In spite of your best and most detailed project planning, the execution of that plan rarely goes without a hitch, hic-cup, oops or ouch. There are always bumps in the road. Every project has a level of uncertainty and the potentiality that something just doesn't go the way intended. The longer a project runs the greater and more likely you will face multiple risk events.
Risk Management and Planning: Determining what threats and risks exist in the project or the product; analyzing those threats/risks and assessing their probability of occurrence; identifying ways to mitigate and or respond in the form of contingencies through detailed planning.
In risk management planning we first identify potential threats, potential risk events; analyze and assess the risks in terms of good/bad and size; determine the potential effects; develop responses to mitigate or respond to realized risk events; continually monitor and control risk; and, integrate risk responses into the change control process where applicable.
Risk assessment is the analysis of the project to determine and identify threats and opportunities that may affect the project and product. Analyze the level of risk and whether it will result in a negative impact or a positive (opportunity) impact. Determine the probability of occurrence for each potential adverse threat event, as well as potentials for positive risk events. Risk assessments must be carried out as early as possible and then continuously revised and updated.
What do we mean by "Risk" and a Risk Event?
Risk as defined by Webster's Dictionary is, "the chance of injury, damage, or loss." Project Risk, on the other hand, extends that definition to include positive as well as negative effects of a potential event or condition. Think about it this way - the project schedule, budget, resources, baseline performance measures, product and project scope specifications are established at the beginning of the project; everything we "expect" to occur and at what time, is based on all those pre-established factors; upon commencing the execution of the plan, anything can happen to alter or affect the path and project performance - there is a potential for a positive event, proving opportunity to benefit the project performance and the product OR there is the potential of an occurring event to threaten any part or all of the project negatively.
When we talk of risk event, we are referring to the potential of a threat or change in some facet of the project. A level of uncertainty will always exist as it relates to future project work and resources. We operate on many assumptions relating to availability of funds, personnel resources, materials, supplies, commitment of the sponsor and other stakeholders, even the weather and social, economic and politics. There are no limits or off-limit areas within the project that offer themselves up for the potential of risk. Consider the Project Work Package (WP) for example, if the WP calls for a piece of equipment that meets the required specifications and at a specific cost, it's not unheard of to run into a situation whereas, by the time this piece of equipment is ordered from a vendor, the equipment is no longer available and has been replaced with a newer model with different features and at a much higher price - it happens.
Not all risk is bad risk
Are there opportunities to improve on the project goals and objectives; potential for improvements on the project schedule, costs, use of resources or reduction of necessary expendable resources; and, the prospective for product scope improvements, without increasing the project schedule or overall costs? I'm not suggesting that you spend your time trying to find ways to alter the product scope and its design and specifications; however, there may be opportunities as a result of the realization of a risk event, to improve upon the "project's" performance in terms of a modest improvement to some part, feature or function of the product, as well as on the schedule, reduction in time/duration, progress, and use of resources. Does the opportunity exist to bring the project in under budget and ahead of schedule without reducing the quality and scope of the product, and project?
Keep it Simple
Establish a process for risk response execution. Identify who has the authority to activate a risk response option, a contingency option. This one is obvious: Check to see if the business, organization, sponsor, contract officer, or whoever has authority for the expenditure of funds, use of human resources, contracting/bidding out jobs, scope of the project has a standard policy regarding risk response; a formal risk management procedure may already be in place.
Starting with the Work Breakdown Structure (WBS) and the Project Breakdown Structure (PBS), analyze each work package to determine and identify every possible opportunity for something to go wrong. Be realistic but not naïve. In the next article I'll cover more specifics on project functional categories that will aid in identifying risk in the project and product.
Risk identification and probability can be done in a group setting such as project team meetings. It's not a bad idea to capture any potential risk items noted by the team during the WBS and PBS work group meetings; however, don't get wrapped up in identifying all the potential risk items before the WBS/PBS are completed. There will be plenty of potential problems that will be apparent after those breakdown structures and the Work Packages (WPs) are defined.
Remember that any risk event that has the potential to affect the big four, time, cost, resources, and quality (scope) will also require integration into the project's change control management (CCM) process. If a risk mitigation response/contingency plan response requires an increase in costs, this is certainly something that must be viewed in respect to the CCM process, since a cost increase may result in an overall project cost increase, or the necessity to reduce resources or features and functions (scope) to get the overall project costs back in line with the original planned amount.
Warning: Don't fall into analysis paralysis. It's not too hard to get caught up in identifying every potential risk, no matter how remote the possibility, to the extent that you find yourself worrying yourself to death. We manage the risk that has the greater chance of occurrence by taking steps to mitigate that potential; we prepare and coordinate contingency plans to, not just mitigate the known risk, but to have a process in place that will allow us to manage the unknown - to be prepared for anything.
Risk originates in uncertainty and with uncertainty the outcome cannot be predicted with absolute accuracy. There are no project management crystal balls that will allow you to see the future. However, what can be done is a forecasting of the probability that one or more potential outcomes will occur. Plus, a probability rating or ranking of these same potential events and their associated impact (good or bad) in the nature of cost, resources, time and quality. I'll write more articles on Risk that focus on Risk Identification, Risk Probabilities, and Risk Mitigation and Contingency Planning.