In our recent post (5 attributes of a bad project manager) we discussed the attributes of bad project management. In that piece, we touched on Risk Management and described the impact that a poor risk management process can have on a project. Despite the fact that risk management is integral to the delivery of successful projects it continues to amaze us here how some Project teams fail so miserably at it. But why is that? With the process of risk management being so widely known, project teams should breeze through it, shouldn’t they? What’s really so difficult?
In most instances, I’d put it down to project teams looking to cut corners, or perhaps under pressure from other areas they take their eye off the ball. Whatever the root cause the reality is, unfortunately, that it does happen. But if you’re in the role of project governance what are the warning signs to look out for which indicate that risk management is being undervalued and poorly executed?
Here’s our list of 6 signs that your risk management sucks.
1/ Your risk plan has been created by the Project Manager in isolation
Successful project management requires the involvement of a broad range of stakeholders and subject matter experts. While the Project manager has a role to play they are not generally the fountain of all knowledge and therefore if they are trying to develop their list of risks and associated mitigation plans then they are likely to miss things which could spell disaster for your project if they materialize. Look out for which elements of team are involved in the process and how their inputs are reviewed and amalgamated into the broader plan.
2/ Poor mitigation plans & process
To stop a risk becoming an issue you’d usually undertake some form of risk mitigation, this is typically a set of actions that reduce the chances of the risk occurring. Even if you’ve done a great job in identifying risks if you fail to mitigate correctly then you’re failing to manage risk. Good mitigation has clear actions, owners, and timescales. Also, mitigation should cost money and schedule time. From a governance perspective, don’t just look at the list of risks but ensure that the team is working to lower their occurrence. Look for signs of a mitigation action plan. What’s the risk level pre & post-mitigation? Does the mitigation take an appropriate length of time in relation to the task? How has the project team ensured that the mitigation activity is robust?
3 The Project team is overly optimistic, “risk won’t happen to us”
Nobody likes to think the worst and if you’re a project manager you want to succeed perhaps more than anyone, so of course, thier can be a tendency to put positive spins on your project which can include being optimistic about both the quantity and level of risk associated with your project. Nevertheless, in doing so you can be shooting yourself in the foot by failing to manage risk appropriately enough by failing to put sufficient emphasis on the task and thereby securing required funding and resource to do the job properly. If your project team appears blase about risk and plays it down then this should potentially raise an alert and require further closer, attention.
4 No follow up or periodic risk reviews
I’ve lost count the number of times I’ve seen this happen. You can have a great risk review kick off, identify the key risks and controls and then never touch them again. Your risk review becomes outdated and boom, before you know it project failure. Risk management should be a continual process, one that requires a level of sustained resource and follow up over key actions and owners. This generally means that the level of risk is monitored throughout the lifetime of the project.
5 Schedule impacts of risk
As touched upon on point 2, risk mitigation usually involves a level of activity. It goes without saying that you should be seeing this in the project schedule. Depending on what the tasks are they should be driving a resource level and duration which is appropriate to the risk management plan that’s been devised.
6 Risk management budget
Aligned with point 5 there is often a budget impact on risk also. Both in terms of funding mitigation activity and in ensuring funds are put by to cover the costs of key risks turning into issues. In some cases, there may be no other mitigation step other than putting funds aside to cover the worst case scenario but whatever the case there is usually some budgetary impact. How has your project team looked to fund its risk plan? Are the finances well thought through, are they estimates or have they got supporting information and is it credible?
So there are our 6 points on how to spot poor risk management. Have your own thoughts? We’d love to hear them in the comments section below.