Please login or join to subscribe to this thread
A properly formulated Risk Management Plan and Risk Register should address what you are labelling "unchallenged risks". What is the risk? Why is it a risk? What is the potential impact? How do we address it? How do we track it? Unchallenged risks become a risk.
However, the Risk Management Plan is usually developed and implemented by the project team and there can be a tendency to focus attention away from the project - identify all sorts of external risks, risks that cannot be influenced by the project team thus creating ready-made "excuses" for less than stellar project delivery. Market conditions, unavailability of resources, political influence, extreme weather conditions (acts of nature), social unrest, unpredictable competition, etc. "We would have been under budget if […...]. We initially identified it as a risk however had no opportunity to avoid or mitigate."
Interesting your question
Thanks for sharing
The climate (relationship) between the project manager and team members or between the team's lies (conflicts, poor help) clearly affects project deliverables and it may fall into the category ofn unchallenged Risks
All the time.
This is why I love Dr. Hillson's definition of risk as "uncertainty that matters". Whenever I teach risk management in my PM classes, I always emphasize that you need to make risk information matter to key stakeholders if you wish them to sit up, pay attention and implement risk responses.
A lot has to do with the risk appetite of the company and the key stakeholders. Psychological safety also plays into this.
In the same as we have watermelon reporting of actual project status, we get dilution and genericization (yes, that is a made up word) of risk information.
My favorite one is "If I don't get the resources we need, the project will be late". Great way to "pass the buck" or provide a CYA without being specific enough to shine the light on the constrained suppliers...
Thank you @Peter for resurrecting my question from second-page oblivion.
@Kiron, @Peter and @Luis:
- Is there a practical way to prevent the risk register from being a “politically hijacked CYA” instrument?
Breaking this pattern is difficult when the prime suspects for this type of content are the  sponsors,  project manager, and the  leads (done explicitly or through a proxy). How do we trump this ingrained human behavior to mitigate consequences?
As I suggested in the first post make abuse of the risk management process, (CYA and the like) identified project risks, analyze and provide for mitigation.
Risk: sponsor will hijack risk register.
Result: waste of resources.
Hopefully this will provide a forum to discuss, maybe avoid and as a last choice provide mitigation measures.
I try to develop and finalize the RMP and register as a collaborative effort through workshops. Hijacking becomes more difficult in that setting.
Please login or join to reply