By Conrado Morlan
Risk identification is one of the first tasks many project managers tackle when they’re assigned a new project. But identifying risks can’t be a one-time effort.
The risk log is a living document that needs to be scrubbed and updated on a regular basis. Future internal or external factors can always impact the project.
And while it may be natural to think of risks as negative, that’s not always the case. Risks can also present opportunities that uncover new project benefits or enhance the benefits that were originally defined.
Here are a few examples of risks—and opportunities—that emerged during a project and took me by surprise.
Force Majeure: The Eruptions of Eyjafjallajökull
The eruptions of Eyjafjallajökull in Iceland caused enormous disruption to air transportation across western and northern Europe in 2010.
While much of the media focused on air travel, freight-transport customers around the world also experienced parcel delivery delays.
At the time, I was deploying a regional project across the Americas for a global logistics firm. The project was put on hold so all employees could support the emergency effort to deliver parcels during the crisis.
The response plan rerouted flights originally scheduled for the hub in Germany to several cities in Italy where parcels were then transported via ground vehicles. And customer service representatives increased communication with customers about their shipment’s status.
In the end, the logistics company didn’t lose any customers and, in fact, many customers were pleased with how the force majeure was handled. The company also demonstrated to the customer the company’s effective emergency plan for crisis situations.
While this unforeseen risk delayed the regional project I was working on, I kept the project stakeholders informed frequently of the project team activities throughout the crisis and shared the actions to be taken to bring the project back on track.
Geopolitical Events: Fidel Castro’s Death
In December 2015, the United States and Cuba agreed to re-establish regularly scheduled flights, allowing selected U.S. airlines daily trips between the two countries.
During the first quarter of 2016, those airlines were launching projects to open new services to one or more destinations in Cuba. It was a daunting job. The projects would need to comply with U.S. and Cuban regulations. And information was not flowing rapidly between the two countries.
The airline I was supporting was awarded three Cuban destinations. But in November, while we were finalizing details for the first flight to Havana, we learned about Fidel Castro’s death.
During the mourning period, all communications with Cuban government officials and agencies were suspended. Trips airline employees working on the project had planned to take to Cuba were canceled.
The project team was uncertain what this delay would mean for the first scheduled flights to Havana. To address the potential risk, different scenarios that included the postponement and cancelation of flights were defined and mitigation plans were drafted for potential implementation.
After the mourning period, communications were restored and project activities normalized. Ultimately, the geopolitical event did not impact the scheduled flights, but it was a risk that could not have been anticipated.
As a project manager, what unforeseen risks have impacted your projects? How did you address and mitigate those risks?
Risk Priority vs. Risk Urgency
Categories: Risk Management
By Marian Haus, PMP
How do you identify the most important risk(s) to focus on during a project? It is the essential challenge of risk management.
One technique is the qualitative risks appraisal—using qualifiers to assess risk importance. Two popular qualifiers are risk priority and risk urgency. While the terms can have overlapping meanings, they each reflect different qualitative dimensions of project risks.
The Terms Defined
Risk priority combines the assessed likelihood of a risk to occur (i.e. risk probability) and its projected impact. Risk urgency, on the other hand, is a different risk dimension. It reflects the time criticality of a risk to occur.
By assessing risk priority, project managers can identify and focus on the high-priority risks. By appraising risk urgency project managers can ascertain the time left before measures or responses would need to be implemented. With risk priority the main focus is on the impact, whereas with risk urgency the main focus is on the measures or responses that are to be implemented in a timely fashion.
I see risk priority and risk urgency as complementary dimensions of risk management. They both deserve an equally important treatment from project managers.
Assessing Priority and Urgency
For some projects, project leads might treat risk priority and urgency separately. For others, they might combine the risk priority and the risk urgency to amplify the risk priority.
When treated separately, a very common approach to assess priority is the (probability x impact) matrix. Additionally, a (impact x urgency) matrix helps project managers focus on the high-impacting and immediate risks.
