Tony Marks is the CEO of 20|20 Business Group.
He is the author of 20:20 Project Management, published by Kogan Page and a Fellow of The Association for Project Management.
This article written by Tony, was published in May’s edition of the Project Manager Today magazine.
Risk Management is perhaps one of the most important and under-utilised set of tools and techniques in a Project Manager’s Toolbox. Widely recognised as a standard process for Project Managers, it tends to get used once at the outset of a project and then consigned to an electronic filing cabinet – sometimes produced again at the end of a project for a Lessons Learned exercise. Risk Management is also often deployed as a one-dimensional negative approach to the management of time, cost and quality. This article makes the argument for a second look at how Risk Management is deployed, and how it can provide a three-dimensional approach in a more collaborative project environment.
The First Dimension – Conventional Risk (Threat) Management
The Management of Risk is one of the fundamental approaches of pro-active, rather than re-active project management. It is the best opportunity available to a project manager to pull together the widest possible input from stakeholders inside and outside the project team to give a project its best chance of success – and then to regularly engage with this wider team throughout the project lifecycle.
Risk management must be a continuous process for the professional Project Manager. It is important to ensure that risks are re-assessed at every stage of the project lifecycle, when any major change occurs, when a risk occurs, or otherwise at regular intervals throughout the project. Risks will disappear and new risks will emerge. Better risk mitigation strategies will become apparent. It is essential that risk management is ‘live’ throughout every stage of a project lifecycle and engages a wide group of stakeholders.
“As we know, there are known-knowns. There are things we know we know. We also know there are known-unknowns. That is to say, we know there are some things we do not know. But there are also unknown-unknowns, the ones we don’t know we don’t know.”
Donald Rumsfeld as Defence Secretary – United States of America
Donald Rumsfeld’s ‘unknown unknowns’ speech looks clumsy and confusing at first. However, it expresses the real issue around risk identification: we don’t know what we don’t know. This underlines the need to re-visit risk management regularly – and to draw upon the wider experience of a range of disciplines. Whilst every project is a ‘unique endeavour’ it can combine lots of pieces of work that have been done before and, most importantly, where risks have either been identified or come to happen.
A Risk Event is an uncertain event that can be defined as:
an uncertain event that, should it occur, will have an effect on the achievement of one or more of the project’s objectives
This level of understanding and the subsequent open communication of exposure is key to good decision making and helps to deliver the consistency of information required for stakeholders and sponsors so that objective decisions can be made. As importantly, stakeholders who are engaged in the process are much more likely to be supportive allies – understanding the risks from the outset and being provided with an opportunity to contribute mitigation strategies.
The Second Dimension – Opportunity Management
Here is a slightly expanded definition of risk management:
Risk is an uncertain event or condition which, if it occurs, would have a negative or positive impact on achievement of objectives (threat or opportunity).
Risks are not always negative events. Sometimes they can provide an opportunity and this adds the second dimension. For example, if a major project is delayed this might – depending on the contract – result in additional revenues for the contractor. Whether a risk is a threat or opportunity often depends on which side of the contract you are.
This alternative world of Opportunity Management is rarely considered in enough detail. Instead Risk Management tends to focus on the negative (threats), often resulting in the establishment of risk budgets, schedule contingency, and building spare capacity into the project as a coping mechanism. Another way to look at risk identification is to consider the positive and the negative, against internal and external factors. This can produce a list of opportunities in the same way that a SWOT analysis can be used for other business purposes:
Pro-active Threat and Opportunity Management can often lead to better ideas from the outset, and as a project progresses. Perhaps a new construction technique is identified; a contractor might be encouraged to deliver early; a contractual risk/reward mechanism could save time or money for both parties; currency fluctuations may benefit the project; a safer working method may be identified; limiting scope now may create more work later; and so on.
Project Managers should therefore develop and regularly review an Opportunity Register alongside their Risk (threat) Register. Often threats and opportunities can be closely tied with many risk events proving to be both a risk and an opportunity at the same time. Ensuring risk and opportunities are identified at every stage of the project needs good facilitation. The facilitator should be able to focus on the process – allowing a wide and mixed group of participants to interact with each other to identify the threats & opportunities, and then work through them looking for appropriate strategies. Some of these strategies will produce new threats & opportunities, so it is an iterative cycle.
To some this will sound like an extra overhead but surely pro-active Project Managers have a responsibility to bring intelligence and experience to bear? Otherwise the Project Team is merely plotting the progress of the project and allowing fate to decide on the success or otherwise of the project.
