My feeling is that risk management isn't really done on a regular basis, except maybe for large projects or mature organizations, and that a majority of projects don't do risk management. But I don't know if this thinking is really true or not. Are there any thoughts on this board on this statement? Saving Changes...
Ketan KarkhanisKetan A Karkhanis| CiscoSunnyvale, Ca, United States
Hi Sameer,
Context for my answer : I do not discount the need of Tools, Techniques and Templates ( 3 T's - i just made up this initialism),however I believe any PM can make use of the 3 T's.
What sets you apart in terms of a successful project manager and differentiates you from the crowd is how effective you can be at people management.
I strongly believe that people management and people integration (across ideas, cultures,professional backgrounds, specialties) are the most critical skills a PM needs to have.
With this context in mind, and I repeat- WITHOUT discounting the need of the 3 T's, here is the answer to your question
( Reposting your question here -----"Hi Ketan
Could you please tell me in more detail how would you do this:
4) Give your guys the political cover they need so that they do not start identifying stupid risks just to ensure they do not get screwed."
-----------------------
There are several ways you can do this
1) Ensure Accountability is fairly distributed in the team
2) Ensure you as the PM take accountability for the over all project
3) When things get screwed up, do not do a postmortem prior to fixing the Problem(does not mean you do not do a root cause analysis). Do not single out folks for blame. Work with them quietly to correct the issue.
4)BE absolutely fair when blame is established (especially when you screwed up)
5) Back up your team : If the mistake is a honest mistake, don't send them to the gallows. Work with them to correct the structural cause of the issue . (This does not mean you should overlook illegal or unethical behavior.. there is no excuses for that)
It is impossible to identify all the risks. Things will screw up. Thats OK !
The recovery is more important than the fumble
6)Open communication : Be candid about the challenges you and the team faces
7) Be politically savvy and build relationships with the influencers in your organization (i.e Identify the decision makers, then identify who do these decision makers listen to prior to making decisions and build a good rapport with them). You will need them to create the cover I mentioned
In the long run...A team cannot be a winning team and productive if they are constantly looking over their shoulders.
Not sure if this helped.. In case it did not I would really appreciate your critique
Saving Changes...
Anonymous
There are some good responses to my original question, and I thank everyone for their input. I am curious about a few areas:
- Sameer - I am only a bit familiar with PRINCE2 - does that mean to be compliant with PRINCE2 (since it is a full fledged methodology), a PM MUST perform risk management?
- Ketan - what are examples of "stupid risks"? I'm afraid I still didn't understand what you meant by that Saving Changes...
Sameer MitterWorcester, Worcestershire, United Kingdom
Yes Risk Management is an integral part of Prince 2 Methodology, but since no one company follows one fixed Project Management Methodology & due to the flexible nature of Prince 2, this seems to get missed.
Selva Saravana PuvananthiranDelivery Lead Senior Manager| Accenture Solutions Private LimitedChennai, Tamil Nadu, India
Thanks Hans for providing the link to the article on Risk. We, in our present organization, made it a practice to review/add all the risks during our weekly meetings. Saving Changes...
Hans RobbersSenior Director| SalesforceVlissingen, Netherlands
Magesh
Thanks for letting me know. Let me know if I can be of any further help
Hi,
In my view, every project we take, we do risk management. How detailed that varies from PM to PM, account to account, Project to Project, and organization to organization.
One thing, I must say for any organization that considers projects as their mainstream activities, they must have some general guidelines on how organization values the efforts in Risk Management and what is their framework of risk management.
Risk management needs a culture at the organization level in order to provide it more visibility and attention.
Best Regards,
pcbinwal Saving Changes...
Gabrielle MaherPMO Consultant| IndependentLondon, London, United Kingdom
Hi - most Project Mangers have what we call in the UK 'RAID logs' - Risks, Assumptions, Issues and Dependency logs. This is a project control document and needs to be managed by the PM throughout the entire project - and reviewed at least weekly.
You should run a risk workshop at project startup - before the project is commissioned - once your are assigned to project manage a project. This should be done before the project is signed off / comissioned by a sponsor so that the business sponsor is aware from the outset about how much risk they are taking on. Good practice would include a PM completing a risks protential assessment form.
For risks you need to assess the probability of the risk, impact and mitigation strategy. Most people use 3x3 or 5x5 matrix to calculate probability and impact of risks - where say a 5x5 is a show stopper - and a 1x1 is a low probability low impact risk. You also need to identify the owner of the risk - and advise them of same!!
Equally projects that carry a high level of risk - should agree a risk contingency budget available to them if required -this should be agreed early on in the project.
Equally you should be providing commentary on your status report re. the status of Risks, Assumptions, Issues and Dependencies.
Risk is based around uncertainty and the probability of future events. Risks that become a reality - become project issues.
The point of risk management is avoidance - you can't help what has already happened (issues) - but you can try to mitigate again what has not yet happened - you need to actively reduce the probability and impact of risks where possible.
Equally the same is true of Assumptions - where an assumption proves to be invalid - then it becomes a risk or an issue. Dependencies should also be considered - inbound and outbound - and external dependencies in a RAID log.
Most project management methodology discuss RAID management. The OGC in the UK have a publication around risk management - its available on their website. M_O_R (mangement of risk.).
http://www.ogc.gov.uk/guidance_management_of_risk.asp You can also use this website to read up on PRINCE2 (Projects in Controlled Environments) which is another OGC product - PM best practice framework.
Cheers
Gabrielle
Saving Changes...
Peter WrightProgramme Manager| BAE SystemsSouthport, Merseyside, United Kingdom
I am seeing RAID Logs are becoming the norm, but as to whether "correct" risk management is being undertaken I would have to say no. Not enough PM's have had any formal Risk analysis training and it is sometimes difficult within medium to large businesses to identify peopl(SME's) with that skill set.
I have developed a RAID Log for open use, I am waiting to see if it will be issued on Gantthead but until then I have made it available on my Full Profile on LinkedIn http://www.linkedin.com/in/peterwrightpmprofessional
I find Risk management is not driven from top down and is only done in the Finance and PM functions generally. Saving Changes...
Anonymous
Thanks Peter. And that was the purpose of my original post - that PMs know how to do risk management, and there are many tools to support it - but how many actually perform it? I believe this is a question that not too many PMs would like to admit to. Saving Changes...
Yogish KASenior Technical Manager| Safran Engineering Services IndiaBangalore, Karnataka, India
Hi,
You have brought in a good point for discussion.... and the point you have made is a good observation but i reality i feel that we do risk management irrespective of the size of the project. Infact, in big projects or in organizations where the processes are followed strictly, in such places the risk management is more organized. But in other cases too the risk management is performed unknowingly or rather they might not be document. But certainly the risks are discussed with in the team and also they wil be managed periodically during the status meetings and other meetings. The risk management is done irrespective of the size of the project or organization but what matters is how we document it and also do the follow up of the same Saving Changes...
