In the August issue of the Project Management Institute (PMI) publication, PM Network, there is an article on page 26 that talks about “7 Steps to Better Risk Management.” After reading the article, I would have to say I have a different opinion from the author.
He quoted PMI’s 2017 Pulse of the Profession Report, “only 60% of organizations always or often apply risk management practices.” One hundred percent of organizations manage risk all the time. Think back to the last project, event, or engagement of any kind you managed.
Did you ask yourself, what could go wrong or think in any way about alternatives in case something didn’t go as planned? Of course you did because humans are wired that way. We are designed by nature to create alternative paths/options based on experience and fear.
Now, you probably didn’t create a risk register and use Monty Carlo simulations to run probability of that risks impacting cost or schedule, but that’s okay. Risk management should not be seen as such a laborious and difficult thing to do! We all manage risk all the time–perhaps we don’t identify our fear of uncertainty with risk management, but that is what it is.
The author goes on to explain, “…it could take up to two years for your new risk management process to be ready for final implementation.”
Everyone reading this probably thought, are you telling me I have to talk my client into a year-long endeavor to manage risk? In my mind this would be a total failure in risk management because you can’t manage risk if you are still planning for it.
Here is what I recommend: start at from the top down. Deliver the 20% solution then refine from there. Most of the time people will voice concerns [risks] at the very start of a project (again humans are wired this way). When you begin identifying risks in a project, start with what is on the leadership’s minds and create the risk register with those top level risks. Gather your subject matter experts (SME) to talk about those risks, then rinse and repeat.
Based on SME perceptions, they will have far different inputs. Project risk management does not have to be laborious and difficult, nor does it take a year to come up with a plan.