I am amazed by the number of project management commentators who flatly refuse to recognise that risk = uncertainty that matters and that uncertainty can be positive or negative (ie, it’s uncertain).
The latest commentator in a long line of negative thinkers is Michael Hatfield in PMI’s Voices on Project Management blog. His approach to risk suggested in ‘PMBOK® Guide for the Trenches, Part 4: Risk’ is simplistic and assumes all uncertainties are negative…..
There are numerous problems with this simplistic view of the world:
- Firstly the same risk – a future uncertainty – can have both an upside and a downside. Failing to manage the upside equates to guaranteeing failure (or at least missing opportunities).
- Future weather conditions are a risk; they could be good or bad. A major motorway near my home town was finished months early and under budget because they were lucky enough to build the project at the tail end of a 10 year drought. The last few months have had above average rain. If the people building the road only worried about the ‘downside’ risk the road would only just be finishing now.
- A similar example is the management actions taken to accelerate work on the Panama Canal through the GFC to take advantage of then upside risk of lower construction costs.
- Second, the environment around projects does not stop changing just because someone has signed off a cost performance baseline. Ongoing risk assessments are critical to avoid surprises; good or bad! The more warning of changed circumstances the project team have the more likely they are to manage the situation effectively.
One of our key areas of expertises is stakeholder management – each stakeholder can be a threat to the project if badly managed and a supporter if well managed. The Stakeholder Circle® methodology has been explicitly developed to first prioritise stakeholders then focus on the important high priority stakeholders to achieve an optimal level of support to allow the project to succeed (for more see http://www.stakeholder-management.com/)
Where we do agree with Michael is on the mumbo jumbo of statistical paralysis many so called risk management systems bog down in. The purpose of risk management is to identify opportunities and threats and then actually do something about them. Recording risks in a risk register and then qualitatively and quantitatively analysing them is a complete and total waste of time unless someone actually takes action. This is the focus of our ‘How To’ build a Risk Management Plan workshop – yes we have a cute Excel risk register but the purpose is action not documentation.
The biggest weakness in the current version of the PMBOK® Guide is the total omission of a process for treating risks. The idea of risk treatment is implied, but not overtly set out as a process, which allows people to think identification and analysis is the end game. Unfortunately managers need to make decisions based on the risk assessment and then take actions if risk management is going to deliver any benefits at all. Hopefully the 5th Edition will fix this.