Risk Management

icon of skill

Essence

Skilled risk management is fundamentally about anticipating and navigating uncertainties to safeguard the success of a project or initiative. It involves a meticulous process of identifying potential risks, assessing their probability and impact, and formulating comprehensive response plans. A skilled risk manager adopts a strategic perspective, recognising that effective risk management is not solely about averting threats but also seizing opportunities for improvement and innovation. This proactive approach enables organisations to stay resilient in the face of challenges and capitalise on unforeseen advantages, ensuring a more dynamic and adaptive project lifecycle.

Communication is at the core of skilled risk management, as transparency and clear dissemination of risk information are crucial. Effective risk managers engage stakeholders in understanding potential risks and collaboratively developing strategies to address them. By integrating risk management seamlessly into decision-making processes and maintaining an active risk register, organisations cultivate a culture of adaptability and preparedness, ultimately increasing the likelihood of project success in a constantly evolving business landscape.

Experience

Every project or program I've run has had a risk management component. They key concepts being that a risk is to the successful completion of the objectives. It can be broken down into probability and impact and then there's the mitigation. There's a proximity dimension that's also important in prioritising mitigation plans, and most crucially there's risk ownership. I like to think of risk ownership as seperate from risk mitigation action owner. What I'm really asking is 'who is taking the risk?'

There's a lot of risk theory I've covered in my MBA and PRINCE2 practitioner certification. Experience however has taught me where there is value and where there is just procedure.

At the start up of a project I like to hold a risk identification workshop. At Greencross, I sat the team down and explained the process. I didn't want the session to become an analysis of the risks. All I wanted was to gather a clear articulation of the risk. What is the event or condition that causes the risk. What is the impact to the project objective; time, scope (I include quality as a component of scope) and/or cost. I time-boxed the discussion to 2 minutes per risk as these can be revisited. I didn't talk in this meeting about the probability of the risk, what was important was that the risks were identified. Facilitation skills brought contributions from everyone. Collectively we then agreed who owns each risk. After the session I tidied up the risk register, consolidated / removed duplicates and socialised the baseline.

In the absence of a PMO standard, I also established a calibrated probability and impact matrix. I then held one-to-one sessions with each of the risk owners and we set about analysing the risk in more detail. We confirmed the impact and made a best guess on probability. We also added a proximity and set out a priority to mitigate each risk. Follow up sessions where then scheduled to review progress on the mitigation plan or its execution.

Risk identification is then embedded into regular meetings with the above follow through with the risk owner, but periodically I would hold a further session to specifically review the risk log and try to identify new ones.

As with all facilitation sessions, I followed up with a retrospective. At Greencross, the feedback was that process was engaging and they felt their concerns had been correctly captured. There was concern that not enough thought had gone into the risk analysis and was addressed by including the risk raiser in the one-to-one session with the risk owner.

Credentials