HAPPY NEW YEAR: Two-faced risk management

From the Risk Insights from The Risk Doctor Blog
David Hillson, The Risk Doctor, shares key tips on understanding and managing risk, blending thought-leadership with expert practical application. Managing risk is easy - find out how!

About this Blog


Recent Posts

HAPPY NEW YEAR: Two-faced risk management

Zero chance of a zero-risk project

Innovative risk management

Why some risks turn into surprises

Are project opportunities the same as scope screep?

Categories: risk management

Welcome to 2018! In many languages the month January is named after Janus the two-faced Roman god of doorways, and the start of a new year is traditionally a time for review, looking back at the past 12 months and looking forward to the next. There is also a widespread custom of making “new year resolutions” to change something in the year ahead. Unfortunately, these resolutions usually last only a few weeks before old habits reassert themselves!

Calling someone “two-faced” isn’t usually a compliment, but when it comes to managing risk, it might actually be something to aim for. How can we be like Janus in our management of risk, looking backwards as well as forwards, at the same time?

Risk management is obviously about looking forwards, scanning the uncertain and unclear future in an attempt to discern what awaits us. It offers businesses, projects and individuals a “forward-looking radar”, identifying threats to be avoided and opportunities which might be captured. Even though the precise details of such uncertainties may remain unclear, the “risk radar” can make us aware of their location and size, helping us to formulate appropriate action plans in advance.

But what about the other direction, the “rear-view mirror”? Does the past have any relevance to risk management? How can risk management look backwards?

Strictly speaking there is no risk in the past, since it has already occurred (although we may remain uncertain about what actually happened and what it means!). But George Santayana said “Those who cannot remember the past are condemned to repeat it.” So we must review the past in order to learn for the future. For risk management this means addressing the following questions:

  • What types of risk can be identified on my project or business? Are there any generic risks that might affect similar projects?
  • Which identified risks actually occurred, and why? This includes problems that could have been foreseen as threats, and missed opportunities that could have been captured.
  • What preventative actions could have been taken to minimise or avoid threats? What proactive actions could have been taken to maximise or exploit opportunities?
  • Which identified risks did not occur, and why? Which responses were effective in managing risks, and which were ineffective?
  • How much effort was spent on the risk process, both to execute the process, and to implement responses?
  • Can any specific benefits be attributed to the risk process, e.g. reduced project duration or cost, increased business benefits or client satisfaction etc?

The results from this type of lessons-learned exercise can be used to update risk identification tools such as checklists, to incorporate preventative risk response strategies into future projects, and to improve the effectiveness of risk management. It might also be possible to estimate return on investment (ROI) for the risk process, by comparing specifically attributable benefits with process costs.

If we do not learn lessons from our past, we will repeat it. I often hear people say “This risk affects all our projects, and it usually happens!” This is shocking, from a risk perspective!! For a risk to happen once is understandable, since uncertain events can occur even on the best-managed projects. If the same risk occurs twice, that is unfortunate, because the chances should be less than the first time. But for the same risk to happen a third time is unacceptable, as it exposes a lack of learning from the past.

So as we stand on the threshold of another new year, we should look behind us as well as in front, using the rear-view mirror as well as the forward-looking radar. Of course, we must focus on the challenges ahead and use the risk process to help us move forward safely towards our objectives. But we must also remember our past, learn the lessons from our journey to this point, and not repeat the same mistakes. Happy New Year!

Posted on: January 01, 2018 11:08 AM | Permalink

Comments (10)

Please login or join to subscribe to this item
Thank you for the insight. I do suggest that PMs that are unfortunate to encounter a risk event the 2nd time, and that encounter a risk a 3rd time, be excused from criticism due to a failure of the Owner and it's PMO processes and knowledge management. The experience and Lessons Learned on projects is a value to the program managers and PMO leadership and it should be captured and be actionable to assure the recurrence of the same risk event is avoided or mitigated through proper planning on future projects and corrective action on projects running concurrence with the project that experienced the risk event.

Risk management is a progressive journey if we do not learn from what went wrong or right and why than we are likely to make the same mistakes over again. Reflection on a completed project and asking the questions to ourselves like What happened? Why? How did we perform ? How likely is a re-occurrence? What practical steps can be taken to change the outcome? etc are bound to have positive effects in our future projects.

Thanks Rami and Henry.

Henry, I agree with you that sometimes risks recur due to systemic failings outside the control of the project manager. But in my post I didn't say anything about criticism, and I do focus on the importance of learning lessons. In my view, these matters shouldn't be personal, they indicate a failing in the system - but that can and should be addressed.

Hi Najam, I agree with you. I wrote an article in September 2009 on the types of questions we need to ask when seeking to learn risk-related lessons. This is available in the Writing section of the Risk Doctor website (enter "Don't make the same misteak twice" in the Search box). I tried to include a link to the article, but the website content monitors said it broke the rules and deleted my post! I hope you can find the article from these details. If not, please send me your email address and I'll send it to you.

Thanks for sharing.
Happy new year and hope not to see the true Black Swans :-)

Thanks for sharing this. I agree that risk management is all about learning from past mistakes. We have to remember that the biggest risk lies within us: Sometimes we overestimate our abilities and underestimate what can go wrong.

@Anish. You're right - often we are blind to the risks that we bring to our own work. That's why we need open and trusting relationships with our team members, so that they can speak honestly about these matters. A mentor is also useful, who will hold up a mirror to our own behaviour and attitudes. And finally, as we develop our own emotional intelligence, we'll understand ourselves better and be able to moderate our own behaviour.
Thank you for your comments.

Please Login/Register to leave a comment.


"Peace comes from within. Do not seek it without."

- Buddha



Vendor Events

See all Vendor Events