When treated together a (priority x urgency) matrix can help project managers assessing the risk severity, which is a derived qualitative risk dimension.
Here are two examples:
Risk #1: Our database will exceed its available disk-space capacity during the project.
Probability: Medium (considering the data volume increase observed over the past x months)
Impact: High (considering this could lead to business interruption and financial loses)
Urgency: A response might be needed in 4 to 6 months (the project runs for 12 months)
The (probability x impact) matrix will rank this risk as a high priority risk, yet the low urgency will categorize the same risk in a (impact x urgency) matrix as requiring monitoring rather than immediate action.
Risk #2: An approaching heavy storm may lead to power outages in our manufacturing line.
Probability: Medium (considering this has happened a few times in the past and our power reserve infrastructure is reliable)
Impact: High (considering this could lead to temporary production standstill)
Urgency: Verify immediately the status of the power reserve capacity
The (probability x impact) matrix will tell us that this risk cannot be ignored and the (impact x urgency) matrix will tell us that this risk requires immediate action and continuous risk monitoring.
The big takeaway: Risk #2 is both a priority and urgency risk.
How do you distinguish between risk priority and risk urgency?
By Marian Haus, PMP
The discipline of project risk management is all about limiting and hindering the adverse impacts of negative events. The complementary discipline of project opportunity management is all about increasing and enabling the beneficial outcomes of positive events.
In this post I want to look at both practices and treat them as a whole— Risk and Opportunity Management (ROM)—while showing that managing them is nothing more than common sense.
Internal vs. External
The risks and opportunities that are triggered by external project sources are generally out of the control of the project manager’s influence (e.g. organizational changes, political climate changes, strategy changes, technology shifts, etc.). External risks and opportunities are generally difficult to anticipate, avoid or eliminate. The best strategy to approach external factors is to mitigate their impact when they occur.
Most often, however, the source of project risks and opportunities are internal and can generally be controlled by the project manager and the project team (e.g. technical and quality issues, stakeholder requests, scheduling, requirements, budgets, etc.). Internal risks and opportunities are generally easier to anticipate, mitigate, control or exploit, since such events will show up in the day-to-day project work.
Now let’s talk about ROM.
The key of practicing effective ROM is twofold:
1. Awareness: The project team has to be aware that ROM will be conducted regularly, like any other project activity.
2. Active: ROM will have to be conducted actively and not reactively (e.g. when really needed).
Allowing things to happen, letting opportunities slip, or, even worse, being risk averse (i.e. zero tolerance for errors and failure) is not only project management negligence or ignorance. It is yet another project risk (of project-internal nature). Hence, make sure you as a project manager will not fall into this trap and become a risk for your own project!
What is the easiest way for your team to be aware and actively conduct ROM? First, put it on the paper—or even better, put it on the board. Allow the project team to write down every risk or opportunity they will encounter during the project course. Next, have the team split the board into four quadrants, based on probability and impact (i.e. low-probability + low-impact, low-probability + high-impact, high-probability + low-impact, high-probability + high-impact).
Then in regular project status meetings validate and agree within the project team on the recorded probabilities and impacts. Certainly there are several more elaborate ways to further qualify and analyze risks and opportunities (e.g. likelihood distributions, decision threes, etc.), but I prefer to keep it simple if possible.
Last but not least, actively capturing and talking about risk or opportunities is not enough. You also have to do something! You need a risk and opportunity response or strategy—whether it’s changing the project plan, getting more resources on board, changing project scope, etc. But that’s a topic for another day.
What do you think? Is ROM nothing more than common sense (at least in its basic form)? What’s your approach to ROM?
In my last post, I discussed the importance of getting risk identification right. Now, it’s time to tackle the challenge of qualitative risk analysis—which project practitioners often tend to confuse with subjective analysis.
Objective vs. Subjective Analysis
Subjective analysis is based on personal opinions, interpretation, points of view, emotions and judgment. It is often ill-suited for decision making and, in particular, for risk analysis.
