Handling Project Risks

20 October, 2014

We have written about risks before. We have suggesting ways to identify risks and we have looked at Expected Monetary Value. However, identifying risks and prioritizing them is all very good, but what do you do when a risk materializes? In other words what risk response should you put in place?

This really depends on the nature of the risk and, before you dream up any specific response plan, you should first of all decide what your broad strategy for such a risk is. There are four choices for the Project Manager:

  1. You can accept the risk. This means that you are going to proceed with your project plans and not make changes to reduce the probability of the risk occurring or the impact of the risk if it does happen. However, you still must come up with a contingency plan in case it does occur on the project.
  2. You can avoid the risk. Suppose you are organizing a rock concert and you are offered a big-name singer to headline the event. However this big-name singer has a notorious substance-abuse history and has been known to miss events due to the after-effects of parties. A wise decision by the project manager would be to opt for a less risky headline act.
  3. You can mitigate the risk. Mitigation is where the Project Manager takes active steps to reduce the probability or impact of a risk occurring. For instance, if your project is the rock concert, you might invite the unreliable artist to accept your hospitality for a few days before the event. That way you can supervise access to illicit materials.
  4. You can transfer the risk. In essence this is insurance. If the event occurs, you get someone else to pay for repairs. However, the premium you pay is directly proportional to the risk the insurance company perceives. Taking steps to mitigate the risk before seeking out insurance is a worthwhile step - this is why insurance companies offer a discount on house insurance if you have a burglar alarm.

Having categorized each risk, the next step is to develop specific response plans. For instance, if you run a pub, a genuine risk is someone falling on your premises. The probability of this happening increases as the night goes on and the customers become more illuminated. Replacing highly polished floors with more tactile surfaces makes sense in this regard, but they might be more difficult to clean. Having cushioned chairs and stools helps too, as would padded tables. A more positive step would be to monitor customers and evict them before they get to the falling down stage.

Putting down flooring with good grip and monitoring the customers serves to mitigate, or reduce, the probability of a fall, while making sure anything they might hit on the way down is soft literally reduces the impact.

However, while we have taken reasonable steps to address the risk, we have not removed it altogether. The risk that remains is called the residual risk. If your risk response plan leaves an obvious residual, then you have a choice. You can accept the risk and argue that you have done all you can to mitigate it. This is a very frequent occurrence in all aspects of life, not alone in projects. Everything you do involves risk of some sort. To remove risk completely would effectively mean that we would have no freedom to do anything.

Alternatively, you could decide that there is no way you can respond to this event effectively and that the residual risk is simply too high. Then you might decide to avoid the risk entirely. If the prospect of someone falling in your pub keeps you awake at night, it might be time to consider a new line of business.

Finally, we need to review our risk responses to see if they introduce risks themselves. For instance, we could decide to install fire extinguishers around vital equipment in our company. However, using the fire extinguisher could cause damage to the equipment on par with the fire itself. This is called a secondary risk and often catches people by surprise. Essentially Project Managers get as far as dreaming up a risk response but never go the extra step and carry out risk analysis on the response.

A danger of Project Risk Management is that it can lead to a totally paranoid Project Manager. That is why Project Managers have to prioritize risks in terms of probability and impact (if you have done any Project Management Professional (PMP)® training, you will recall Perform Qualitative Risk Analysis). Dwelling on every possible risk could paralyse the entire project. However, having plans for the most likely and the most potentially destructive events will assist in making the overall project plans much more realistic and also justify any contingency you have included in your project’s schedule and budget

As part of our PMP® exam preparation courses we cover Project Risk Management. If you seek to develop your skills in this area, please visit our training page or contact us directly. For your convenience, our PMP® training is carried out in Dublin, Cork, Limerick and Galway.

By Velopi Seamus Collins

© 2018 Velopi : PMBOK, PMI and the R.E.P. logo, PMP, PgMP, CAPM, PMI-SP and PMI-RMP are registered marks of the Project Management Institute, Inc.

Web Development by Granite Digital