Basics: Project Risk Management
Guest Post by Rod Farrar (first posted on CERM ® RISK INSIGHTS – reposted here with permission)
The project management body of knowledge generally focuses on scope management, time management, and cost management. Risk management generally comes in at about 8th place out of the ten.
However, risk management is potentially the biggest part of the project management planning process.
Often organizations assign resources, dollars and time to project objectives to know exactly when the project is going to finish, how much it is going to cost and what resources are needed.
The problem with doing this is they have not identified risks.
What you need to do in identifying risks in terms of project planning, is to make sure you have captured the risks against every one of those work breakdown structure activities, ensure that the treatments also go in as activities and are resourced.
Furthermore, the residual that comes from risk needs to be captured as the contingency part of the project.
If you haven’t done those fundamental things before you get your budget and duration set, you are going to be severely underdone.
Most projects fail because they have failed to think about risk management. A risk manager in a project doesn’t need to have too much knowledge of project managing but a project manager cannot succeed unless they understand the fundamental processes around risk management.
If you do have those fundamental processes, then you will build those into your schedule and budget and you will succeed more times than you fail.
Developing a risk management framework is certainly a challenge – but that is only one part of the equation.
Once developed, it needs to be implemented.
The thing to understand about the implementation of a risk management framework is that it is exactly the same as implementing any other type of change.
If you plan your implementation like you would any other change project, then you can have success.
There will be barriers and resistance to change, which is why you need to utilize tactics you normally would in a change program. The key actions to undertake include:
Committed leadership
It is absolutely paramount that you have senior management support, buy-in, mandate, and commitment.
This sets the stage for the rest of the organization.
Planning
Identify your stakeholder community, understand their expectations and look at prioritizing those stakeholders.
The communication program throughout the change needs to be paramount in the development of the framework. You need to ensure that you have everybody onside.
Training
Provide all your personnel with the necessary skills and authority to be able to undertake the roles and responsibilities necessary to implement their part of the risk management framework.
Gradual Implementation
A risk management culture is not built overnight.
Start with one small part of the organization, get them up and running and build the excitement around that particular part so that it rubs off on others.
Starting small also allows you to trial the implementation before rolling it out to the rest of the organization.
Quick Wins
Start with the quick wins – find the risks or hazards concerning your staff and prioritize them, setting a momentum for the program and framework.
If you prove to the people in the organization that it’s going to make their life better, you will start to see a change in attitudes.
Bio:
Paladin Risk Management Services is the brainchild of Rod Farrar, who founded the company in 2007 as a result of his passion and skill for managing risk.
Rod’s extensive experience in assisting organizations to mitigate and eliminate professional risks they may encounter is at the core of Paladin Risk Management Services.
The core service offering is risk management training workshops.
The Risk Management Diploma is a broad-based program aimed at risk management and business continuity professionals or those aspiring to fill roles in these industries. After the four day course, attendants have six months to complete the assessment activities, at which point they will be awarded the Diploma.
The Paladin Risk Management Academy Advanced Diploma of Governance Risk and Compliance is fully accredited by the Australian Skills Quality Authority (ASQA).
The four-day course is the only offering in Australia which covers governance, risk, compliance and business resilience.
If you have any burning questions on risk management, Rod Farrar is always ready for a friendly chat. Contact him at rod@paladinrisk.com.au or 0400 666 142.
Debarati says
This was one excellent post that I came across today. Risk Management is indeed a project that should not be treated casually. Knowing exactly where the problem lies and mitigating it at the source is really important. Also, without the commitment of a good leader, this project is not possible.
Fred Schenkelberg says
Hi Debarati, thanks for the comment and good point about leader support. cheers, Fred