Risk management is not just a beginning-of-the-project activity. To truly do it right it needs to be a living, breathing thing. It needs to be something you review and revisit regularly throughout the project. In fact, I’m a big proponent of creating a combined Issues/Risks list that gets reviewed every week with the customer as part of the project schedule and project status review. That way, you have your issues and risks in front of every key member of the project every week and nothing can ever get too far out of hand.
That said, I’m making it sound like I do a great job of always managing risks on my projects. I don’t. I try…but I don’t. Sure, the very highly visible projects get significant risk attention. So do the ones where the customers are concerned about risks and want the time spent on the activities surrounding risk management. But often customers are hesitant to spend a lot of money on project management and related activities – and risk management is one of those ‘related’ activities.
So, when you’re working on one of those less visible projects and you feel like you don’t have the time, dollars, or customer interest to really track risks in detail and the way they should be identified and managed, what do you do? I’ve always felt that – in those types of situations – they key is to focus on those critical threats that have a higher probability to occur and pose a real threat to the engagement. Spend less time on those issues that are unlikely to occur.
Determining impact thresholds
What that means is that you still have to sit down with your customer and your project team and identify risks up front. But what you’re really going to concern yourselves with are the risks that fall above some pre-determined threshold of likelihood to occur. Say, 50%. You and your team and your customer need to determine, as you go through the risks, what the likelihood that risk is to occur and impact your project. If it’s above 50%, document it. If it’s below 50%, toss it out.
You can even take it several steps further – by looking at it in terms of timeframe and budget impact. Let’s say you don’t care if a risk occurs as long as it won’t set the project back more than two weeks. Granted all of these assignments are arbitrary guesses by your team but the key is that you all agree on them and track them accordingly. So, any risk you identify that is more than 50% likely to occur and will impact your project by more than two weeks in terms of timeframe, track it. Next, consider budget. For example, will the total impact be greater than $10,000 (resources, equipment, etc.)? Now you’re only concerned with risks that are more than 50% likely to occur, will impact the project by more than two weeks, and will impact the project budget by more than $10,000.
This is one suggestion of a way to avoid tracking every single risk throughout the project if you feel overwhelmed or don’t have the time. The thresholds you set must be ones you set in complete agreement with the customer and your project team. Otherwise, there will still be finger pointing if and when one of the ignored risks jumps up to bite you. But it’s one way to minimize the amount of the budget and planning time spent on risk management if your resources are limited.
I invite our readers to share creative ways they go about managing risks on projects where it’s less than top priority to the paying customer or you simply don’t have the resources and time to spend tracking every single risk.