Mike Clayton defines risk as “uncertain events that can affect outcomes,” in his book, Risk Happens!: Managing Risk and Avoiding Failure in Business Projects. Risk management is the most important of your project controls. It enables you to manage the project more effectively and work towards a smooth outcome. So what exactly is project risk management? Clayton defines it as 3 things:
- Processes to make the project more predictable
- Tools to deal with the real world as it happens
- Behaviors and attitudes that allow us to cope when change does happen.
Risk breakdown structures
Clayton introduces the concept of the risk breakdown structure in his book. This basically uses the categories of time, cost, quality and scope from the enhanced triple constraint and breaks down the risk underneath these categories, much as you would do for a work breakdown structure.
The book includes a good explanation of product breakdown structures and work breakdown structures saying:
To move from a scope statement to a plan in your project definition, you will need to articulate your project activities and deliverables item-by-item. The tools that will allow you to do this are the WBS for setting out your activities, and the PBS for setting out your project deliverables, or products. Whichever you use is a matter partly of circumstance and partly of preference.
The WBS or PBS form a good basis for building a risk breakdown structure, as it is a way to ensure that you have covered the risks that relate to all areas of the project.
Using risk logs to manage risk
A plan is nothing without action. Often, we unconsciously think that once we have planned for risk, the universe will get to hear about it and mysteriously prevent the risk from happening. It won’t. Your risk register is more than a record – it’s a management tool, so use it to manage.
Clayton makes a good point in the quote above: managing project risk is more than just a one-off brainstorming session and logging everything on a spreadsheet. You have to actively manage the risk, otherwise it won’t go away.
Of course, there are some risks that you don’t want to go away. Positive risk can positively impact your project, so you want your risk management plan to include actions that will make the risk a reality.
This book includes ways that you can capitalize on positive risk by enhancing the impact. And in case you can’t identify a positive risk unless it slaps you across the face, it also includes a short section on how to know one when you see one.
There is also some background information on how individuals and groups respond to risk. This is particularly useful when you are trying to put together a risk management plan, as you’ll get different responses to your management actions from different stakeholders and understanding how they think will help you realize that you aren’t going mad when they all respond in different ways.
Clayton also covers common things that affect our ability to make good judgements, such as the anchoring bias. This can lead us to set up risk management activities that are less than effective, or influence our approaches to managing project risk.
Set up your risk management structures straight away
This book is a solid introduction to risk management and would be good for beginners. There is a good glossary and an appendix of common project risks – great if you want a starting point for brainstorming risk on your own project.
The book is not method specific, so it doesn’t matter if you use PRINCE2®, the PMI® equivalent or any other national or international standard.
There are useful tables and processes, which will save you having to work out a risk management process for yourself – handy if you are setting up a PMO and want to save some time. You could easily take what is in this book, tweak it a little to suit your project or company and implement a risk management approach straight away.