It can be hard to talk to stakeholders about risk, but project status reports should include information about the risks faced by the project. Last month risk expert Dr Wilhlem Kross, a partner of Plejades and the Amontis Consulting network, spoke at Project Zone Congress in Frankfurt about real-life risk management. I caught up with him on a slightly different topic: how to talk about risk.
Wilhelm, first we should clarify what we mean when we talk about risk communication. Can you define it for me?
Risk communication is usually defined as ‘any purposeful exchange of information about risks’, or ‘any public or private communication that informs individuals about the existence, nature, form, severity or acceptability of risks’. It has been known for decades that the challenge in risk management related communication is usually not whether a hazard or risk truly exists, but whether or not it is under control. Also, practitioners are generally aware that a difference exists between actual and perceived risk, and that the perception of risk varies with the level of relevant information that is available.
I guess project managers are also aware that the less we talk about risk, the easier it is for stakeholders to accept the mitigation plans.
Yes. Practitioners in the field of risk communication are aware of attempts to divulge just the amount of information that results in the lowest possible fear and related resistance against whatever is proposed.
So what gets in the way of the recipient hearing the real message about the risk, apart from our failure to give stakeholders all the information they need?
Risk management nowadays builds on a good, basic understanding of hazards, failure modes, consequence chains, and a reasonable understanding of probability of failure. Some software tools support risk aggregation through simulation. The controlling perspective has been integrated into numerous standards and regulatory frameworks.
However, numerous soft and almost intangible factors play a role. Risk depends on who and what is at risk, ethics, and the relevant set of values which may vary in the stakeholder community. Risk also depends on the likelihood of loss, whether it is voluntary or involuntary, the point of view (risk perception/attitude), the regulatory environment (compliance), the level of knowledge and the related learning curve, and divestment options.
A lack of robust information persists on consequences such as loss of life, social, environmental, socio-economic, financial, time, intangibles etc, and that the various difficulties in making managerial trade-offs like the monetary value of life or of ecosystems have not exactly been solved. Most jurisdictions are averse to defining quantitative standards such as the value of a human life that would be endangered as a consequence of certain action.
Usually risk management is performed in the absence of robust data on human reliability, and in the absence of professional standards. Risk management is performed with unclear or overlapping definitions, and no agreement on the validity and relevance of standards such as the ‘acceptable’ level of risk.
There must be other factors as well that influence how someone interprets a message about risk.
Yes. Certain common distortions are known to play a role. For example:
- Voluntary risks accepted more readily than involuntary risks.
- Individual control makes it less risky than governmental control.
- Risks that seem fair are more acceptable than the unfair ones.
- Risk factors and related control measures that are introduced and presented from trustworthy persons or institutions are perceived to be more credible than others.
- Ethically objectionable risks seem to be more risky than others.
- Natural risks seem to be more acceptable than the artificial ones.
- Exotic risks seem to be more risky than familiar risks.
Moreover, the media are interested in strong statements. They are more interested in the politics of an issue than in the science of a risk issue, and will most likely cover the human side of the story disproportionally.
So the challenge for the project manager is to make sure that the risk communication addresses all these potential pitfalls and is tailored to the individual receiving the information. That’s quite a lot to ask!
Risk communication exposes decision makers and implementers to numerous challenges that they are not well equipped for.
Does it help to have set standards about communicating, like agreeing the terminology in use?
No. The assumption in risk communication had been that more precise and scientifically agreed upon terminology will improve the translation of findings into enhanced transparency, and enhanced credibility. By increasing certainty, one assumed uncertainty is reduced. However, risk communication usually involves multiple audiences, and involves much more than describing risk analysis and management activities. Watering down technical language in a document fails to treat the needs of the public in risk communication.
Practitioners in the field of risk communication may benefit from an early appreciation of audience dynamics as well as tools to describe and codify risk factors and their respective interdependencies.
Continuing to dogmatically strive for more and more certainty, while desirable for many reasons, may not be the answer to reducing uncertainty sufficiently to make decisions for ourselves and others – which in effect is a new evolving paradigm change compared to those risk communication techniques which had been useful for many years.
Next week, Wilhelm and I continue our discussion and talk about how project managers can communicate more effectively about risk.