Project Management

Please login or join to subscribe to this thread

When you set out your risk and issue log - what are your top 3 risks, and why?

linkedin twitter facebook  
avatar
Russell Geake Project Management Consultant| Deciduous Partners Ltd Lostwithiel, Cornwall, United Kingdom
Just doing a spot more research - we have all managed Risk and Issue logs... but I'm trying to see how many of us actually think about the risks involved in the project, or do we get by with using basic risks that are vague and "easy" to handle. e.g. Staff sickness, technical failure, and goods damaged in transit. I've come across too many (failing) projects where risks are not adequately considered or managed.


Recently, one client hadn't visited their R&I log for over 6 months - no wonder the project was off the rails.

Sort By:
avatar
Julie Goff Brisbane, Q, Australia
I actively manage risks at all stages of the project and they are a standard agenda item on team and steercom meetings.
I also have a set of standard risks, but at the risk workshop at the start of the project I like to identify project specific risks.

I also manage the risk life cycle and ensure out of date risks are closed off so that we are only focussing on current risks or new risks, which means by the end of the project the only risks left are those that may be carried forward to benefits realisation or operational type risks that needs to be handed over with the project deliverables.
avatar
Wayne Mack Retired| Retired South Riding, Va, United States
I don't consider a risk as real unless there is an actual mitigation effort in place.

It is just a waste of space to include any risks that are "accepted." I see far too many projects have long lists of risks with "mitigations" such as the PM will monitor the solution or the PM will work closely with team B to resolve the issue. Those just say, we aren't doign anything to prevent the situation, we'll just react to it when it occurs. If that is the situation, why would I need to review the risks later? Why would an executive even care about the risks being raised? One needs to be incurring some cost and effort to prevent the risk from being realized.

Too many risk registers read like a whiny list of things that could go wrong. Focus on taking action to preclude the risk from occurring, and don't bother listing things that the team will just deal with when they arise.
avatar
Tim PM Project Manager| NHS Yes, United Kingdom
I certainly think of them often, and have mitigation in place where appropriate , and I always include a piece in them in project start-up meetings (both to explain the concept of risks v issues and to identify relevant ones) and review them briefly at every board.

However, it does seem that the risks which actually arise are those unusual and entirely unpredictable things which were never even identified let alone were being managed. From discovering a building floor-plan was not actually drawn to scale, or that a supplier decided to borrow your proposal and set up independently inside 48 hours of engaging them, to the sponsor making a wreck of their annual year finance review spreadsheet and wiping out 1/3rd of project budget, and getting their accountant to sign it off....
avatar
Peter Wright Programme Manager| BAE Systems Southport, Merseyside, United Kingdom
Risks need to be quantified as much as possible and too often software solutions and PM tools have 1 field for defining the risk, it's impact and in some instances the mitigation plan.

This becomes too difficult to read and manage clearly.

Risks should split out certain impact categories that Senior stakeholders /sponsors agree are impacts that would undermine the project (political , environmental, legal etc) these can be narrowed to the main three categories (cost, time, quality) in many industries.

The RAID log should then be created using the ability to score the risk based on the impact category and severity. so each category for each project is assigned it's own value e.g. cost >£100M scores 5 cost <£1 score 1. Then the overall risk score is a calculation of each of the category scores together.

This way you can then sort or arrange depending on the risks with the most severity impact and those standard "joe may not be available for 1 week" risks are likely to drop to the bottom of the sorted risk list.

Your problem will be on large projects is that you may have 10 risks with the same severity score and it then becomes a judgement of which ones you show if you only want / can show 3.

Please login or join to reply

Content ID:
ADVERTISEMENTS

"A thing worth having is a thing worth cheating for."

- W.C. Fields

ADVERTISEMENT

Sponsors







Vendor Events

See all Vendor Events

Newsletters

Jun 3: The Career Problem Facing New PMs
May 20: Your PM Career as a Project Life Cycle
May 13: The Big Lie After Layoffs

See all newsletters