Your Risk Management Probably Isn't Working

Andy Jordan is President of Roffensian Consulting S.A., a Roatan, Honduras-based management consulting firm with a comprehensive project management practice. Andy always appreciates feedback and discussion on the issues raised in his articles and can be reached at [email protected]. Andy's new book Risk Management for Project Driven Organizations is now available.

  Risk Management  

We all understand the importance of risk management. Unless we identify the risks that the project is exposed to, assess the potential for those risks to become real, and understand the potential impact they have, then we can’t effectively prioritize and manage the risk exposure our projects face.

However, for most PMs risk identification is arbitrary, risk analysis is rudimentary and risk management is delegated without oversight. So what’s the point in doing it? It’s time for a wake-up call for risk management—we’ve (virtually) all been doing it wrong for too long.

Bad from start to finish
I know that’s a strong statement, but it’s not just hyperbole to try and get you to read this article. I really believe most projects have inadequate risk management—and virtually every aspect of the process is flawed. Let’s start by looking at how risks are identified. Most PMs have a list of “standard” risks that they will always include in the risk register—inaccurate estimates, losing staff, missed requirements, etc.

Those provide a false sense of security that there is a good understanding of the risks that the project faces, and neither the PM nor members of the team put a lot of effort into supplementing that list. As a result, only the most obvious project-specific risks are identified and added to the…

Please log in or sign up below to read the rest of the article.