Project Risk Management

? “The formal definition of risk management is: a systematic process for describing and quantifying the risks associated with hazardous substances, processes, action or events.” Covello & Merkhofer

 “A few years ago, having just gone through the main items of the Risk Mitigation Plan during a large Steering Committee, I was asked by a board member in a whether humorless and dismissive tone “Has EVERY SINGLE RISK been taken into consideration and can you guarantee a NO RISK delivery” as he was referring to a business project with strong technical aspects.

Humoring him, I replied, sounding serious, and a little mockingly admittedly?, that: “I may have missed out on one thing or two, like that asteroid, gone under the radar, and heading straight for Earth and, more specifically, for the organization’s headquarters and that I did fail to take into account all risks by not assessing the gruesome damage such an event would cause to the project”, earning a few laughs along the way and a gasp or two.

 Of course, that was a little over the edge, but a good laugh is relieving at times and, no, of course I did not put the same effort into every possible risk to that program…

ZERO RISK sounds good, feels safe but is possibly like Perfection: The Unreachable Star you aim for, get somewhat closer to, but do not reach until it is something spelt in the past tense.

“Zero risk”, sometimes, ? turns up in a misleading politician’s speech or, may, pop-up into a young insurer’s dubious dream but to no extent is it a fact to the (project) manager.

Risk Management is all about the attempt to control uncertainties by managing the most critical risks to the project and devising ways to limit their likelihood and minimize their (negative) impact on targeted deliverables.

The classic risk assessment matrix

Risk Management is not about managing every single risk to be met or, I, myself, feel sorry for just saying it ?, to eradicate any possible (risk) threat.

Risk Management is a careful balance between putting some effort into sheltering from potential failure causes and watching over resource consumption of both project time and project budget. It is about putting the effort on what will hurt the most and that effort focus is something that may change all along the project’s life cycle.

Risk Management is an iterative process through monitoring, assessing and mitigating potential impact and occurrence of major risks to your targets all the while calibrating resources and skills available to do so the most effectively possible.

And there are several tools and methods available to do so, more or less organized following the process shown below.

? To mention a few, there are:

• Enterprise Risk Management or ERM (and some of its key frameworks which are ICIF (Internal Control Integrated Framework), CAS (Casualty Actuarial Society) or RMM (Risk Maturity Model);
• Failure mode, effects and criticality analysis or FMECA was originally elaborated by the US Army;
• HAZard and OPerability studies (HAZOP);
• The ROAM (Resolved, Owned, Accepted, Mitigated) method;
• …

The Risk Management Process

Among these tools, the better fitting one will help you cruise on and reach your target with less stress, and greater chances of success by securing the curves, the bumps, the weaknesses and by making easier workarounds when needed...

Risk Management is really all about anticipating and taking care of a potential problem before it does turn into a problem. Its essence is summed up in just a few words by an unquestioned genius from the century gone:

  “A Clever Person Solves a Problem.

A Wise Person Avoids It!”

Albert Einstein