Project Risk Management

Is risk the dark side of project management?  It certainly adds drama. Project risk management is a vast and fascinating subtopic involving both negative and positive aspects. Read select links under this section to learn more.

Understanding and Dealing with Project Uncertainty

Uncertainty, whether it is a risk that will hurt your project or an opportunity that makes your job easier, is everywhere. Often it is hidden, and sneaks up on you when you least expect it. Without enhancing potential opportunities you are overlooking additional project value.

Successful Projects offers a course that provides a practical view of what teams must do to identify and manage uncertainty. It includes assessing possible risks and opportunities, their impact, and their complexity. It also discusses numerous forms of mitigation and political challenges. 

Why Risk is Important

The profile of a typical project manager is a person who has a high-achiever type of personality. They tend to be well-educated, possess exceptional communication skills, are well-organized and organizationally savvy.  They tend to embody a sense of certainty in an uncertain world.  As they guide a team in planning and executing their projects, managing the risk appropriately is what makes their projects successful in that uncertain world.  Think about it. How often is a project implemented in an environment that isn’t filled with instability, assumptions, change, unexpected circumstances, and risk? Probably never. That is why project risk management is essential to successful implementation and in setting realistic expectations.

When a project is originally sold or contracted many decisions, agreements, and contracts are set. Yet at the beginning uncertainty is highest and overall project risk is actually the greatest. That does not mean the project should not go forward. At the beginning, the typical risks often include unclear objectives and requirements, unavailable subject matter experts and other resources, and hasty planning. There are appropriate responses to these identifiable risks as well as ways of dealing with unidentified risks.

Risk management provides the basis upon which to identify risks, estimate the amount of cost and schedule contingency reserves are needed to cover risk response actions to provide a level of confidence for meeting project objectives and to manage the risks as well as possible.  As the implementation planning goes into detailed planning, the risk management is likely to focus more on areas surrounded with getting started with the teams work and the urgency of risk surrounding inexperienced team members, resource availability, poor role definition, unclear statements of work, compliance, and technology risks often take center stage.

Towards the implementation closure, it is common for risks such as poor quality, areas of disagreement with the customer, changes, and hitting budgets tend to become the focus. At this point, it feels like there is a lot of time, cost, and energy at stake and if you are dealing with risk that could hurt the client relationship, there may be a desire to throw anything and everything at the final phase risk solutions to make any negative customer impression go away.

As the organization shares their project risk experiences these tendencies can be anticipated and better managed. It is helpful for the organization to consider what PMI calls “The 6 Critical Success Factors for Project Risk Management” in the Practice Standard for Project Risk Management. An adapted version of them is listed here:

  1. Indoctrinate project managers in risk management
  2. Emphasize that risk management is everybody’s responsibility
  3. Create an environment allowing for honest communication about uncertainty
  4. Have high-level management support of risk management activities
  5. Scale the risk effort appropriately for the project
  6. Integrate risk management with overall good project management processes

The above list forms the basis for good negative risk management. However, the flip side of that is possibly even more important as positive risk (opportunity) management is where tremendous project management value is realized by the organization.  We like to call that “Thinking Positive About Risk”.

It is through the opportunity identification and appropriate response development through innovation, creativity, and advanced problem solving, that the benefits of good project and people management are the most powerful.  It is imperative that we protect our project from negative risk; but in order to achieve our full project, organizational, and team potential we need to strive to think positive about risk.


Risk Models

Project managers may use risk models to explore the possible outcomes using risk simulations.  For a model in Excel, software such as Frontline’s Risk Solver may be used to perform a Monte Carlo simulation on a model.  Project managers can run a simulation that performs many (thousands of) experiments or trials — each one samples possible values for the uncertain inputs and calculates the corresponding output values for that trial.

The first run of a simulation model can often yield results that are surprising to the modelers or to management — especially when there are several different sources of uncertainty that interact to produce an outcome.  Even before an in-depth analysis of the results, simply seeing the range of outcomes — for example, how low and how high Net Profit can be, given our model and sources of uncertainty — can encourage a re-thinking of the risks we face, and the actions we can take.

Because a simulation yields many possible values for the outcomes we care about — from Net Profit to environmental impact — some work is needed to analyze the results. It is very useful to create charts to help us visualize the results — such as charts and cumulative frequency charts. We can summarize the range of outcomes using various kinds of statistics, such as the mean or median, the standard deviation, and variance, or the 5th and 95th percentile or Value at Risk.

Another tool for assessing model results is sensitivity analysis, which can help us identify the uncertain inputs with the biggest impact on our key outcomes. For example, a tornado chart can give us a visual summary of uncertainties with the greatest positive and negative impact on net profit.

Contingency Reserves

A Contingency Reserve is the amount of money or time needed above the estimate, or previously allocated amount, to reduce the risk of overruns of project objectives to a level acceptable to the organization. Planning this is a part of budgeting, scheduling, and risk management.

Best Practices: It is recommended that this contingency is shown in the WBS and schedule. The project manager should take the lead in planning and controlling this – and treat it as a team contingency pool as opposed to creating a buffer for each and every activity or deliverable.


Minimax vs. Maximax

Minimizing the maximum (minimax) or maximizing the minimum (maximin) gain and possible loss is a categorization that helps project managers understand their project stakeholders risk tolerance approach.

Minimax Maximax
Risk avoider Risk seeker
Mostly concerned with control of loss Mostly concerned with taking opportunities
Associated with Wald Associated with Herzwald

Issues vs. Risks

What is the difference between a risk and an issue?  Probability. An issue is a manifested risk. It is happening. Whereas a risk has uncertainty.  Issues are active problems. So issues and risks are closely related but there is an important differentiation.

Calculating Probabilities

A contingency plan has a 30% chance of failing. The corresponding risk event has a 40% chance of occurring. What’s the probability for the combination of having the risk occur AND the contingency plan failing?

(The answer is determined by this equation: 0.3 x 0.4 = 0.12.)

The answer is 12%.


“A little risk management saves a lot of fan cleaning.”    – Anonymous

“If you don’t attack the risks, the risks will attack you.”    – Anonymous