Mark WarnerProject Manager| AURATucson, Az, United States
I'm advising a new, modest-sized ($13M, 3-year) project. The effort will result in a "shovel-ready" design and plan for the construction of a large new climate-change research facility (which in turn will be on the order of $100M).
In reviewing the design team's initial Risk Register, the number of entries seems very light to me (16 identified risks). My own previous big-science design project at this same stage had roughly 80 identified risks, including both technical and programmatic. But my project was very different than this one.
Question: Do you folks have any rules of thumb or other metrics you use to evaluate the completeness/robustness of a risk register? E.g., X risks per 1 year of project schedule remaining, or Y risks per $1M planned budget, or??
I can't point to any specific risk that they're missing, but my 35-plus-year PM-sense is that their list isn't as complete as it should be. On the other hand, I don't want to recommend they do a complete new Risk Identification exercise without sufficient cause.
Any project bigger than a bread box will have almost an infinite number of risks (positive & negative).
The key is applying Dr. Hillson's definition of "uncertainty that matters" to whittle that number down.
It is possible that the project team had identified lots of risks, but had prioritized the 16 as the ones where active response was warranted and had discarded the others rather than putting them on a watch list.
Kiron
Agree. I think the bigger issue isn't whether they have met some benchmark for the number of risks.
I agree with following Hillson's approach to equating risks with uncertainty that matters. Most of the billions of uncertainties worldwide will not matter to a particular organization engaged in PM. However, any uncertainty that impacts is something one needs to consider, prepare for, and try to manage.
Risk is always and only linked to objectives. There are no risks if there are no objectives. The objectives are what is at risk. Objectives are what one is trying to achieve. After identifying those objectives, one looks for the uncertainties that could affect those objectives. Is that what they've done? If not, they are not finished identifying risks.
Is the design team the only one giving input on risks? What is not a risk to a particular department involved in this project may be a risk to another because one might have a different POV. Therefore, one must always keep objectives in mind and expand risk identification to any key stakeholders that may touch the project. Since organizations typically have a hierarchy of objectives, different risks matter at different levels. One risk could affect subcontractors. Another might affect customers. All of these variables are related to PM. Saving Changes...
The two concerns I have with most teams approach to risk identification & communication are:
1. Insufficient creativity and effort spent identifying subtle but high severity risks. The main reason we invest in risk management is to squeeze the "unknown unknown" portion of the uncertainty pie to get a handle on the heavy hitters. But too often, the effort is just spent identifying the obvious risks.
2. Poor wording of the risk events makes stakeholders ignore them. Without understanding the business impact if the risk is realized and ensuring the cause is specific enough, the risk won't matter to stakeholders.
These two concerns are of greater criticality than the absolute number of risks identified.
A project risk is a risk that affects your project's delivery. That should rule out pure risks (hazards) such as bankruptcy, floods, fires, etc. since these risks should already be handled by the enterprise, thus being enterprise risks.
It doesn't mean you should not consider if an enterprise risk has a unique impact on your project, thus requiring some management. On enterprise risks, you should only be looking at mitigation, contingency and fallback action plans required specifically for your project.
...
1 reply by Peter Rapin
Sep 22, 2022 12:09 PM
Peter Rapin
...
I would generally agree that enterprise risk should not be included in project risks however some critical projects are affected, or have an effect on, enterprise risk. As an example, enterprise bankruptcy typically is not shown in the project risk register although obviously affected by such. However, project failure may impact enterprise bankruptcy and should be identified in the enterprise risk register.
However, floods, fires, etc., can have a direct effect on a project especially when projects are located within flood plains, forested areas prone to wildfires, etc. Global warming may be a project risk consideration as it may not only affect your site and operations but also those of suppliers including delivery.
"A project risk is a risk that affects your project's delivery" - regardless of the source of the risk. Start with identification of ALL risks and narrow it down to those of significance.
Saving Changes...
Peter RapinSubject Matter Expect; Project Delivery| Independent ConsultantOntario, Canada
A project risk is a risk that affects your project's delivery. That should rule out pure risks (hazards) such as bankruptcy, floods, fires, etc. since these risks should already be handled by the enterprise, thus being enterprise risks.
It doesn't mean you should not consider if an enterprise risk has a unique impact on your project, thus requiring some management. On enterprise risks, you should only be looking at mitigation, contingency and fallback action plans required specifically for your project.
I would generally agree that enterprise risk should not be included in project risks however some critical projects are affected, or have an effect on, enterprise risk. As an example, enterprise bankruptcy typically is not shown in the project risk register although obviously affected by such. However, project failure may impact enterprise bankruptcy and should be identified in the enterprise risk register.
However, floods, fires, etc., can have a direct effect on a project especially when projects are located within flood plains, forested areas prone to wildfires, etc. Global warming may be a project risk consideration as it may not only affect your site and operations but also those of suppliers including delivery.
"A project risk is a risk that affects your project's delivery" - regardless of the source of the risk. Start with identification of ALL risks and narrow it down to those of significance. Saving Changes...
Thank you for amplifying my point, Peter Saving Changes...
Karen HollowayProject Manager| Huntington IngallsNewport News, Va, United States
Mark - I would think within the construction industry, there is a standard risk template of the most common risks you may encounter during any type of building project. From there, the question I would have is have all of the mitigations, contingencies, and triggers been identified for your specific project. Finally, I would work with the team to review whether or not all of the risks have been captured for your engagement and add others as appropriate.
...
1 reply by Peter Rapin
Sep 28, 2022 6:42 PM
Peter Rapin
...
From my experience there is no "standard risk template" for the construction industry. However, many parties within the industry may have their own formats and reference templates. The construction industry is made up of many different participants from construction owners, architects and engineers, construction managers, general contractors, trade contractors and suppliers, etc., each with their own issues, concerns and risks. Some of these risks float up to the top and some migrate to the bottom of the hierarchy. As an example, supply chain risk may affect all as may payment issues.
Using someone else's "standard" is a risk in itself.
Saving Changes...
Peter RapinSubject Matter Expect; Project Delivery| Independent ConsultantOntario, Canada
Sep 28, 2022 3:45 PM
Replying to Karen Holloway
...
Mark - I would think within the construction industry, there is a standard risk template of the most common risks you may encounter during any type of building project. From there, the question I would have is have all of the mitigations, contingencies, and triggers been identified for your specific project. Finally, I would work with the team to review whether or not all of the risks have been captured for your engagement and add others as appropriate.
From my experience there is no "standard risk template" for the construction industry. However, many parties within the industry may have their own formats and reference templates. The construction industry is made up of many different participants from construction owners, architects and engineers, construction managers, general contractors, trade contractors and suppliers, etc., each with their own issues, concerns and risks. Some of these risks float up to the top and some migrate to the bottom of the hierarchy. As an example, supply chain risk may affect all as may payment issues.
Using someone else's "standard" is a risk in itself. Saving Changes...
Latha Thamma reddiSr Product and Portfolio Management (Automation Innovation)| DXC TechnologyMckinney, Tx, United States
Nice Document, Even I have a concern on limit applied on risk and identification and management, Saving Changes...
Latha Thamma reddiSr Product and Portfolio Management (Automation Innovation)| DXC TechnologyMckinney, Tx, United States
Very Nice question and replies, Thanks for sharing!.. Saving Changes...
