Most Project managers understand that risk assessment of some form is a requirement of modern project management process. But the initial risks compiled in many cases are limited to a common set of risks and might not cover the whole story.
The project team feel obliged to create a list of possible risks. But pay lip service to this process, so they are seen to do the “Right” thing or get the corporate governance police off their backs
Where does your risk assessment take you?
Often projects assemble a list of initial risks based on a few common items. This is done to satisfy management and corporate governance. But when it is limited to just a quick exercise of listing some common risks to make it look like the project is seriously managing risks it has no value. If you do not kick start your risk management with a well formed assessment you create an underlying danger to the management of risk for your whole project.
The weaker the foundation the less strong the structure of the project can be. The initial risk assessment is just one of the early steps. There are cases where projects complete a reasonable risk assessment and then fail to manage it. Much like the case that project managers create project plans and then fail to track or update them. Is this the way projects approach risk management in your organisation? Maybe it is time to look at getting more out of the process and not paying lip service to it.
What could be done to improve the process?
Solid risk assessments done well will help improve the chance of success in your project. Avoid doing the assessment as a tick box exercise, its value will be much lower if you have that approach. Be clear to the project team and stakeholders that the purpose of the risk assessment is to improve the outcome and avoid problems. This will make success more likely and the project less stressful for all involved.
Organise the assessment in advance as a workshop with a selection of key stakeholders. Use a tool or common template that will allow you to establish a context with other projects. This should become a repeatable process which will help to collate data in a common way.
Use historic project and risk performance to help inform and improve the approach. Once the assessment basis is common then data recorded in lessons learned can have a more consist structure and allow for a virtuous circle of improvement. This will reduce the impact of common risks and also streamline the approach to risk in future projects.
Possible steps of the Assessment
Populate a project risk assessment template to highlight the areas of concern to provide a basis for a workshop. Do not worry too much about the scores that are generated from your initial pass but use the areas highlighted to clarify the more exact risks.
With a good cross section of project stakeholders included you are more likely to get support and buy-in. They can help form a more complete picture of the risks and inform the management approach. The Project Manager is not the best owner of all risks in the project so share out the risks between the team and stakeholders
Document specific risk entries using the output from the workshop. Assign a clear owner for each risk. Set a target time for regular and appropriate reviewing. Make the actions clear and owned by those responsible for completing them. Always set a target time for the risk to be closed if that is possible.