Table of Contents |
A project manager will need to continually monitor risks by making the effort to identify and classify events that threaten a project's success. Unexpected challenges always occur on projects, but it's the project manager's responsibility to use their expertise to find these risks and uncertainties early in a project and implement mitigations that will reduce their impact.
Risks are often found and triggered in this phase of a project. No matter how diligently a project is documented during the scope and planning phases, there's just no way to define every deliverable perfectly. So risks will occur, and it's up to the project manager to find and investigate them.
A risk can relate to any of the following listed in the table below.
| Types of Risk | Description | Example |
|---|---|---|
| Scope Creep | Deliverables or additional requirements might be added to a project. | A new stakeholder is added to a project after the planning phase so they might have additional requirements that affect the project. |
| Deliverables | The quality or the performance of deliverables may not be meeting the standards set in the project scope. | A mobile email application is expected to be delivered with fewer than five errors, but testing is currently seeing 100 bugs. |
| Schedule | Tasks might take more time or more effort than expected. Dependency issues might lead to slippage in a critical path. | A senior programmer is taking longer to code their work because they are adding features that are unnecessary for a product. |
| Budget | If the schedule or quality is an issue, then the budget will also be impacted. | The need to add an additional programmer when a task slips due to inexperience with the development team. |
| People and Non-People Resources | There might be issues with personnel, including work performance issues, or there might be issues with materials. | A mobile email application is being developed for an unreleased smartphone, and the development versions of those phones are not available for testing. |
Risk can occur anywhere on a project, but this list should provide guidance about the most common places where risk appears.
When thinking about risk, it helps to remember the triple constraint from an earlier lesson. Any impact to scope, time, or cost will impact the other two variables.
If the project manager identifies risk in the schedule, then the risk to scope and cost must also be identified. Then the risk and the mitigations should be documented in the risk register.
The risk register is a document that keeps track of the identified risks throughout a project. It includes:
| Risk Register | |||||
| Date | Risk | Probability | Impact | Contingency | Type |
|---|---|---|---|---|---|
| 1/10 | Development phone unavailable for testing | Medium | High | Change project to use alternative phone model | Deliverable |
| 2/15 | Inexperienced team causes variability in task estimates | High | Medium | Add 10% to each estimate to account for discrepancies | Schedule |
It's the project manager's responsibility to keep the risk register updated. But every member of the team should be encouraged to identify risks and notify the project manager when they're discovered. Risks in the risk register should be reviewed at every team meeting, and the project manager should also take that opportunity to remind the team of the importance of risk identification and mitigation.
Using the risk register, current risks should be evaluated to determine the current status of the risk and the current effectiveness of any mitigation. A good question to ask is, "Has the probability of the risk occurring and the impact of the risk changed since the risk was first identified?"
EXAMPLE
In the above risk register, the deliverable risk was identified early in the process. It has a high impact, so the mitigations need to be aggressive.The earlier a risk is identified, the easier it will be to mitigate that risk. More options will be available to a project manager if a risk is identified in earlier phases when resources might be easily added to tasks to help mitigate the risk.
A project manager should constantly search for new risks that might impact the project. It's their role to take the big picture view of the project, and that often involves identifying dangers that might affect a project in the future. Again, the project manager should also encourage and involve the team in this process.
Whenever an identified risk either occurs or is considered too dangerous to be allowed to happen, the project manager should plan contingencies to mitigate the risk. Contingencies are actions taken to address the risk.
The project manager and any team members who can assist should devote the time necessary to develop these contingencies. Project managers should encourage open, what-if thinking when discussing these contingencies. Any ideas that manage the risk effectively should be considered.
Risks that are high impact and high probability must have contingencies, and perhaps more than one. These contingencies should be discussed and recorded in the risk register.
No matter how prepared a project is, risks will happen. And when they do, the project manager must be ready to take action.
The following steps should occur:
Source: This work adapted from Sophia Author Jeff Carroll.
