SigmaPro Blog
SigmaPro is a leading global provider of Lean Six Sigma Training, Lean Six Sigma consulting and business improvement programmes designed to help organisations achieve breakthrough performance improvement.
Managing Project Risk
- Font size: Larger Smaller
- Hits: 7610
- 0 Comments
- Subscribe to this entry
- Bookmark
If you are not involved in projects, on the face of it, it would seem easy to achieve a goal: decide what the goal is, acquire the resources needed, plan accordingly and hey presto the objective will be achieved! But a quick review of statistics on the internet indicates that you may have a harder time than you first thought. Here are just a few of the statistics available:
- 50% of respondents indicated that their project failed to achieve what they set out to achieve (KPMG survey of Project Management practices in New Zealand)
- Only 40% of projects meet schedule, budget and quality goals (IBM survey of 1,500 change management executives)
- 37% of business process change projects fail to deliver benefits (Logica Management Consulting Survey of senior executives in western Europe)
- 70% of respondents had been involved in a project they knew would fail right from the start! (Dr Dobbs Journal email survey)
So, why is that the statistics are so poor? There are of course many and varied reasons why projects fail, but in almost all cases, if a project fails, the risk of failure must have existed before the actual failure occurred. Either the risk was not identified, or the risk was not properly analysed and its seriousness misunderstood, or the planned action to reduce the risk was not appropriate, (or did not even exist), or the action was not correctly implemented during the project.
The point is that the risk existed before the failure occurred, so a key component of more effective project management is to understand and manage risk.
The American production and inventory control society took a light hearted look at project risk with their laws of project management (see below), and anyone that has been involved in projects will be able to relate to at least some of the laws!
Some people will argue that risk management is a waste of time because “we can’t know the unknowable”, and risk management will therefore not ensure that our projects will be completed successfully on time and in budget. One of the most interesting statements in the laws of project management above is that “A carelessly planned project will take three times longer to complete than expected, a carefully planned one only twice as long”, we can apply the same logic to risk management; it won’t eliminate the risk of failure, but it almost certainly will reduce the risk of failure.
Tom Kendrick, in his book Identifying and Managing Project Risk, identifies three basic categories of risk:
- Schedule
- Scope
- Resource
In fact at Sigma we would add a fourth category, that of Stakeholders, because in improvement projects this is such a crucial part of planning for success, and in our experience actually the biggest single reason for projects failing is not lack of tools or resources, but failure to manage the stakeholders.
We would propose a four step approach to dealing with risk in improvement projects.
- Identify
- Analyse
- Action
- Manage
The first stage is to actually identify the potential risks. This is ideally done in a team environment, with a brainstorming approach. The team should use the four categories of schedule, scope, resources and stakeholders as a starting point and expand on this. Another tool that is useful is risk breakdown structure (RBS), which is an hierarchical representation of risks, starting from a high level and going down to lower level risks. For example, start at the top level with the four categories of schedule, scope, resources and stakeholders then go to lower levels such as scope creep, pressure to modify and so on. The team can keep subdividing the risks into lower levels as long it makes sense.
Once the team have identified the risks, the second stage is to Analyse. There are two parts to this; the first is to identify the potential cause of the risk. This is similar to the technique used in Failure Modes and Effects Analysis. This step is often overlooked in risk analysis, but it is important if risk management is to be effective. An Ishikawa, or fishbone diagram can be used to help determine the potential causes of risk of required.
Once the potential causes of risk are identified, then the team needs to consider two factors: the likelihood of occurrence and the potential impact of the risk if it occurs. Both of these can be scored marks out of 10. A scoring method which multiplies the Likelihood (L) of occurrence of a particular risk with the Impact (I) caused by the risk allows both factors to be considered together in one index. The resultant number is called the risk priority score. This method allows teams to objectively analyse risks and prioritise them by the order of their scores.
A template for doing this is shown below.
The third stage is to Action, or action plan for the causes of risk identified with a high risk priority score. The four main ways of handling risk are:
- Avoid - Take action to avoid the cause of the risk
- Mitigate - Define actions to take to lessen the impact when the risk occurs
- Transfer - Have someone else handle the risk i.e. insurance
- Accept - Identify the risk as acceptable and potentially let it happen.
Determining which option to choose is a primarily financial decision, but time schedule and resources available may also be considered. The template illustrated above can be extended to include action, type of action, and of course responsibility and timing.
The fourth stage is to Manage, manage the action plan created during the project in the same way as any other action points defined as part of the project, and ensure that any new risks identified are tackled in the same way. A risk register is a good way of doing this; the template already shown can be used for this purpose.
There is also an assortment of activities that Project Managers can do to align the project team and reduce risk generally. These include:
- Provide documentation that gives general best practices for a project, cautioning that quality, not quantity, is the measure of success
- Hold a project start-up workshop to get alignment of all participants to the project goals and educate them on the challenges ahead, in particular the risks!
- Determining appropriate metrics for the project ensuring they are not too onerous, and affect behaviour in a positive manner.
- Making regular use of tools such as GRPI, (Goals, Roles, Processes, Interactions) to ensure team alignment and co-operation.
- Effectively managing stakeholders with action planning to improve support and regular communications
- Holding Regular project reviews with the team that include monitoring and updating of the risk register and action plans.
In summary, project failure is all too common, and part of the reason for this is poor management of risk. However, risk can be managed using a four stage approach of Identify, Analyse, Action and Manage. If this is done then risk will not disappear but the likelihood of occurrence and the impact can be significantly reduced, with the result that projects are more likely to be successful.