Jan 2011 Issue: Risk Management

Welcome to Our January Issue

In this month’s issue, we’ll be once again focusing on Risk Management, as we did in October 2009. This topic is big enough to be repeated, though, and we have a number of helpful articles included below.

By the way, if you’re interested in expanding your knowledge in this area, we are currently offering a self-paced 2-course bundle consisting of Risk Management and Project Control. It’s a great value – you can earn 38 PDUs towards PMP continuing certification requirements for only $7 per PDU. Learn more here.

Lastly, we have another free webinar scheduled for January 25th about Building Realistic Project Schedules for Medical Device Projects.  Even if you are not in the medical device industry, there’ll be a lot of great tips that apply universally for better sheduling practices. Register here.

Included in this issue:

• What is a Risk?
• Project Management Q&A
• Risk Response: Is Your Plan in Place?
• Playing the Devil’s Advocate
• Ten Rules of Project Risk Management
• Be Specific About Risk

Next Issue: PM Tips & Tricks

If you’re not a regular subscriber, sign up for pmPractitioner today and be notified when next month’s issue is available!

pmPractitioner is published as a service to the project management community. Each issue provides practical project management solutions and tips adapted from a variety of business publications and resources.

What is a Risk?

For project risk management to provide intended benefits, risks must be understood and properly identified. At times, lists of identified risks include items that are not risks at all. When this occurs, the value of the risk process tends to become diluted. This leads to distraction, obscures genuine risks and causes frustration among participants.

When identifying risks, it is important to clearly differentiate between risk, cause and effect. Some project managers erroneously identify a cause or an effect as the risk.

Causes are definite circumstances that exist in the project environment which give rise to uncertainty.

They can include:

• Use of new, unproven technology
• Use of unskilled resources
• Project implementation in a politically unstable country

Effects are unplanned variations from project objectives (either positive or negative), which manifest when risks occur.

They can include:

• Overspending
• Missing a milestone
• Failing to satisfy a performance requirement

Risks are uncertain events that, if they occur, would affect project objectives.

They can include the possibility of:

• Failure to meet a planned productivity goal
• Supplier delivering earlier than planned
• Client’s expectations being misunderstood

Many risk specialists contend that risk identification is the most critical phase of the risk management process, since any risk not explicitly identified is being taken unconsciously. With this in mind, it’s essential that risk identification receives proper attention.

From Action for Results, Inc.

January Project Management Q&A

Test your project management knowledge with these questions or use them as an exercise to help prepare for your PMP certification exam.

1. The general name used in the PMBOK Guide for a contractor, subcontractor, vendor, service provider, or supplier is which of the following?

2. Due to your willingness to do extra things on the project as the project manager, others on the project team admire your efforts and look to you as a role model. By achieving role model status, you’ve gained power. This type of power is referred to as which of the following?

Answers appear at the end of the newsletter.

Risk Response: Is Your Plan in Place?

You’ve completed a significant amount of work identifying and analyzing your project risks. Have you determined how to deal with them if and when they materialize?

If not, now is the time to develop your risk response plan (sometimes termed the risk register).  Risk response planning is typically performed immediately after the qualitative and quantitative risk analysis processes are complete.

It is designed to:
1. Develop options and determine actions to enhance opportunities (positive risks) and

2. Develop options and determine actions to reduce threats (negative risks)

Once created, your plan will serve as the primary guidance document defining all risk responses and contingencies to be implemented across the project life cycle.

Here are the typical contents of a comprehensive risk response plan:

• Identified risks and all relevant characteristics of each risk, including causes and potential impact on project objectives.
• Risk owners who have responsibility for managing each risk.
• Results from the qualitative and quantitative risk analysis processes.
• Planned responses for each identified risk.
• Level of residual risk after plan is implemented.
• Actions to implement the response strategy for each risk.
• Budget and times for each response.
• Contingency and fallback plans.

From Action for Results, Inc.