Objective analysis is fact-based, measurable and observable. For qualitative risk analysis that means using scales to evaluate risk, whether textual (low, medium, high), color-coded (green, yellow, red) or numeric (from 1 to 5), or some combination of these.
Getting Qualitative Risk Analysis Right
Consider this all-to-common scenario: In a project team meeting to assess risks, the only available information is the risk name and the words high, medium and low. Because there is no definition on what high, medium and low mean, and because there is not enough information about individual risks, the risk analysis is based on guesses.
So how can project practitioners stop the guessing game and ensure objectivity? Here are seven tips:
1. Consult tools and standards: Qualitative analysis tools are mentioned not only in PMI’s A Guide to the Project Management Body of Knowledge (PMBOK® Guide) but also in PMI’s Practice Standard for Risk Management. For more risk management reference material, check ISO 31000:2009 and ISO 17666:2003.
2. Define qualitative scales in the risk management plan: The Committee of Sponsoring Organizations of the Treadway Commission’s Risk Assessment in Practice has created some good examples of what impact and probability scales could look like. (See pages 4 and 5). You may also want to check the Project Risk Management Handbook: A Scalable Approach (page 20).
3. Gather and document information about identified risks: Interview and involve relevant stakeholders, review lessons learned, document assumptions and information for each risk.
4. Adopt expert opinion, whenever possible: Get a second opinion from more experienced project managers, project management office leaders and other internal experts. If you are not familiar enough with risk identification and analysis for a particular project, hire external experts or consultants.
5. Consider using a risk breakdown structure: Grouping risks in categories helps in identifying root causes and in developing effective responses.
6. Assess probability, impact and urgency for individual risks: Investigate the likelihood of occurrence for each specific risk and its potential effect on project objectives (scope, schedule, cost), documenting the results according to the predefined qualitative scale levels.
7. Prioritize risks using the probability and impact matrix: Rate risks and develop your final probability and impact matrix to determine the need for further quantitative analysis and to plan for risk responses.
Adopting a well-defined qualitative scale and carefully assessing risk data and information will help your team perform better risk analyses. Do you agree with that? Please share your comments and experience.
3 Steps to Outsourcing Success
Nontraditional Project Management,
PM & the Economy,
Categories: Benefits Realization, Best Practices, Change Management, Complexity, Innovation, Innovation, Leadership, Leadership, Lessons Learned, Lessons Learned, Nontraditional Project Management, PM & the Economy, Program Management, Project Delivery, Project Failure, Project Planning, Project Requirements, Risk Management, ROI, Roundtable, Stakeholder, Strategy, Teams
By Peter Tarhanidis
When leaders use outsourcing it is often in an effort to enhance the organization’s value proposition to its stakeholders.
Outsourcing allows leaders to focus on and invest in the firm’s core services while using cost effective alternative sources of expertise for support services.
When services are outsourced, management and employees need to prepare for a transformation in organizational operations—and project managers must establish a strategy to guide that change.
Creating an Outsourcing Strategy
Project managers can help to create an effective outsourcing strategy based on a three-part structure:
1. Assess the current state
This assessment should define the firm’s:
2. Consider the “to-be” state
The to-be state should be designed based on a comprehensive evaluation and request for proposal, including a good list of best alternatives to negotiated agreement items.
The to-be state must consider:
3. Consider the governance required to sustain the future state
A new internal operating model needs to be formed. This includes establishing teams to manage the contract, such as senior sponsorship, an operational management team or a vendor management team.
Then the outsourcer and the outsourcing organization should focus on continuous improvements that can be made to the process.
Avoiding Outsourcing Pitfalls
Project managers can avoid a few common pitfalls in their outsourcing projects:
Overall, if done with a defined end in mind, leaders can capitalize on outsourcing by reducing operational costs, reinvesting those savings in core services, and providing access to expertise and IT systems that would normally not have been funded via capital appropriation.
Have you been a part of any outsourcing efforts? What advice would you offer to project managers involved in similar projects?