I’ve been going back over my notes from the PMI Global Congress EMEA which was in London earlier this year and I realised I hadn’t written anything about Olivier Lazar’s presentation on budgeting and risk. I wasn’t sure what to expect but he raised some good points about ensuring your project budget accurately reflected potential issues and gave tips on how to do that.
He talked about the project budget structure as one that acted as an early warning system, integrating cost, scope and risk.
“Everything starts with an estimate,” he said. “An estimate is a risk.”
The truth about estimating
Estimating, Olivier explained:
“You fail it you have to react,” he said. “Project management is an activity of anticipation.”
Having said that, you can’t anticipate events in the future – unless your crystal ball works better than mine – but you can put mechanisms in place to maximise the opportunity to anticipate and avoid the wilful blindness that was discussed in other presentations during the conference.
Use your plan as a baseline
We all know that what you plan isn’t going to happen exactly as you had scheduled. Olivier said that we should consider the project plan as a baseline, not a map; a speedometer, not the GPS.
Usually, he went on, projects go over time and over budget because risk has not been adequately taken into account.
Therefore it’s important to plan the risk response as early as you can, because this helps you work out the cost. Risk response budgets can then be included in your budget, lowering the likelihood that you’ll go over your planned spending.
He recommended grouping risks together then identifying common response strategies, with a minimum of 3% contingency. You’ll want to increase the contingency reserves in these situations:
These circumstances reduce your ability to accurately identify the risk and so push the contingency up. Where you have low levels of uncertainty and ambiguity you can thoroughly identify risks (for example, in projects where you’ve done the same thing before) and thus be able to reduce the contingency reserves accordingly.
When you have identified risks (or threats) that have a high probability of occurrence, Oliver suggested integrating these fully into the project plan and identifying the opposite opportunity – the one that you could enhance or exploit.
Monitoring as you go
If 30% of your budget at completion has been used and yet 80% of your risk response budget is used up then you have a problem.
These figures show that a lot of things you thought were uncertain have actually happened – no one expects every single risk to really happen on their project because they are only risks, not certainties. If you merge your budget at completion, contingency reserves and risk budget together you might not be able to identify this situation as early. You’ll lose control and you can’t know what is happening because risk and contingency, Olivier explained, are not the same thing. Your risk and contingency budgets do not inflate your project budget (or reduce it, for that matter). They only give you more control.
If you are in this position then you need to act quickly to get your project back on track.
Review the scope statement and – while acting quickly – also take the time to react and review. Currently you are within budget so you may not have some of the triggers that you would expect, but consider this tracking your early warning sign.
Olivier concluded by saying that additional control lets you “move from panic and chaos to project management” and reiterated the idea of project management plan as the overall map for y our journey, not the step-by-step walking guide.
Have you split out risk and contingency budgets on your projects? I’d like to know what you think of this practice, so let me know in the comments.
I’ve spent a lot of time going through the PwC Global PPM Survey recently and there are lots of things in there that project managers can take away. The most important message – and this won’t come as a surprise – is that “the PM community needs to brush up on the basics.”
They give some statistics to support that:
That last statistic troubles me, because risk management is not a one-off activity. You can’t set up a risk log (on my other blog I have a free risk register template) and expect it to manage itself or expect the project’s environment to remain static to the point that no other risks manifest themselves during the life cycle. Risk management has to be a regular, ongoing activity.
Getting the project management basics right
The survey says:
“PMs can improve their performance in getting the basics right and help Executive Teams deliver programmes of change. Many of the improvements that can be made are basic PPM processes and should be part and parcel of every programme but are frequently not done well or are not done consistently.”
This is what I consider the basics.
First, set your objectives. Have a clear goal and a line of sight to that goal. Everything is easier when you have total clarity about what you are trying to achieve because every decision you make supports the journey to get there. (It also makes it easier to do point 3 below.)
