Saturday, November 4, 2023

Risk Un-management

Assert: "The vast majority of identified project risks go unmanaged."
Is that assertion calibrated with historical performance? Actually not; it's more intuitive, after thinking about the numbers of risks a large-scale project encounters.

And, we're talking risks; not issues.
So when looking at this, keep the distinction in mind between a risk and an "issue"
  • Risks are events or outcomes that are characterized as having a probabilistic eventuality (meaning they may or may not occur) and a probabilistic impact, for which there is a root cause driving the uncertainties of outcome and impact. Example: There is a risk, when constructing a seawall, that storm surge may exceed some design limit, causing unusually severe damage, if a coincidence of high tide, moon, and storm peak should occur.

  • Issues are circumstances that encumber efficiencies, lead to rework, and generally hold back progress. Example: Dealing with the communication inefficiencies of language and time zone is an issue. Such is not a probabilistic; the circumstances are determined and somewhat fixed. The "costs" of time/language inefficiencies are to be baselined in the budget and schedule. 

Define unmanaged
When I say "unmanaged" I mean that a decision has been made, hopefully consciously, that the risk consequences will be addressed if and when an event occurs, rather than baselining a risk management plan to identify root cause and trying actively (that is, spend resources) to reduce impact and affect probable occurrence. 

And so you decide not to manage some risks. Who then pays for unmanaged consequences? Per se, their cost is not in the baseline. The first-order answer is project reserves. A second possibility is warranty premiums, or product-return reserves. Unfortunately, the user/owner may pay as well (hopefully, it doesn't come back to you in a lawsuit, but I used to be in the product liability business).

Unmanaged is a decision
There are several reasons why risks might go unmanaged or not be actively mitigated:

Lack of Awareness: Sometimes, project stakeholders and team members may not be fully aware of all the potential risks associated with a project.

Limited Resources: Projects, especially smaller ones, might lack the resources (both in terms of time and personnel) required for comprehensive risk management.

Overconfidence: Project managers or team members might be overly optimistic about the project's success and underestimate the potential risks.

Inadequate Planning: If the project planning phase is rushed or lacks thoroughness, potential risks might not be identified and addressed adequately.

Poor Communication: Ineffective communication among team members and stakeholders can lead to misunderstandings about project risks and how to manage them.

Organizational Culture: In some organizations, there might be a lack of a risk-aware culture, where risk management is not given due importance.

Recognizing the value of risk management
Project management methodologies like PMI's PMBOK and PRINCE2 emphasize the value of risk management to project success. There are well documented processes for identification, assessment, and mitigation of risks throughout the project lifecycle. So also are a myriad of standards from ISO, the U.S. DoD, NASA, AIA, and on and on in every major domain and industry. Experienced project managers understand the significance of managing risks.

While there are instances where risks are not managed, many organizations and project managers are smart enough and experienced enough to know they must actively engage in risk management to enhance the likelihood of project success.

Like this blog? You'll like my books also! Buy them at any online book retailer!