Thinking Like a Risk Manager
Article 4 in a Series on Risk Management
By Glen Alleman

Now that we have a framework to speak about risk management, how exactly are we going to “manage” the project? First, let’s revisit a quote from Tim Lister:

Risk Management is How Adults Manage Projects

My apologies for restating this particular quote so often - but I’m wanting to make a point… Risk management is a significant concern in almost all large projects today. Professional project managers on large projects need to take the concern seriously.

If we’re not managing the project through the processes described previously (in the third article), then I’d say we’re not really managing the project - we’re observing the actions of those doing the work on the project and recording their performance. This is a common behavior for both project managers and stakeholders. It’s a “What I don’t know can’t hurt me” type of management style. 

Is it a wonder why a growing percentage of projects - especially IT projects - are considered troubled?

So what are the specific steps needed to start managing projects as “risk managers”?

1. Install a risk management system. Pick one from the list in article 3 of the series. Pick one of your own, assuming it has most of the attributes of the DoD and SEI frameworks. But have a risk management process. Make it part of the project chartering activities. Make the risk management process part of the corporate and project governance processes. This “governance” approach connects business process with project process.  
2. Identify the risks and have their mitigation or retirement in the project plan. If risk is not visible, addressed, handled, and retired, then you’re not doing risk management.  
3. Have the “risk retirement” chart be part of the weekly or monthly project status report.  

Note the key points contained in just four short words in step #2:

• Risks must be visible - if they’re not, you won’t remember that they are out there with a certain probability of occurring and impacting the project. 
• Risks must be addressed - that is, you must have a plan how to avoid or mitigate them unless their probable impact on the project is so low that they can be ignored. 
• Risks must be handled - by taking the planned risk response action. 
• Risks must be retired - once the danger of the risk is past, or once the risk responses have fully mitigated or avoided impact on the project. 

<< Previous    [1]  2    Next >>