Hello my friend,
Risks are essential part of each business, project and task. On the one hand if something goes wrong due to unexpected things, it’s bad. But usually it just outlines improper risk management. As people say “no risk, no fun”, so let’s explore what actually we can do with risks.
Nature of the risks
In a perfect world you have ideal conditions for all you projects. You can make scope baseline, project schedule, cost estimation and that’s it. Everything is going to be as you have planned. The real world is much more complex, what leads to necessity of constantly reviewing the project context in order to identify, consider and manage risks.
One of the first key pillars is that you can’t foresee everything.
The first category of risks is known unknowns. There are things, which you are aware of, and which can either happen or not. You don’t know whether they happen, but you can at least identify them. It’s the first step in risk management. After that you can apply some kind of analysis like qualitative and/or quantitative analysis in order to get more accurate assessment of this risk. Based on this information you will prepare the necessary response plan.
But as it’s already stated, it’s always a room for unknown unknowns, which is the second category of risks. Actually such risks can have the most significant impact on the project as they might be quite painful.
Depending on your own maturity as project manager and maturity of your team, you will be able to predict risks, their probability and impact more precisely. The more risks are in known unknowns, the greater safety your project is in.
Positive and negative
The risk is not necessary something bad. The risk means that something can happen or not. Depending on the impact the risks are classified as negative (threats) and positive (opportunities). It’s quite easy to understand, as threats lead to negative impact on the project like delays, over budget and so on, whereas opportunities lead to positive impact on the project as increased performance, for instance.
Risk response strategy
The main objective for risk management is to provide adequate response activities for each risk. The “adequate” level is essential, as you shouldn’t spend 1000 Euros on responsive actions to the risk that leads to 100 Euros loss.
There are 7 possible strategies regarding risk responses, where 3 strategies are applicable for threats, 3 strategies are applicable for opportunities and one is common for both categories
|Threats (negative risks)||Opportunities (positive risks)|
|Avoid. Here we try to completely eliminate the occurrence of risks. So we do everything in order this event doesn’t happen at all.||Exploit. Here we try to ensure the occurrence of the opportunity. So we do everything in order this event happen at all.|
|Mitigate. Here we try to reduce the probability or impact of the risk’s occurrence. So we don’t completely eliminate it, but try to decrease its consequence.||Enhance. Here we try to increase the probability or impact of the risk’s occurrence. So we don’t completely ensure it, but try to improve its chances|
|Transfer. Here we make the third party responsible for the risk response. We don’t eliminate it; we just don’t deal with the threat ourselves.||Share. Here we transfer the responsibility for the risk to the third party, who can bring more benefits to the project.|
|Accept. We know that this risk can occur, but we don’t make any actions either to decrease its probability/impact in case of threats or to increase in in case of opportunities.|
Real world scenario
While I was working in Belarus, we did one big project, which was a building of the electronic toll collection system. Actually it’s a big WAN network that spans the whole country. One termination point of this WAN was the data center (actually two redundant DCs) in Minsk, the capital of the Belarus, whereas another point was a point of sale or, let’s say, point of enforcement. The last one is just a gate with the necessary equipment directly at the road. As a general contractor our team was responsible for designing and implementing this solution.
The first risk, which I want to describe, was a known unknown. Due to the very aggressive project schedule we knew that it was just impossible to delivery all the necessary network equipment in time. We weren’t able to avoid this risk, as it would increase the timeline and it was unacceptable. So we had to mitigate the negative impact. Despite the vendor-proprietary VPN technology we had to use equipment of other vendors as a temporary solution. We lost some network features for a couple of month, but we didn’t delay the launch.
The second risk in my story is unknown unknown. Many of the gates had to be launched without built infrastructure. It means that there was no electricity to power the devices and we used the diesel generators in order to provide power. The unknown unknown part here is that during the first installation a couple of these generators were just stolen. The main security measure was the chain that bundled the generator with the road fence. It was inadequate measure, so we had to postpone the roll out. We recruited new staff to secure the generators and bought several new generators. These things increased the project budget and made the schedule more constrained.
Our world is far from the perfect one. During different projects I always come to the idea that the best approach to the risk management is balance of experience and good methodology. If we use only one of the components, it isn’t sufficient. Just theory could provide the empty cup, whereas the experience is the water. The best combination is when you fill the cup with the water.
The risk management is a crucial part of the project. I’d say that it’s extremely important as improper risk assessment and mitigation can cause the project to be significantly delayed or even cancelled. That’s why risk identification, analyses and response must be done constantly thought the whole project life cycle. And the last but not least is that the risk management as well as other project management activities should be done in team.
There are two words you *will* learn to put together: Team-Mate © G.I. Jane