Preface
Experience has shown that risk management must be critical to project managers: Unmanaged or unmitigated risks are among the primary causes of project failure. What we know, we plan for—and we are successful more often than not. Without mitigation, however, risks will introduce chaos and failure into an otherwise well-planned and well-managed project. This book addresses the underlying process of successful risk management throughout a project’s lifecycle. It provides practical, tested, proactive risk management techniques for the practicing project manager and risk management awareness for project stakeholders.
BACKGROUND
Managing a successful project is like walking the highwire—it is a complex balancing act fraught with competing distractions. The successful tightrope walker has years of practice and starts training on a “low” wire. Much attention is paid to the setting of the guy wires and support poles to provide a predictable tension to the highwire. Moreover, intense concentration is required to focus on the task at hand and to ignore the noisy crowds. A prospective tightrope walker who does not pay attention to these prerequisites is sure to fall.
Likewise, rare is the project manager who can deal with the inherent risks, distractions, and complexities of project management without detailed plans and processes. Unfortunately, many project managers do not approach risk management with the same rigor they apply to other project management processes (i.e., scope/change management, issue management, conflict resolution, or deliverable-based work breakdown development and scheduling).
Over time, many project managers learn to manage risk by denial, sidestepping, and attempting to shield themselves. They develop various patterns of behavior to fend off the impact of risk-based failure, such as:
• Adding non-justified contingency time, money, or resources to the project plan (i.e., “padding” the estimate)
• Pointing fingers and placing blame elsewhere
• Begging forgiveness and renegotiating scope when the “unknowable” occurs
• Taking shortcuts in quality assurance activities in an attempt to avoid risk impact or missing milestones
• Eliminating infrastructure deliverables (e.g., training, metadata documentation)
• Reacting with an “it’s just one of those things” attitude and expecting the stakeholder to accept it.
The trouble with these behaviors is that they offer no opportunity for learning, so project managers repeat them.
All these behavior patterns are reactionary, lead to project failures, and serve to weaken the credibility and confidence of the project manager. However, there are proactive steps that a project manager can and should take to mitigate and minimize the impact of foreseeable risk-based failure.
The Project Environment
Before exploring the steps to successful project risk management, it is useful to examine the characteristics of some project environments. The project manager is selected from the ranks of successful “doers.” Correspondingly, membership on a project team comes as a positive recognition of past work and success. It naturally follows that project team planning and environment perceptions are positively focused (i.e., the project manager and team members are optimistic, positive individuals who believe they can do anything, without regard to time or resources). This does not imply failure, because many projects are successfully completed by the “superhuman” heroics of a few individuals. Over-optimism, however, represents a “Pollyanna” management approach and can lead to disaster.
During the project proposal and planning phases, the project manager draws on personal experience, the project team, and the stakeholder community to develop a project plan. Generally, a series of brainstorming sessions is held to define goals and objectives, set the boundaries of the project (i.e., scope), quantify deliverables, develop a project lifecycle approach, and establish the timetable, milestones, budget, and resources. This is the point in the project lifecycle when the team should identify risks and develop mitigation strategies; however, these steps are often neglected. Reasons for not spending the time and energy to examine risks carefully include:
• Quantifying risks could lead to non-funding of the project.
• The stakeholder doesn’t want to spend the time and energy.
• The stakeholder doesn’t believe the risks are real.
• The stakeholder wants a simple plan.
Another underlying force is at work here. Sociological trends and current philosophies of team building emphasize the need to be positive—problems are opportunities, risks are challenges to be overcome, negative thoughts are socially suppressed. In this environment, emphasizing risk results in being labeled a negative thinker and non-contributor—almost a pariah. It’s as if we’ve forgotten a basic survival instinct: risk aversion. Our evolution involved a systematic process of learning to avoid risks. For example, it is theorized that we first learned to stand upright so that we could see above the grasses, thereby avoiding predators and sighting food and shelter sources. Risk-averse behavior is a survival trait that we should remember, even in today’s sophisticated civilization.
Who Should Read This Book?
Project Risk Management is for everyone associated with a project. The project management neophyte, grizzled veteran project manager, and project sponsors all can use this book to better understand and contend with risk. Most people consider risk management to be the responsibility of the project manager; however, unmanaged risk affects everyone involved with a project.
Contents of This Book
There are positive, proactive steps that a project manager can take to manage and reduce risk. This book focuses on the processes needed to classify and identify risks, measure their impact, develop strategies to mitigate them, and plan for appropriate contingencies to minimize their impact.
The risk management processes discussed herein follow the standard project management lifecycle as outlined in the Project Management Institute’s (PMI) A Guide to the Project Management Body of Knowledge (PMBOK® Guide), 2000 Edition. The PMBOK® Guide outlines how to manage risk in each project phase, from project initiation through closure. It provides a set of processes, which, if implemented consistently, will dramatically reduce project risk to manageable proportions.
This book includes the following chapters:
• Chapter 1—Risk Management As a Process. This chapter defines the overall process of risk management and where it fits into the project lifecycle as defined by PMI in the PMBOK® Guide.
• Chapter 2—Initiation: Opportunity Assessment. Chapter 2 outlines a process for performing an initial risk and opportunity analysis of a potential project. Management can use the results to prioritize project selection. Project managers can use the results as initial input to risk identification and response planning.
• Chapter 3—Planning: Risk Management Planning. This chapter details the process for completing a risk analysis of the project as part of the planning process, including risk identification, categorization, developing a mitigation strategy, and contingency planning.
• Chapter 4—Execution: Project Risk Audit. Chapter 4 defines a process for performing project risk audits throughout the life of a project as an additional quality control process. This audit technique examines implemented project management processes, which, if not properly executed, become the source of significant risk.
• Chapter 5—Controlling: Risk Management. This chapter focuses on a continuing risk management process using the outputs of the risk management plan produced during the planning phase.
• Chapter 6—Closure: Risk Knowledge Transfer. Chapter 6 outlines a knowledge management process for increasing organizational awareness of risk and sharing risk experiences to reduce future risk-based project failure.
• Chapter 7—Program Risk Audit. The last chapter describes a technique and process for assessing the “temporal health” of a program of multiple interrelated projects. The technique concentrates on the organizational elements of program management.
Format of Each Chapter
To ensure consistency and increase understanding, each chapter of this book (except Chapter 1) is presented in four main sections:
• Introductory paragraphs
• Execution of the process
–Participants
–Timetable
–Process steps
–Deliverables
• Explanatory material (as required)
• Concluding remarks.
Paul S. Royer