There are many methods for risk management in the project environment. However, only few of them are actually used. All the while, the press keeps covering failed and failing large-scale projects.
Perhaps, you experience failures in everyday project management yourself which better risk management could have prevented.
This article will introduce you to a few techniques from the tool box for risk management in project management. Furthermore, you will find a few important practical tips that you should keep in mind for successful projects. Look forward to the following chapters:
- Risk management definition
- What are examples of risks in projects?
- Risk management example
- What are risk attitudes for projects?
- Risk management example and key tasks
- Risk measures for risk response in projects
- Conclusion – Risk management in project management
First, we will start with the definition of risk management and the assessment of what makes risk management in project management important.
Enjoy reading.
Risk Management Definition
Risk management is a management task in which the risks of an organization are identified, analyzed and later evaluated. To this end, the organization’s higher-level objectives, strategies and policies for risk management must be defined. In detail, this concerns the definition of criteria according to which the risks are classified and evaluated, the methods of risk identification, the responsibilities for risk decisions, the provision of resources for risk defense, internal and external communication about the identified risks, and the qualification of staff for risk management. (Source: German-language Wikipedia)
The worldwide professional association Project Management Institute (PMI) defines “risk” as events with uncertain occurrence. Hence, besides threats the term also includes chances.
Risk management in project management is meant to increase the chances of achieving the project goals. At the same time, the risk of project failure is to be minimized. Professional risk management is an iterative process. It requires the constant review of realities, the reassessment and adjustment of measures and plans.
What Are Examples of Risks in Projects
For instance, the following risks might have to be managed in the project environment:
- Economic losses
- Damage to company reputation
- Dangers for health and life of product users
- Schedule delays
- Technical problems
- Definition of project scope
- Resource scarcity
- Quality problems, etc.
Yet, in everyday project management the opposite effect can occur only too quickly: possible high-impact risks go undetected, are forgotten or ignored. Better not to think about what could happen.
Does that sound familiar?
Practical experience has shown that overlooking risks in the project environment is dangerous. This applies even if risk management is not mandatory in your organization. It can get dangerous if health and life, monetary factors or the company reputation are at stake in a project.
The well-conceived establishment of risk management helps lead projects to success.
Good project managers try to identify risks and plan how to handle them.
To what extent project managers actually implement measures and which measures they decide to use, depends on the industry and the individual company culture among other factors.
By the way: the uncertainty inherent in a project can be a risk factor in itself.
Risk management in projects should take place during the kick-off workshop.
Risk Management Example
Often, undesirable long-term effects are lurking in the shadows, even in cases with seemingly manageable project risks. Here are two short risk management examples:
- Example 1: Essentially, the project for the new development of customer satisfaction surveys was not a big thing. However, later, it became apparent that important questions had been forgotten and now data for evaluation is missing…
- Example 2: The online form generates errors and brings more frustration than satisfaction to customers. This results in more and more of them turning elsewhere…
With risk management and a more mindful approach beforehand, the project participants might have avoided these kinds of risks after all.
For this reason, there are means and methods of effective risk management. In some cases, project success can hinge on their use.
Learn what makes projects successful in our article about Project Success.
What Are Risk Attitudes for Projects
You can ask yourself: As a project manager, am I rather:
- Risk-averse (unwilling to take risks)?
- Risk-tolerant (not likely to dwell on risks)?
- Risk-oriented (taking risks consciously)?
Studies have shown that many project managers as a rule are rather risk-averse – except when they have to navigate their project through an acute crisis. Pressure to succeed and be on schedule often do the rest.
In principle, there is nothing wrong with acting cautiously. However, it is important not to miss out on big opportunities for this reason.
The better approach is to have analyzed risks as closely as possible before taking a decision on how to deal with them.
Example: “Is our only reason not to roll out the new software throughout the company that we are unsure about the effects? Or have we assessed the risks carefully and drawn up an appropriate schedule – in other words, do we know what we are doing?”
