consultation of all those who have approached a similar project in the past is a precious source of information.
- During this study, we understand the importance of establishing a memory of the projects carried out, whether they succeeded or failed.
2nd step: Valuing risks
Not all risks have the same probability of occurrence, and not all risks are equal in terms of criticality. It is a question during this stage of carrying out a rational classification.
- Gravity: The abscissa axis of the heat map above. This involves assessing the criticality of each risk in terms of impact, damage, and consequences. Again, we will not hesitate to explore the "collective" memory of past projects.
- Probability: The ordinate axis of the heat map above. Next, the criticality is evaluated in terms of probability of occurrence. This exercise is not the easiest, you can imagine. Precision is quite relative.
3rd step: Define the displays
For each risk, we will ask ourselves these three successive questions:
- Can we eliminate it?
- Can we limit the effects?
- Should we modify the progress of the project?
- Eliminate the risk. Is it possible to eliminate it by increasing resources or by integrating into the team new and more experienced specialists in the subject?
The cost will be one of the main judgment criteria.
- Limit the devastating effects of potential claims. Likewise, the solution is often on the side of optimizing resource management.
- Revise the project: Should we modify the orientations, limit the specifications, and find more peaceful alternatives even if they moderate ambitions and proceed with simplifications? A precaution to be taken on a case by case basis.
- Do not hesitate to limit the scope of the project to gain visibility. Short and quickly implemented projects are easier to manage and integrate into existing projects.
4th step: Identify the critical points
This step is often forgotten in risk studies. The risks are changing. The probability and criticality evolve as the project progresses. Certain phases of the project are more at risk than others. You have to identify them.
- Places and/or times when the probability and/or the gravity are the most important, the moments of the course where it will be necessary to redouble vigilance.
5th step: Revise the risk table
The risk table is not static. It should be reviewed regularly.
- Monitor the evolution over time of the criticality.
- This table is not static, nor is it insurance.
- Predicting danger is not protecting yourself from it!
- In addition, the potential dangerousness, as well as the probability of occurrence, evolves over time and progress.
- This table will be carefully monitored and updated very regularly.
How to do it?
Well, by involving as many people as possible, by digging through the archives, by encouraging the experts to communicate whatever they are, wherever they are? All the ups and downs of past projects, as well as the difficulties and how to solve them, are a wealth of resources for reflection prior to risk management. But it is still necessary to have taken care to record past experiences. The care taken during the course of each of the risk management stages is of paramount importance for the success of the project. The method proposed here is developed and detailed in the practical guide "The effective project manager," whose latest edition further strengthens this aspect.
Known risks and unknown risks
In fact, there are three categories of risk:
1) Known risks
2) Risks that we do not know but that we could know
3) Risks that we do not know and that we cannot know
Depending on the degree of maturity of the company in terms of project management, category number 1 will be more or less important.
Risk management, such as the one we have just carried out, aims precisely to transfer a maximum of potential risks from category 2) to category 1).
The risks of category 3 are not the famous black swans; these risks that we consider a priori impossible. These are all the risks that one will not think of, even with a perfectly conducted analysis.
Projects were combining in terms of complexity, a maximum of unknowns such as a technology that is too young, a project that is too long with multiple impacts, stakeholders that are too numerous and not very federated, etc.
In short, everything that complicates a project will increase this third category of unknown risks that we cannot know. The solution seems to make sense, and it is a plea for short projects, even if it means multiplying them to achieve the desired end.
- How to prevent risks
It is hardly possible to protect yourself from all the risks that threaten the successful completion of the project. That said, with good habits, you can easily prevent a good part of them. The first and most essential of these habits are to communicate. To communicate is to speak, to explain, but also to listen. It is to provoke discussion and invite all the company's actors, direct and indirect stakeholders, to give as much information as possible. Let's see what happens when the project manager prefers to stay in his corner.
- Successful risk management
Already we do not put anything into it. A lack of preparation is not a risk but negligence. In any case, risk management does not eliminate all risks, and it is better to stay alert.
Author: Vicki Lezama