Hi – last week I shared a post on project governance – what I've learned from my experience as a Technology PM for a big 4 consulting firm. This week I'm sharing my key learnings on risk management:
(This is just my view – I’m sure you all have other experiences and tips and it would be great if you could share your learnings below)
Risk Management needs to serve the workstreams/teams, not be a burden. Often raising risks and providing risk updates is a burden for the project team. It's extra work and sometimes a risk will be escalated and little direction is received in return from project leadership. Leadership should be proactively looking to unblock so teams can deliver, and should quickly reacting to new risks being raised. Risk Management needs to be a loop that serves the teams/streams, as opposed to a one way reporting process that leads to little action.
Risks need to be owned by people who are empowered to do something about it. Risks rated as high impact should be owned by individuals with the decision making authority to make decisions e.g. changing course, investing in contingency, delaying or accelerating the project. – this will include the project lead owning risks with that really have potential to stop the project
Regular full reviews should be scheduled with appropriate attendance. This should include the project lead and project manager, with the aim to reassess the risk, decide if mitigation actions have been completed and if further action is required. Risks need to be closed where possible – don’t let your risk log get out of control – It will become a burden / blocker and prevent you from dealing with risks appropriately
Risk Management should be included in your engagement / stakeholder management. Ensure stakeholders are aware that you understand your risks and that you’re mitigating them appropriately. This is a good way to assure key stakeholders and give them confidence the project is well managed.
Commit time, resource and capacity to risks and issues, and more generally, things that go wrong. It's easy to forget just how much can go wrong, how much will need to change, and much replanning you may have to do. Ensure you have capacity to deal with issues and appropriately analyse the impact of risks on the project. This will help to make more informed decisions on mitigation actions, and generally lead to a more successful project.
You’ll know your risk management is working if:
- Your team understand the risk reporting process
- Your team feels like when raised, risks and issue are dealt with appropriately
- A risk raised by a team member is actually already being mitigated by leadership
- Decision making takes risk analysis into account
- Stakeholders are aware of the key risks and issues affecting the project and how you're dealing with them
Also sharing a template below that I use for Risk Management – It’s a simple risk log with Risk Matrix and overview of graphs that shows Risks by stream. This may be helpful to use as a starting point but of course your needs will vary depending on the project. Feel free to make a copy or download to ppt.
PS. Is there any other online forum groups that would appreciate this kind of learnings write up?