Our tip: Be aware of both your company’s and your own risk attitude. This should be clear before you plan your risk management in project management. And make sure you communicate any deviations from the standard process actively and with a sound justification for the respective project situation.
Risk Management in Different Industries
Naturally, your industry also plays a vital role in risk management. Highly regulated and often risky environments, such as the finance sector, will always tend to be more cautious. They also have to demand a certain approach from their project managers.
Subscribe to the TPG Blog Newsletter now and never miss another blog post.
There are industries in which the lives of the users could be at risk in projects and with products, for instance the aeronautical, automotive, or in some cases the construction, industry. They tend to involve calculated risk management for this reason alone. In their case, the responsibility is very high.
Likewise, project managers tend to implement projects carrying a high risk of damage to reputation for the company with more caution than those in which the good reputation is not particularly at risk.
Special Download: 10 Vital PMO Success Factors (PDF file)
Please fill in the form.
* Required Fields | Data Protection
Risk Management Example and Key Tasks
Project managers looking to handle risks in a professional way must make sure they have a full toolbox first and foremost. Below, you will get to know a few of these techniques.
Task 1: Risk Identification
To identify risks, you need techniques that trigger creative thought processes. You can:
- Check project documents
- Call meetings with stakeholders and experts
- Organize brainstorming sessions
- Create checklists
If that is not enough and there is reason to suspect that several important risks might yet be unidentified, the Delphi method might help.
With the Delphi Method, the project manager surveys a group of experts individually and anonymously. Should there be a stark difference between the responses, you communicate them to all involved. This is intended to spur discussion. You repeat the procedure until the statements no longer diverge as much.
The benefit of the Delphi Method is that it helps you ensure that:
- Everyone speaks their mind openly
- No one is swayed too much
- No one takes a backseat either, e.g. because others may appear to be dominant
Nominal Group Technique: The Nominal Group Technique is used for similar reasons: it works in the same way as brainstorming. However, rather than everyone calling out their idea, they take it down on a piece of paper. These notes are collected afterwards. This helps you ensure that quieter voices on your team will also be heard.
SWOT Analysis: If you are working in a project with high uncertainties and are breaking new ground as a team, you might find an analysis of the strengths, weaknesses, opportunities and threats (SWOT analysis) helpful. With the aid of the four dimensions, you consider in which areas you as a company or a project team are good and where you still see potential for improvement. From this, you derive risks for your project.
Pre-Mortem Approach: Another interesting practice has been tried and tested in agile projects: in the pre-mortem, teams imagine their project as failed already and ask themselves what might have happened and why.
As opposed to the post-mortem approach, i.e., the project autopsy after the failure, this event takes place at the beginning of the project. From this, they derive recommendations for action. The intention is to prevent the failure of the project, if at all possible.
Agile, traditional or hybrid? Which method to use for what project. Read now.
Brain scientists were able to prove that the change in perspective (we imagine we were already in the future looking back) leads to participants engaging in scenarios much more closely and creatively than mere predictive brainstorming.
Our tip: Whichever method you end up picking in each particular case: at the end, you should come out with a risk register, i.e., a list of identified risks in your project.
However, be aware that at this stage there may still be unidentified risks. You will not be able to predict all. Use the risk register document e.g. for the communication with stakeholders. Or use it to diminish the risk of losing sight of project risks.
Do not forget to keep checking and updating the risk document at regular intervals. You should also write down strategies for handling each of the risks in the document.
Our tip: To avoid planning redundant measures in risk management, it is worth analyzing the root causes. You may find a common cause for several risks. You could try to fix this and thus master several risks at once.
Task 2: Risk Analysis and Visualization
Your next step in risk management could be a qualitative risk analysis.
This is a way of classifying and weighting the identified risks. Thus, you determine the urgency, possible effects and the priority.
You can further analyze those risks which you deem to be most dangerous for your project.