Second, regularly measure progress. Apparently this is not always done in all programmes, although why you would invest in a programme of work and then not bother to check anyone is actually working on it is beyond me.
Third, have a process to manage changes. According to PwC’s maturity assessments, almost half of programmes don’t have established processes for managing change.
Fourth, build in time to reflect. You can’t do a good job when you and the team are stressed and under pressure. You need a moment to catch your breath, consider alternative solutions, work out what’s round the corner (be it positive or negative) and review lessons learned so you don’t make the same mistakes over and over again.
Fifth, manage your risks. Risks that aren’t managed cost you money. Risks that aren’t exploited miss you opportunities. Everyone needs a Plan B because you can never be too prepared, especially when you have a lot of time and money tied up in delivering transformational change.
All of these are basics, but they don’t need to be unwieldy or fully documented to be done well. The most important thing is talking about them. As the survey authors write:
“Whilst reviewing a risk register or ensuring a benefits tracker is up to date need to happen, what is most important is that the conversation around a particular risk is had with the right people to drive mitigating action.”
What other project management practices do you consider to be ‘the basics?’ Let me know in the comments below.
In his book, Project Management for Musicians Jonathan Feist talks about several ways to mitigate risk, and they aren’t the ‘avoid, mitigate, reduce, transfer’ approaches that you are used to. Those are good, but they are approaches, they aren’t actual measures that you can take to mitigate a risk. Here are the 7 ways that Feist suggests you can reduce the likelihood that something will become a project issue.
1. Good project management
Yep, following good project management principles is top of the list. Of course, having a lovely Gantt chart and an up-to-date risk register won’t guarantee project success but it does give you the best chance of putting in place plans to mitigate that risk.
Make sure your risk management processes are up to scratch and that you are able to easily follow through on mitigation actions. Good project management also helps manage against risks of going over budget or missing milestones, because you’ll naturally be doing the things to stop these becoming a massive problem.
2. Written agreements
While you always have to factor in how someone else will interpret your written communications, putting things in writing can limit misunderstandings. It also gives you a sense of formality when it comes to contracts and agreements. Getting it all down on paper increases the chance that nothing is being missed.
I love checklists and I use them all the time. As Feist says, “Checklists help you remember important details: procedures, gear items, points for conversations, people who need certain information, and more. Checklists are among the most effective tools used to reduce risk.” I have recently written a peer review checklist for my team – one of the many ways you can use checklists on a project to look at potential areas of concern and do something about them.
This means calculating data in several directions to confirm that it’s correct. You add rows as well as columns on your spreadsheet, or check the data in a dashboard as well as a tabular report. Find different ways to double-check your maths or working, even if this is as simple as having someone else check for you.
5. Empowering competent people
If something does go wrong, you want your project team to be able to act appropriately and make decisions quickly, not sit around wringing their hands until you come in to the office to sort it all out. If you have competent people on your project team (and I hope you do) instil a culture where they can make their own decisions. Set levels to their decision-making power as appropriate so that they aren’t deciding to spending another million dollars on the project without anyone else approving it, but give them the freedom they need to do the right thing.
Feist says that the higher the risk, the more you want to make sure that if you are delegating tasks they go to someone who is a safe pair of hands. This isn’t the time to be delegating work to a junior colleague as a ‘learning opportunity’!
6. Developing emergency plans
Having a Plan B is important, and a traditional risk management technique that you are probably familiar with. Sometimes just having a back up plan is enough to make sure that the risk doesn’t happen. However, in case you do need another approach to dealing with a problem, it is useful to have already thought through what you will need to do in the emergency. Get everyone involved so that they can swing into action if and when they are required.
7. Written instructions
Like checklists, these are a great help if you need to distribute detailed instructions or have tasks that need to be done over and over again. Written instructions can also help clarify expectations. For example, on an IT project with a testing element, written instructions for the testers will help get standardised results and ensure consistency across several testers.
