Risks are dependant on a multitude of things and serve as triggers. These dependencies help to identify and measure the impact of the risks; here are just a few of these dependencies.
- Product and service offerings
- Client, vendor, sponsor and project team expectations
- Industry norms
- Buy-in levels
- Cultural differences
Once the dependencies can be determined, it becomes much clearer which of the following risks are likely:
- Cost overruns
- Scheduling issues
- Agreement/contract disputes
- Technology deficiencies
- Legislative and legal issues
- Resourcing levels
- Other Internal and external environmental concerns etc.
Should all risks be avoided?
Not all risks can or should be completely avoided. There will be times where this simply can't be done and other strategies should be considered. Getting to the point of knowing the best strategy can be dependant on many things such as priority, company policies, management outlook, external factors, stakeholder preference etc. To determine the best strategy, project and company leaders, team members and stakeholders should work through the following process.
Identify potential risks by first identifying the dependencies that might trigger them. Getting this step right is key to being able to accurately define the points of impact.
Evaluate the impact and rate the impact to the project success and overall company goals. Remember the project must ultimately serve a strategic business purpose.
Plan for the risk(s) as all projects will come with some risk. Determine the best risk management strategy based on the likely outcome and risk tolerance of the business.
Document the dependencies, risks, impact and risk management strategies, reasons for any decisions, the decision participants, and alternate solutions, if any.
Monitor and Control the risks throughout the entire project cycle, addressing and documenting any changes.
Respond as quickly and thoroughly as possible, communicating and documenting as things change.
Revisit dependencies, risks, status and resolutions with sufficient frequency.
Identify, discuss and document the lessons learned
We are all moving at such a fast pace that there may be temptation to skip this step, but it's critical for learning, improving and building on what you already know. At the end of the project, identifying, discussing and documenting any lessons learned serves a forward-facing role in being more prepared for the next project.
Who is charged with risk management?
Again, there really aren't any lone wolves in risk management, project outcomes impact everyone involved, and this makes each person accountable for playing a role in the execution of the risk management plan. That said, the project manager serves a pivotal role in identifying, documenting, communicating, preparing for, and managing the project risks.
Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.