For this purpose, there are several detailed diagram techniques, such as:
- The tornado diagram for visualizing the estimated effects
- The Monte Carlo simulation for acting out scenarios with a random generator
- Decision trees for narrowing down possible measures
- With a risk matrix, you visualize active risks in a colored matrix of impact over probability. The risk table makes the communication within the project team easier for you. This tool can help you present the risk situation clearly to project sponsors or the steering committee. The graphical visualization in the risk matrix supports project managers in setting priorities and developing response strategies for the risks as will be described further below.
Learn more about reporting and the risk matrix in our Project Status Report article.
Monetary Risk Analysis for Creation of Reserves
When it comes to risks, it is particularly important to keep an eye on possible financial losses and cushion them if necessary. In general, you have the opportunity to calculate the expected value of risks using the below formula.
Expected monetary value = probability of a risk (%) * expected financial impact
From this, you can derive possible risk surcharges, i.e. reserves created for identified and analyzed risks.
Top management, on the other hand, maintains more general reserves for anything that might occur without being previously identified.
Our tip: The sooner you address a risk in a project with risk management, the more budget-friendly and effective the solution will be. Thus, address risk issues at the very beginning, if a project is of high importance to your company.
Task 3: Planning Risk Measures in the Case of Risk Acceptance
The creation of risk surcharges and reserves is a form of active risk acceptance. The occurrence of a risk is put up with, but not without making provisions.
If the risk does not materialize, the reserves will be released.
Risk Measures for Risk Response in Projects
The following is true of risk management in project management: what type of measure is suited to which project risk, will result from the analysis and the actual options in any situation.
Frequent types of risk measures are:
- Avoidance / Prevention (eliminating or evading the danger)
- Mitigation (reducing the probability of occurrence or the extent of the damage)
- Transfer (transferring responsibility to a third party, such as an insurance company)
- Active acceptance (arranging for risk surcharges and reserves)
- Passive acceptance (doing nothing)
- Escalation (asking management for help)
Passive acceptance (outright acceptance without taking action) can be an adequate reaction to some risks for you. Other risks may require the provision of reserves, the purchase of insurance, the involvement of top management or further measures from you.
It is important to make the decisions on the treatment of risks on a carefully considered basis. To this end, you have to identify, analyze and judge risks in advance – i.e., live risk management.
Equally important, if not more, is the understanding that it is not enough to look at risks only once at the beginning of the project. Professional risk management is an iterative process requiring the constant assessment of realities, reevaluation and adaptation of measures and plans.
Our tip: Give thought to possible risks in your projects on a regular basis. It is not enough to do this only at the beginning! For risks with high impact and high probability of occurrence, you should always have specific measures planned. Communicate these openly. And check periodically if these measures are still adequate.
Conclusion – Risk Management in Project Management
This article has outlined why active risk management is useful in projects and which threats it can help avoid. It can get dangerous if health and life, monetary factors or the company reputation are at stake in a project.
In addition, you have become acquainted with several methods for risk identification and assessment, including agile techniques.
Professional risk management in project management is feasible if you know a few tricks and tweaks. And it is worthwhile: if you actively identify, analyze and communicate your risks, irrespective of industry and risk-taking propensity, you will be able to look back on more project success.
Have the courage to approach this topic! It will certainly pay off for you straight away once a theoretical risk becomes reality.
Our final tips
Get to know the individually adaptable “PPM Paradise” – the optimal environment for your enterprise-wide project, program, portfolio and resource management. Download the eBook now (just click, no form).
And sign up for our bi-weekly blog newsletter to make sure you receive all our updates.
Is there anything you want add on the topic of risk management? What gives you a headache? We’ll be happy to respond to your comment below!
About the author:Antje Lehmann-Benz, PMP, PMI-ACP, PSM expert is a trainer for project management with a particular focus on agile practices and Scrum seminars. Furthermore, she has experience as a software trainer (JIRA, Confluence) and consultant. In addition to teaching frameworks and theory, she is experienced in the use of agile games and practical exercises to reinforce the knowledge gained.
Read more about Antje Lehmann-Benz on Linkedin.