It is worth considering applying both Qualitative and Quantitative approaches to Risks and Opportunities. Most projects adopt a qualitative approach to risk management, analysing the types of risk that may occur in a project, their sources, knock-on effects, nature of impact etc. Such an analysis is very much based on the expertise, experience and knowledge of the individual team members who take part in the risk analysis. However, the risk process usually focuses on the negative approaches such as threat avoidance, transfer, reduction or acceptance. Project Managers should also consider the alternative Opportunity responses:
Many mature project management organisations adopt both a qualitative and a quantitative approach to gain the broadest possible view.
A Quantitative approach to risk does require statistical / historical data to predict the likely occurrence and impact of risks in a project. This method generally relies on there being available historical and statistical data on similar projects or components of the project, but it can also utilise the broader experience of the wider project team to predict the spread of risk and opportunities against a task or group of tasks. It relies on the processing of quantities of data and is best achieved using specialist software to run ‘Monte Carlo Method’ Simulations.
By design the Monte Carlo Method takes threats and opportunities equally into account. The main objective of creating a quantitative risk model for a project is to introduce some realism into costs and durations. This can be achieved by estimating a range of possible values for our costs and durations.
The simplest and most common range of ‘distribution’ is the triangular distribution where a value of minimum, most likely and maxim are selected. The probability of any value increases in value from the minimum to the most likely and reduces from the most likely to the maximum. However, the method supports any possible distribution of values – allowing opportunity to be considered alongside threat. These different distribution profiles bring a welcome realism into project schedules and budgets. When the different cost and schedule distributions are brought together by simulation software they result in an overall view of the likely results. For example, below it is possible to predict with some accuracy the percentage probability of different project end dates and budgets being met. Mature Client organisations may accept a certain probability, for example, a P60 (figures based on the 60% likelihood of a budget or schedule being met). The acceptable figure much depends on the organisation’s attitude to risk, but is founded on realism rather than a plan which is not subjected to quantitative risk analysis. Whereas traditional planning adopts an optimism bias, Quantitative Analysis recognises reality.
Unfortunately, many organisations still shy away from Quantitative Risk Analysis, despite its ability to bring together threats and opportunities into one picture. This may be to do with poor education or the approach being perceived as a ‘dark art’ performed by specialist practitioners.
The Third Dimension – Engagement & Collaboration
Much has been written of the attributes of good Project Managers but how much of this comes down to luck? – threats not occurring or opportunities accidentally helping to get projects back on track can make project management success a game of chance. Risk and Opportunity Management provides a method of harnessing expertise from across the wider project organisation and, perhaps as importantly, ensuring a high level of visibility of threats and opportunities from the outset of the project. With these practices established and constantly re-visited throughout the project lifecycle, the wise project manager gains a level of protection against subjective judgement – engaging the project’s stakeholders in the identification and management of threats and opportunities from the business case through to lessons learned. If threats and opportunities are identified, monitored, managed and communicated to stakeholders the Project Manager engages those stakeholders in their endeavour and, importantly for the Project Manager, gains allies in the perpetual struggle with cost, time and quality constraints.
Engagement of stakeholders is the critical third-dimension for any project manager. This involves constructive engagement as the first step – involving a wide range of people inside and outside the project organisation in sharing their ideas and strategies for dealing with threats and opportunities so that the best possible solutions can be found. The importance of regular communication and continued engagement provides the ‘buy in’ required to see the project through to a successful conclusion. It is a collaborative approach that becomes more important in a rapidly changing economic environment and can lead to project success for the Client and the Contractor(s) involved. Adversarial approaches have been found to fail more times than they concede and this brings us to Collaboration.
The positive aspects of collaboration, particularly between Client and Contractor(s), are much broader than risk management. However, it provides the most obvious stating point from project identification and definition through to project closure and handover. Working collaboratively, risks can be identified, monitored and reviewed from a collaborative stand point – providing the prospect of a much-improved contract. Rather than the Client organisation simply creating provisions for bad performance and shedding risks to the Contractor(s), and the Contractor(s) then having to factor in contingency and trying to avoid risk, collaboration offers the opportunity to work more closely to create the best approach and – where necessary – to incentivise the Contractor(s) using a risk/reward mechanism. The net result can be to increase the prospect of project success for all parties – a win/win scenario rather than the conventional win/lose approach.
It is time for a three-dimensional approach that bring together risk & opportunity with engagement & collaboration for better results.