Playing the Devil’s Advocate

When it comes time to brainstorm and discuss potential risks in a project, it’s always good to have a “devil’s advocate” on hand – someone who takes a contrary position in a group discussion. There should always be a group norm that encourages everyone to act as a critical thinker, challenging premature drives to consensus. However, assigning a team member to a formal devil’s advocate role can often encourage a more in-depth exploration of an issue or risk.

To be most effective:

• The devil’s advocate must have the absolute support of the group leader. When a designated dissenter becomes merely a token he will not be taken seriously.
• The devil’s advocate should be a good role player. It should not be clear what her actual position is. She should be able to argue as though she believed the dissenting viewpoint implicitly.
• Rotate among group members from meeting to meeting. This reduces the risk that over time group members will begin to confuse the advocate with the devil himself.
• The devil’s advocate should focus on the issues and refrain from personal attacks.

Adapted from When Sparks Fly: Igniting Creativity in Groups, Dorothy Leonard-Barton and Walter C. Swap, Harvard Business School Press, 1999

Ten Rules of Project Risk Management

The benefits of risk management in projects are huge. When you minimize the impact of project threats and seize the opportunities that occur, you can deliver your project on time, on budget and with the quality results your project sponsor demands. Also your team members will be much happier if they do not enter a “fire fighting” mode needed to repair the failures that could have been prevented.

Here are 10 golden rules to apply risk management successfully in your project.

Rule 1: Make Risk Management Part of Your ProjectIf you don’t truly embed risk management in your project, you cannot reap the full benefits of this approach.

Rule 2: Identify Risks Early in Your Project
This requires an open mind set that focuses on future scenarios that may occur.

Rule 3: Communicate About Risks
Consistently include risk communication in the tasks you carry out. Don’t surprise your boss, stakeholder or team with impending disaster!

Rule 4: Consider Both Threats and Opportunities
Project risks have a negative connotation but modern risk approaches also focus on positive risks, the project opportunities.

Rule 5: Clarify Ownership Issues
Make it clear who is responsible for what risk! Someone has to feel the heat if a risk is not taken care of properly.

Rule 6: Prioritize Risks
Spend your time on the risks that can cause the biggest losses and gains.

Rule 7: Analyze Risks
Understanding the nature of a risk is a precondition for a good response.

Rule 8: Plan and Implement Risks Responses
Implementing a risk response is the activity that actually adds value to your project.

Rule 9: Register Project Risks
Maintaining a risk log enables you to view progress and make sure that you won’t forget a risk or two.

Rule 10: Track Risks and Associated Tasks
Tracking tasks is a day-to-day job for each project manager. Integrating risk tasks into that daily routine is the easiest solution.

For the full article, visit ProjectSmart.

Adapted from Ten Golden Rules of Project Risk Management, Bart Jutte

Be Specific About Risk

If you are having difficulty defining your project risks clearly, use risk meta-language to help you differentiate the risk, its cause and its effect.

Here’s an example:

“As a result of (definite cause), (uncertain event) may occur, which would lead to (effect on objective).”

Also, it may help to use “if-then” statements to create specific responses to the identified risks. If the response is so broad as to be unreasonable to implement, you may need to break down the risk more specifically.

From Action for Results, Inc.

Answers to January Q&A

1. The correct answer is ‘a’ (Seller). PMBOK does not refer to the membership makeup of the PMO.

The PMBOK uses the general terms Buyer and Seller. “Seller” has the alternate names shown above. Buyers are also called clients, customers, acquiring organizations, and so on.

Answer ‘b’ (Manufacturer) is incorrect. Manufacturer is not one of the alternate names for “seller” used in the PMBOK Guide.

[Initiation], PMBOK Guide, Fourth Edition, p. 316

2. The correct answer is ‘c’ (Referent power).

The type of power you as the project manager would be demonstrating in this example is a power which has been earned due to admiration. The project team wants to follow you as a role model. 

Answer ‘d’ (Information power) refers to power derived by controlling the dissemination of key information to project personnel.

[Execution], Verma, Vijay, The Human Aspects of Project Management, Volume Two, Human Resource Skills for the Project Management, (C) 1996 PMI., p. 233