By Vanessa Richardson

May 18, 2016

Five Questions For Determining If Project Risk Management Is Working For You

“We have spent over $500M out of an $875M project. We are two months behind, and I am afraid my prime contractor isn’t providing a true estimate of what it will cost to bring the project in or how long it will take to finish. Can you help?”

I’m often asked to come in after a project is in crisis. Among the first questions is usu

ally how can we prevent this from happening again? I’m fortunate as my clients are a step ahead. They’ve called me because they realize the key lies in risk management. I'm reminded that how well project teams approach risk management is more important than creating a risk register or checking the proverbial risk management block.

When performed well risk management unites teams, spurs innovation, gains  senior management's confidence, gathers support for project decisions, and yes, it saves times and money.

When performed poorly, project teams may view risk management with skepticism or even suspicion. Ultimately it wastes time in that project teams go through the motions without capitalizing on the benefits.

So how do you know if risk management is working?

Not everyone needs a Lamborghini to get from point A to point B; for most trips, my little 1998 two-door Ford Escort will do the trick nicely. It won’t however transport my scuba equipment without smelling like wet neoprene for weeks – trust me, not a pleasant odor. That’s a job for my truck. Just as true, risk management processes should be scaled and tailored appropriately for the project. Every project need not check every single block as defined by ISO 31000 or PMI in order to safeguard its objectives, schedule, and budget. But every project will benefit from risk management. The dirty little secret is that every project team performs risk management, but not every team reaps the benefits or is even aware they are doing it.

Here is a list of five questions to which every project should be able to confidently answer Yes.

1. Has the team identified and documented risks to project objectives (often risks are documented in a “risk register”)?

This is usually a document project teams can easily produce in some form or another.

2. Does the risk register reflect up-to-date information on all of the following

   - One point of contact for each risk,
   - Cause or source of the risk event,
   - Defined risk event,
   - Potential impacts (probability and severity) for the consequences / benefits for each risk (benefits should be listed for opportunities or 

     “good risks”),
   - A deliberate decision to avoid, mitigate, share, or accept risks, and
   - Preventative and responsive measures for risks to be managed?

This is often harder to verify. While most project teams have documented risks, they are often vague or list consequences without justifying why this risk is important enough to spend time and resources managing. For example, I often encounter, “Schedule Delay” as a risk. Schedule delay is a consequence, one which we might care about or one which may not be so important as another risk. Without some context around the delay we can’t determine how to manage this risk.

3. Do project team members understand their roles and/or responsibilities for managing identified risks?

If not, there will be missed opportunities, wasted time, and unrecoverable dollars - all while employees are doing their best to be successful. That spells frustrated project teams and unhappy stakeholders.

4. Do projects regularly report on risks?

Risk reporting should focus on answering why. Why there is a variance from an estimate. Why do we need to set aside this contingency. Why this decision over another. Top performers are going to incorporate risk into the descriptive portion of reporting, rather than limited to a distinct “risk” section of the report.

5. Does senior management trust project reporting and support project decision making? 

With consistent messaging from one month to the next, minimal surprises, and project leaders basing decisions on the organization's priorities, senior management can confidently rely on the information and alternatives their projects report.

As you read through these questions ask yourself the flip question – would your organization benefit from being able to answer yes to these questions? How much better would project teams perform if folks felt comfortable with their roles and responsibilities? Would fewer surprises every month gain support throughout the organization for the project funding and/or decisions? The benefits of a well-defined risk management process lie within the questions themselves.

If your project teams struggle to answer yes to any of these questions, they may benefit from improving the approach to project risk management.