Why do so many organisations embark on high-risk projects without demanding robust project assurance?
Projects fail for many reasons. Recent global studies indicate that inadequate risk management is a common cause.
Successful project managers aim to resolve high levels of exposure before they occur, via systematic risk management processes.
Many projects are inherently exposed to myriad risks and are often significant in scale, complexity and ambition. Delivering large-scale projects can often be adversely impacted by a bias towards being over-optimistic.
Imperfect, insufficient or inadequate data increases exposure that often results in over-estimating benefits and under-estimating costs.
Managing macro and micro-level events related to achieving project deliverables, whilst balancing the needs of many stakeholders, has become increasingly important.
Assessing risks at both portfolio and work-stream levels helps increase confidence that risks are understood.
Projects are often prioritised relevant to their levels of perceived exposure and one has its own risk profile.
Project Risk Management
Project risk management focuses on identifying, analysing and responding to project events.
It should be designed to systematically identify and manage levels of uncertainty and potential threats to delivering project objectives successfully.
Risk management processes should be iterative throughout a project’s life-cycle and embedded in project management planning and activities. Smaller projects often require minor work and periodic monitoring.
Complex projects need formalised processes to analyse, manage and report risks.
Good reporting relies on clear descriptions of all exposure, their impact on the projects, and potential costs for mitigation and inaction.
This helps ensure project personnel understand the potential impact risks may have on projects’ success and have prepared strategies to minimise negative consequences.
Problems occur when there is limited visibility of risks at project and portfolio levels or approaches to risk-management are ad-hoc and inconsistent.
Further problems can arise when risks are identified but recorded at a very high level accompanied by highly subjective risk ratings, rather than being the result of more substantive risk assessment.
When these problems arise, an organisation would benefit from clearer, more formal and wide-spread processes for capturing and monitoring risks.
Project and Portfolio Risk Assessments
Project and portfolio risk assessments should be undertaken to understand their risk profiles and associated threats in achieving business objectives.
Assessments should identify the action plans to address the risks identified and allocate executive responsibility to manage them. Additional risk assessments should be carried out on selected projects (perhaps by prioritising them by value or complexity).
Risk management processes should be on-going and monitored throughout a project’s life-cycle.
Regular risk reports would provide Project Sponsors, Senior Responsible Officers and Steering Groups with better visibility of projects’ risk profiles.