Have you used any of these methods on your projects? Let us know in the comments.
Social communication tools are about using web-enabled technology to get things done more effectively. You may already have web-based project management tools that enable you to collaborate and communicate with your project stakeholders. This is the way that much of project management technology is going, but it isn’t without risk.
Managing the security risk
The security of project information is probably the largest concern for many executives, especially if you choose to adopt cloud-based technologies that store project data outside the organization and enable it to be accessed from anywhere. Whatever solution you adopt, ensure that it has adequate security and authentication protocols for your needs. You will also want to carry out some awareness training so that users know what is and is not appropriate to share on the forum.
This is particularly relevant if you are sharing information with third parties. You may choose a tool that allows you to successfully ring-fence content that your partners can see, reducing the implications for privacy. Social communication tools with few or no privacy settings can be perfectly adequate, but ensure that you know who is using the tool so that sensitive project data is kept secure.
The risk of social communications tools is that they move everything to an online space, whether your company hosts a product or you use a cloud-based provider to store your project data. Ensure that whatever solution you adopt has adequate back up and recovery options in case the worst happens. This is the reason why it is essential to involve your corporate IT department.
Corporate IT teams can also help you establish whether your chosen social communications tool has an audit trail and how you can best access this within the legal boundaries of monitoring an employee’s work. Audit trails are useful for finding out who was the last person to log in, use a document, comment in a discussion, amend the wiki and so on. In a straightforward project environment you shouldn’t need to use the audit trail information but in certain circumstances, such as dealing with a disgruntled employee, it may become necessary to track who has used the tool.
Managing the information overload risk
Social communications do not replace ‘offline’ communications. The connected project manager will still have to prepare written board reports, use emails, produce presentations and everything else he or she did before. Today, social communications rarely replace the need for project managers to communicate through other mechanisms. As a result, it is possible to feel overloaded by the volume of discussion happening in social communication tools. This additional channel requires constant attention, and it can feel like you are losing control.
There are a number of solutions to dealing with this including using aggregation tools (where they exist) to consolidate feeds from multiple channels into one location for you to review at your leisure. However, the easiest way to deal with overload is to ignore it. Switch off the feeds and stop following the discussions. It may feel as if you are losing your grip on the detail of the project but unless you were a particularly command-and-control style project manager you never had this grip anyway. Social communication tools make visible discussions that would have previously happened over email between team members or on the phone. You would not monitor your team members’ phone conversations, so don’t expect to need to monitor everything on the tool. You can train your team to flag important items to you, or implement a categorization system so that you only have to read items tagged with particular words.
Managing personal risk
Managing personal risk is less of an issue at work, and more of a potential problem if you choose to use social communication tools outside the workplace, for example, for career progression and networking. Many social project managers choose to display their personal profiles on professional networking sites, or to extend the personal social networks to work colleagues. This can be a straightforward and positive way of keeping in touch with colleagues, and is now so commonplace that project managers without a presence online can be at a disadvantage when it comes to finding out about job or training opportunities.
However, social project managers need to remember that the internet has a long memory. If you choose to post personal information about yourself online, your employer could see it. That includes holiday photos, comments about your workplace and colleagues and the jokes you choose to share with your network. For the main, professional project managers should have nothing to fear from sharing a bit of their personality with their contacts online. But you need to know where to draw the line, and that line is usually at the point where you wouldn’t mind if your manager saw the information. If you would not share it with your boss, don’t share it online.
This issue is also a concern on corporate social networks where project team members can provide their own profile information. In your profile and in your communications with your team members, make sure that you act professionally and respectfully at all times, as you would with face-to-face communication.
Follow any social media or communications policies in use in your company and where they don’t exist, use your common sense!
This is an edited excerpt, reprinted by permission of the publishers from ‘Managing Social Communications’ in The Gower Handbook of People in Project Management, edited by Dennis Lock and Lindsay Scott (Farnham, Gower, 2013).