Michael AdamsSolutions Architect| LANLLos Alamos, Nm, United States
The organization where I work does not engage in robust risk management. People seem to believe that risk analysis is too time consuming, and doesn't have a sufficient pay-off to be worthwhile. The assumption seems to be something to the effect of, "we'll cross that bridge when we come to it."
I like to approach risk analysis as a brain storming session, with a small team, and a strict time limit. This way, it doesn't end up taking too much time, and the team perspective is always better than that of an individual.
I'm curious how others approach this important task, how long does it take, how do you create buy-in for this phase? Saving Changes...
Sort By:
Mohamed SobairPrincipal Solution Architecture| FreelanceRiyadh, Riyadh, Saudi Arabia
Paying attention to Risk is important before the Actual project works.
Asking, What, How & When we will cross that bridge gives you the answer prior reaching the bridge. So by the time you reach the bridge , you have all the answers to cross it successfully even if you faced a sudden threat.
For known & Identified Risks , you already have Contingency plan and reserve which is part of your total budget estimate. It saves you big time work and cost than if it Actually happens when you dont have the right response plan.
Depending on the Project Type & Size, I usually approach it with the team by Giving them and myself the chance to list and identify all possible risks.
After that, we engage in a discussion to clearly elaborate on those identified risks and analyse it if possible before a Risk response Plan is in place.
Saving Changes...
Michael AdamsSolutions Architect| LANLLos Alamos, Nm, United States
Thanks Mohamed, your approach is similar to mine. I'm curious how you create buy-in though? I agree with your assessment, but many do not. Do you have a way of getting folks on-board? Saving Changes...
Mohamed SobairPrincipal Solution Architecture| FreelanceRiyadh, Riyadh, Saudi Arabia
Thanks Michael!
I dont have a Special way of getting team buy-in other than Explanation.
If I were you, I would explain the importance of Risk Management to the team, why its so important in Projects, Pros of Having it Versus the Cons of not having it ...etc.
I believe it would result positively if you approach it this way.
Leave your Power as a PM as a last resort. Saving Changes...
Philip AimufiaManaging Director| EYRancho Cucamonga, Ca, United States
First off, you need to define your risk management strategy and approach. This includes your risk management roles and responsibilities, cadence, processes (including escalation criteria), tools and standards for risk classification, scoring and ranking. Once this is defined, it may then be leveraged as guidance for identifying and assessing risks.
After identifying a risk (potential that something adverse will happen to scope, schedule, budget, quality or resources), the impact of it resulting in an issue should be quickly assessed to determine how critical it is. If the risk is not accepted, the urgency with which you race towards its mitigation and the resources you throw at it is determined by the outcome of this assessment. Saving Changes...
Raj JhajhariaProject Management and Risk Consultant| Self-employedAbu Dhabi, United Arab Emirates
I begin the process by defining Risk Appetite and Risk Tolerance for the project. Once this is defined, I lead the discussion by asking questions such as "What can stop us from achieving our objectives or goals?" For each of the answer collected, we estimate probability (%) and Consequence ($ loss). By multiplying both, we get the risk factor for each of the identified risks. Now, we apply our risk appetite and tolerance factors and determine which risk factors exceed our appetite and tolerance.
Attention is then focused on mitigating those risks that exceed our appetite and tolerance. We may address even other risks also which are within our appetite and tolerance in order to improve chances of success. However, this will depend upon the margin analysis (cost of mitigation vs. return expected).
Any risk can be mitigated by following the following principle (depending upon the application area):
1- Eliminate the cause
2- Reduce the probability and/or consequence
3- Isolate the hazard / source of risk from human contact
4- Provide Engineering (e.g. automation) and/or Administrative (e.g. step-by-step procedure) controls
5- Provide Personal Protective Equipment to the workers
6- Take Disciplinary actions against the habitual violators of company policies.
Saving Changes...
Andy KaufmanHost| People and Projects PodcastLake Zurich, Il, United States
Michael, an approach I've been using over the last year to identify risks is the "pre-mortem". It's a clever idea from Dr. Gary Klein. We're all familiar with the idea of a post-mortem: doing a lessons learned at the end of a project. Gary's approach takes an interesting twist on that idea.
Michael AdamsSolutions Architect| LANLLos Alamos, Nm, United States
Thank you, Philip and Raj for your input.
Andy, I like that idea a lot. It makes the whole process sort of fun, and perhaps side-steps resistance. It takes all the "significance" out of doing the risk analysis. Saving Changes...
Michael AdamsSolutions Architect| LANLLos Alamos, Nm, United States
Andy, I used a pre-mortem recently on a major project I'm managing to replace the local 911 emergency dispatcher software system. It is useful, and something I'll do regularly moving forward! Saving Changes...
Andy KaufmanHost| People and Projects PodcastLake Zurich, Il, United States
That's great, Michael! Glad to hear it! Thanks for the feedback. Have a great week! Saving Changes...
Michael AdamsSolutions Architect| LANLLos Alamos, Nm, United States
In fact, Andy, now that I think about it, I believe your suggestion here is what turned me on to the Harvard Business Review, which I read regularly now. So thanks!!!
