Many people today like to talk about planning. But planning is not just about making lists of tasks and what could be done. The task of good planning is to achieve a situation where the final actual result matches the expectations, i.e. the original plan, as closely as possible. And the closer the match, the higher the quality of planning.
But how often does reality fully match expectations? Almost never.
Hence the conclusion: an experienced manager is one who knows how to plan not only the activities of the people entrusted to him, the business processes, the resources, but also the risks. And risks need to be managed.
What are project risks?
Project risk is the possibility of an event (definite or indefinite) that may have a positive or negative impact on the project’s outcome, goals and objectives.
Risks can have:
- Likelihood is an assumed probability, expressed in fractions or percentages, that reflects the real possibility of a particular risk occurring.
- Impact is the amount of time, material or human resources, as well as potential damage (including reputation) or benefit, that may result from the occurrence of specific risks.
- Value is a specific conditional indicator that helps to assess the relationship between the probability of occurrence of a risk and its consequences. Typically, the magnitude of a risk is obtained by multiplying the probability by a numerical expression of the consequences.
Risk matrices are used to visually assess the value of risks.
A risk (probability) and impact matrix in project management is a table in which the most important thresholds for the probability of occurrence of risks and the consequences of these risks are entered. At the intersection of the rows and columns, it is easy to see and assess the magnitude of the risk.
Using the matrix, it is easy to generate a list of risks that really deserve attention.
Charts or other graphical tools can be used instead of the matrix view.
A simple example of a project risk matrix
This is what a probability and risk matrix might look like, with colours highlighting the most important values:
Green means the risk is low. Yellow — the risk requires attention. Red — the risk is highly likely to occur and will have serious consequences.
Another version of the risk matrix, but with more visual numerical indicators.
The closer the number is to one, the more attention should be paid to a particular risk.
It should be recognised that the classification by probability and impact is very arbitrary. The scale can be divided into five groups for assessment, a ten-point system can be used, or more detailed accuracy based on complex mathematical models can be used.
How to determine the possible consequences of risks (example).
How to manage risks
If you already have a detailed description of the project and have calculated its main resources, it is not so difficult to build a risk matrix. It is even better if the risk planning phase is included in the overall project planning work.
To do this, you need to go through the following steps one by one:
- List possible internal and external factors that may affect the project’s delivery, and identify available resources — human and physical.
- Make a list of all possible risks — identify them. To do this, you can draw on your own experience, the experience of other companies, departments or projects, use ready-made templates, etc. The most commonly used methods are brainstorming, nominal group method (involving groups of experts) or SWOT analysis. But there are also other techniques.
- Carry out a qualitative and quantitative analysis of all the risks identified. A matrix of risks and their degree of impact is useful for this task.
- For the most likely and significant risks, a risk response plan and a list of necessary reserves should be drawn up.
- Based on the risk response plan, update the project work plan (add additional staff, request financial reserves in case of problems, plan other types of reserves).
- Regularly monitor the internal and external environment for risks and/or situations leading to their occurrence in order to respond in a timely manner.
In this way, risk management should become another management task within the company or project.
Reserves
We have already mentioned reserves as one of the main ways of dealing with risk. And they are. But since reserves require accumulation or involve additional costs, their planning should be approached as responsibly as possible.
No company can have unlimited resources and therefore reserves.
Reserves can be human, financial or expressed in terms of extra time. The existence of a reserve always implies overspending, i.e. suboptimal use of fixed assets. But its presence allows you to avoid unpleasant consequences in the event of unforeseen (or foreseeable, if you know how to manage risk) events.
The willingness to put resources at risk without provisioning can be called risk tolerance.
Effective risk planning in projects
In order to eliminate all potential problems in the project work, it is logical to organise regular meetings where the project team, its manager and the customer’s representatives draw up not only a plan of key actions, but also a risk management plan.
A dedicated enterprise management system can help with the task of recording, categorising and documenting.
The result of such meetings is a plan that lists all potential risks, their impact and likelihood (this can be in the form of a matrix), as well as response measures (with the necessary reserves). Such a document may be developed in several successive iterations.
The plan can be reviewed periodically, as the probability of risks and the magnitude of their impact can be significantly reduced or, conversely, increased as the project develops.
The result of risk management is that there are very specific actions, costs and contingencies that need to be built into the main project work plan, namely its budget and/or staffing.