What are project risks, and why do we manage them? In simple terms, a project risk is one answer to the question, “What could go wrong?” If you can anticipate potential problems that would impact your project’s quality, budget or schedule, taking steps to prevent them makes a lot of sense. Additionally, having a backup plan in place amplifies your ability to recover should one of those risks become real. Thus, risk planning greatly increases your overall potential to lead a successful project.
“No battle plan survives contact with the enemy.” – General Colin Powell
I say it a little less dramatically: “If you don’t have a Plan B, you don’t have a plan.” (Yes, you may quote me…) Let’s walk through the four easy steps to building a risk management plan. These steps are based on straightforward questions, which in my experience add a level of clarity that is sometimes missing.
1. List potential risks. To build this list, simply ask “What could go wrong?” or “What if…?” As you brainstorm the list with your team, assign a probability for each. You don’t need to get fancy or over-think it. Just give it your gut feel on the first pass. You can always adjust it later. Make it easy. Is it likely, or unlikely? Is the chance of this occurring high, medium, low? That is plenty of detail for this approach.
2. Establish a mitigation plan for each risk. For each item on your list, ask “How do you prevent that from happening or at least lessen its likelihood?” The answer to this question is your risk mitigation plan for that event. Reducing the likelihood of a detrimental event occurring is the ideal risk management strategy. Prevention is better than remedy every time.
3. Develop a Plan B. Ask yourself, “If that event does occur, what is Plan B?” For the high probability risks, you will want to have a Plan C too. Document the backup plan! Now take a quick look at the big picture. How likely is it that Plans A, B (and C) would all fail? That should be very unlikely, which means you have reduced the risk of failure!
4. Assign a risk monitor for each item. “Who would be the first to know?” That is your responsible person. That person is to monitor and report to the project manager immediately should a risk occur (or even be anticipated). If something goes awry, the risk monitor is your first line of defense. This does not mean everyone else can abdicate responsibility for monitoring risks; the whole team is responsible, especially if something happens that is (dare we say) unforeseen.
So how do you document steps 1 through 4? There are numerous templates and tools available, so search around and choose one that seems a good fit for you and your organization. At a minimum, the risk log should include the following categories:
Description of risk
Probability
Mitigation plan
Plan B (the backup plan)
Assigned risk monitor
Additional fields that may be beneficial:
Risk identifier (just a sequential numbering system will work. I use R-1, R-2, R-3, etc.)
Current status (active or inactive)
I’d like to express one more thought concerning risks versus issues. In practice, risks and issues can get muddled in the minds of team members. This is especially true in organizations with less savvy project team members. For this reason, I include a simple distinction within the narrative portion of my project plans. Simply defined, a risk has not yet occurred, but an issue is happening right now. Then I elaborate a bit further just to confuse them a little (I’m kidding): So, if a risk comes to pass, it can be considered an issue, but an issue does not have to start as a risk–it might be unforeseen.
So there you have it, four simple steps and the elements of a log to document your risks. Use these steps as outlined to reap the benefits of this oft-neglected area of project management. Here is what you get for investing the time to develop a predetermined set of risk management actions:
increased likelihood of successful project completion
saved time that would otherwise be used figuring out what to do when something goes wrong
documented plans and strategies for future reference
increased confidence in the overall project plan
increased control of the project
And as if all these benefits were not enough, you will surely look like a hero if something does go wrong and you have the backup plan all lined up and ready to deploy.