The recognition and management of project risks and criticalities is one of the most crucial aspects for the success of a project; however, this issue is easily overlooked.
Throughout the life cycle of any project, there will almost always be unforeseen problems, questions and concerns that occur.
When these problems appear, the project manager and their team must be prepared to address them, or they may have an impact – even a severe negative one – on the outcome of the project.
Since most problems are, inherently, unexpected, how can we tackle them quickly and effectively?
The ideal solution is to have a problem-solving process in place before the project even kicks off, to make sure that you meet your deadlines and costs and achieve your objectives.
Problem management is the process of identifying and resolving problems. Problems that may affect staff, suppliers, technical failures, material or resource shortages, etc. every single factor in these categories can potentially have a negative impact on the project.
If the problem is not solved in time, it could lead to conflict, delay, or even total cancellation of the project.
So why is this often overlooked?
Perhaps because it is easier for a project manager to focus on organizing tasks and distributing roles rather than investing time in analyzing and managing project risks and issues.
Risks and criticalities: what’s the difference?
At first, risks and criticalities might seem the same thing, just called in different ways, but this is not the case.
What is a risk?
The PMBok defines the risk of a project as
An uncertain event or condition which, if it occurs, affects positively or negatively one or more goals of the project.
Here is an example of a risk statement:
Since the project team failed to review the requirements with users, it might fail to meet the customer’s needs, resulting in dissatisfied users.
The cause in this example is the failure to audit and validate the requirements. The risk is that the project team may not meet the user’s requirements, while the impact is dissatisfaction with the product by users.
The risk is therefore an event or condition that could potentially happen in the future.
In particular, the risks of a project include several attributes such as:
- They are generally known at the outset of the project.
- They may exist at a specific point in the project and/or may last for the entire duration of the project.
- They may have a significant impact on the outcome of the project if the risk becomes a reality.
- There is a moderate probability that the risk may come true.
- Sono straordinari rispetto alla normale gestione del progetto.
Making assumptions to identify project risks is a reasonable way to determine the elements of a project that could cause problems.
However, it is important to focus on important risks by basing them on three factors: materiality, probability, and extraordinariness.
When defining risks, it is advisable to try to make a list of the main factors that are most likely to occur, are extraordinary for normal project management, and could significantly damage the project if they occur.
After defining the main risks of the project, the next step is to implement mitigation strategies for each point on the list to apply if the risk begins to become a reality.
By defining mitigation strategies for each risk, one can actively and proactively outline how to avoid the risk and manage the potential problem.
Accuracy in risk definition is extremely important. Risks need to be defined in order to clearly design and determine the action to be taken to mitigate or avoid them.
If it is not possible to structure the response action, this means that the risk is poorly defined or is not a tangible risk.
What is a criticality?
A criticality is identified as:
An event that has occurred and is impacting the project.
It is the project manager’s responsibility to responsibly address events and ensure that their impact on the success of the project is minimized.
Critical issues require immediate attention and real-time action and may be the result of risks identified at the start of the project or may come from an invisible area not initially considered.
In both cases, critical issues arise in most projects and any effective leader should be able to address them efficiently.
Similar to project risks, critical issues are problems that occur in a project that require certain management actions and strategies for resolution.
If a criticality is not addressed promptly, it may impact significantly on the successful completion of the project.
The extent to which critical issues differ from risks, however, is that the former generally do not last throughout the project and may not be known at the beginning of a project.
Effective risk management
The project manager should take care of risk management in every project from the very beginning.
It is certainly not a pleasant topic, but it is worth talking about potential risks to and with stakeholders during the initial project start-up meetings.
This may be the only chance to have the whole team and stakeholders together before the project is started and completed, so it is a good time to gather doubts and thoughts about potential risks from all perspectives.
This planning phase is unfortunately often overlooked due to the increasing need for speed that the market requires to drive back and overcome the competition.
Visualizing risk from a different perspective
The first thing the project manager and team should ask themselves is what could go wrong during the project.
- Are there any factors that could prevent the completion of any project activity?
- Is it necessary to take into account elements such as seasonal weather conditions, external suppliers, market fluctuations, political effects or material stocks as possible risks?
These are just two examples of questions that the project manager should ask himself.
There is an almost limitless list of “what if” questions that need to be considered and that can help identify as many risks as possible.
There are many types of risks that affect projects:
- Cost risk: this generally translates into an increase in project costs due to poor cost accuracy or a change in scope.
- Planning risk: i.e. the risk that the activities will require more time than expected. Delays generally increase costs and postpone the reception of the project output, with a possible loss of competitive advantage.
- Performance risk: the risk that the project may fail to produce results consistent with the project specifications.
- Governance risk: it applies to the performance of the board of directors and management in terms of ethics, community management and corporate reputation.
- Strategic risks: resulting from errors in strategy, such as the choice of a technology that cannot be used in a specific case.
- Operational risk: includes risks arising from implementation and process problems such as acquisition, production and distribution.
- Market risk: includes competition, currency exchange rates, commodity markets and interest rate risk, as well as cash and credit risks.
- Legal risk: arises from legal and regulatory obligations, including contractual risks and controversies brought against the organization.
- Risk related to external hazards: including storms, floods and earthquakes, vandalism, sabotage and terrorism, labour strikes and civil unrest.
After having identified the project risks, it is time to consider their potential impact.
- What kind of effect will every risk have on the project?
- Will the risk cause delays in activities?
- Will the risk cause an increase in project costs?
- Will the risk affect the end product or service quality?
The best way to help the whole team and stakeholders understand these risks is to quantify and give them a value that everyone can clearly understand.
For example, for how many days could the risk delay the project? Will the risk lead to a percentage increase in how much on the project?
Identify ways to mitigate, reduce, eliminate risks
Once identified, the next step for effectively managing risks is to determine and examine ways to mitigate, reduce and, if possible, eliminate the problem.
Is there anything the project manager and team can do to reduce the impact on the project or to eliminate the risk?
For example, if a risk has been defined regarding one supplier’s reliability or cost, can you look at the services of another supplier that may charge less or be more reliable?
The project manager must commit to putting in place a response strategy for any potential risk.
Defining and filtering the list of risks is easy compared to defining mitigation strategies.
The action plan will be the one in which the creativity and resourcefulness of the project manager will come into play.
It is fundamental to have a mitigation or risk management strategy, but it is also necessary to ensure that ownership and responsibility for the plan is fully assigned to a team member or a separate team.
No strategy can be implemented unless it is implemented by its owner and by assigning responsibility for that specific plan to someone, you can ensure that risk management strategies are implemented when necessary and as quickly as possible.
For example, back to vendor risk: by giving responsibility for mitigating that risk to the person who is directly involved with that vendor, they will be able to act quickly in the event of a problem rather than having to wait for the project manager’s green light.
In short, risk management is:
the process of identifying potential risks to the success of the project and the process of implementing strategies and procedures that will mitigate the impact if such risks occur.
Risk management is a key part of the planning process and the project manager must ensure that this vital step is not overlooked in favor of urgency.
The lack of a risk management strategy can result in project delays, increased costs and, in the most serious cases, even total project shutdown.
In part two we will analyse the effective management of the identified criticalities.