Risk Management
Management attitudes and principles
Let's take a look at some of the management attitudes that run counter to effective risk management and indeed themselves introduce risk to a project.
| Attituse | Impact |
|---|---|
| Extreme risk aversion | Procrastination in decision making. This often means that some possible options/opportunities are no longer feasible. Setting risk threshold of acceptable activities so low that the organisation is incapable of change. |
| Pass the buck | Related to the above. Inability to reach closure on difficult decisions. Issues discussed regularly by a range of committees without progress. Decisions not documented and followed through. |
| No news is good news | The belief that a project manager causes a risk or an issue simply by reporting it. Encourages people to report only good news. Often risks/issues aren't noted until it is too late to deal with them effectively. |
| Knee-jerk reaction | Tendency to deal with symptoms rather than causes and to deal with the immediate and specific rather than the systemic.* |
| My minds is made up | Inability to review or reverse past decisions in the light of changing circumstances. |
| Shoot the messenger | The 'Don't bring me problems' approach. Inability to cope with the identification of risks that don't have an obvious solution. |
| Make it so | 'Don't be so negative'. The belief that a poorly conceived or inadequately resourced project can be made to succeed by sheer force of will. |
*There is a mathematical phenomenon known as 'regression to the mean' that is relevant to the management of change and hence the sort of situations we are looking at here. It states that in any change situation, such as a project, there will be ups and downs. This could be represented as a graph.
Where the project reaches its lowest ebb, as indicated on the diagram, management often takes a reactive 'knee-jerk' decision. This invariably addresses a symptom not the root causes of the problem. For a while it may look as if the 'decisive action' has worked as the graph starts to go up again. What is actually happening is simply regression to the mean. The situation had got as bad as it was going to get and would have begun to level out whatever happened.
We will look in more detail at how to build risk or 'real world' scenarios into plans, suffice to say here that mature organisations must accept risk as an integral part of project activity. Risks must be identified and managed and we must accept that this takes time and costs money.
We can't simply blame 'bad luck' when things happen unexpectedly, at the worst possible moment and cost money we don't have. Risk management is about identifying what could occur and developing a planned response that is factored into the project plan and budget.
Essential management principles
Carnegie Mellon University Software Engineering Institute has a useful website on risk. It has identified seven management principles essential to effective risk management and the following table is adapted from those principles:
Corporate perspective
- Viewing developments within the context of strategic goals
- Recognizing both the potential value of opportunity and the potential impact of adverse effects
Forward-looking view
- Thinking toward tomorrow, identifying uncertainties, anticipating potential outcomes
- Managing project resources and activities while anticipating uncertainties
Open communication
- Encouraging free-flowing information at and between all project levels
- Enabling formal, informal and impromptu communication
- Using processes that value the individual voice (bringing unique knowledge and insight to identifying and managing risk)
Integrated management
- Making risk management an integral and vital part of project management
- Adapting risk management methods and tools to a project's infrastructure and culture
Continuous process
- Sustaining constant vigilance
- Identifying and managing risks routinely through all phases of the project's lifecycle
Shared vision
- Mutual vision based on common purpose, shared ownership and collective communication
- Focusing on results
Teamwork
- Working co-operatively to achieve common goals
- Pooling talent, skills and knowledge
In considering the above principles it is interesting to note the observation from Carnegie Mellon University (op cit) that
While there are no prerequisites to performing risk management, it is more effectively practiced by organizations or projects which have acquired some degree of maturity.