Whenever an organization embarks on a project, there will be a variety of different threats that this project will face. Some of these will come in the form of circumstances which are unforseen, and they could cause the cost of time of the project to explode.
While project managers and risk owners can take the time to address and alleviate as many potential risks as possible, the reality is that it is impossible to consider every possible scenario that could occur. While risk management is typically seen as a solution to these threats, it can be either overdone or even underdone, and if this occurs, the risk management plan may be a liability as opposed to an asset.
In the most typical scenario, a project may have as many as 300 risks which are associated with it, but the vast majority of these risks are not very relevant to the given project. In many cases, these risks are factored in simply because no one wants to be blamed for not listing them in case they occur. At the same time, 300 risks is far too much, and it is next to impossible to manage them all in an effective manner.
While some risk owners and project managers may think that having a high number of risks protects them, the truth of the matter is that they often do not, and can do more harm than good. On the opposite end of the spectrum, any project which has less than ten risks is considered in my book to be too little. Too many possibilities are left out.
Unfortunately, what many project managers fail to realize is that the greatest risk to their projects are themselves. If you set up a risk management process which is ineffective, you put the entire project at risk. While it is important to be in control of the project at all times, you do not want to make use of a risk management strategy that is greatly lacking.
There are a number of mistakes that many project managers and risk owners are making today when it comes to the managing of project risks, and these failures have caused projects to fail, when they could have succeeded if the time where taken to develop a risk management strategy which was truly effective.
Mistakes Project Managers Make
The first thing that I want to note about the vast majority of risk management procedures is that they are not actually processes. They have a tendency to miss those risks which are obvious, like the issue of whether or not the team fully understand their requirements. While this may be surprising to many, there is a lot of truth to it.
Many project risk management measures also fail to consider risks which I consider to be dynamic, risks that may change during the duration of the project, and which are often the risks which are the most dangerous. A classic example of this type of risk is those which involve competency. It is also dangerous to miss any risks which are external to either the organization or project.
Many of the risks are external are extremely dangerous, and have the ability to either make the project obsolete or destroy it outright. Some examples of these risks include modifications in the structure of the organization, as well as the elimination for the department for which the project was designed for. While these occurrences may seem as if they do not occur often, the truth of the matter is that they do.
Risk management plans are also lacking when they do not take to account for the complete risk profiles that may be measured in an effective manner over a given period of time. It is important for these to be compared in an objective way across multiple projects, because this allows you to manage the risks of all of them simultaneously.
Risk management is critical at both the governance level and the project level, and if your risk management plan does not address this, then you should consider it to be a failure. The best solution to the many problems that I have discussed so far in this article is to create what is called a risk model that is eight dimensional. This model will make sure that each of the different risk types are covered, and that the personal exposure to risk has also been considered as well. Paying close attention to the risk profile is very important, and this can give you the ability to deal with any contingencies or problems that may come up, particularly over an extended period of time.