“We try to convey the earnesty and legitimacy of risk management by communicating as if it were a science,” said Mark Engelhardt, senior lecturer at IIL, during his presentation at PMI Hungary’s Art of Projects conference last week. “The problem is that risk management is far from being a science in most of our industries.”
He said that no project management process is lived as it should be if the project team doesn’t understand the process, know how to implement it effectively and it is not supported by executive management.
“What’s the point of filling out anything if nobody’s going to do anything with it?” he asked. “You can’t implement a process or use the vocabulary if upper management doesn’t understand or use it.”
Why aren’t we doing risk management well?
Mark said that in his experience project managers don’t do risk management effectively because:
- It’s too complicated
- It’s too academic
- It’s time consuming
- Nobody cares
- It’s a mighty scientific process that they don’t feel worthy to take part in
- They don’t want to sound negative
- They are intimidated by it.
There is key data missing, he said, in our ability to manage risk management as a science. We don’t always have:
- Legitimate data
- Historical data
- Proper transparency
- A culture of honesty
- An understanding of risk sensitivity
- An appreciation of the value of risk management
Airline, hotel and insurance industries take a scientific approach to risk management because they’ve got the data to support that. In projects, more often than not we don’t.
Ignoring risk management makes you look stupid
Awareness solves most of your problems.
– Mark Engelhardt
“Awareness solves most of your problems,” Mark said. A problem is something that is not documented: it becomes a risk or issue once it is written down and is being actively managed. Talking about risk puts you in a better position to do something about them especially, as Mark pointed out, “most of our executives are too far remote from the rest of the team.”
Mark said that around 40% of the things we identify as risks actually fade away without project managers having to take any action at all. Another large chunk of the content on your risk register is a by-product of the ‘way we do things around here’ and you won’t be able to take any action because you are up against corporate culture. Only 3% of risks, he estimated, turn into something explosive.
Risk management is easy
At its simplest level, project risk management is straightforward. You don’t need Monte Carlo simulations or decision trees. You only need, Mark said, a spreadsheet with some columns covering:
- An identifier
- An explanation of the risk
- The impact of the risk
- The actions you are going to take
- The name of the person owning the risk
- The date you expect the action plan to be completed by.
The alternative is paralysis and a failure to adopt even simple risk management practices. The small action of talking about and documenting risk is better than doing nothing. “Sometimes guesswork is better than no risk management at all,” he said. “As long as you are acting on it it’s OK that there is risk out there.”
Do you opt for simple or more complicated risk management practices? Why? Let us know in the comments.