Fresh Look – Is a series of articles taking a look at common topics to try to come up with some new ideas and insight into problems that seem to repeat themselves across many organisations
Risk management should be the star of the P3M show, but it rarely is. In organisations that are forward thinking enough to have risk professionals the relationship between project managers and risk managers is not always optimal.
In this paper, Ed Brown a risk advocate provides some fresh insight into how the relationship could work better.
Welcome to another one of our Fresh Look, these are a series of articles taking a look at common topics to try to come up with some new ideas and insight into problems that seem to repeat themselves across many organisations.
In this article we look at the dysfunctional relationship between and organisations corporate risk world and the P3M risk world and offer some ideas on how it could be better. Fresh look – P3M v Corporate Risk Management
Risk management should be the star of project and programme management, as it ought to stop things going wrong, however it is often seen as the poor relation. Let’s face it, thinking about all the things that could go wrong is hardly exhilarating and very few people talk about their great night in trawling through a risk register.
The reality is that programmes and projects repeatedly go wrong and many of the causes of failure are very predictable. At its best, risk management should be a leading discipline in any project and should empower and support effective decision making. At its worst, it is a low-level support function that is simply generating registers to satisfy people that might be looking over the project’s shoulder. It is rare to see the former but quite common to see the latter.
As part of our Seven Deadly Sins series and as a critical component of successful projects and programmes, we have highlighted below the key reasons why risk management often doesn’t work.
- Risk watching: we see this time and again. Hours of time and great pride can be taken filling in clever spreadsheets but often, with little or no connection to the actual activities required to manage and reduce risk. Risk management means doing stuff not taking pride in a spreadsheet.
- Thinking that mitigation is a word not an action: risk descriptions should be clear and informative. It’s amazingly common to see mitigation actions like “treat” or “share” with no associated actions
- Lack of horizon scanning: often it’s events from outside the project sphere that cause problems. The risk horizon should be a broad view, but too often it is focused on micro or technical challenges within the project scope.
- Creating artificial complexity: risk quantification can be used to do some amazingly powerful and valuable modelling (time and cost); but it’s not uncommon to see wildly complex models producing results that could have been derived from something far simpler. Avoid the temptation to produce a ‘clever’ model just to make the answer appear more accurate.
- Focus on consequences not the threats: far too many risk registers are lists of bad things that could happen and do not consider the events that will trigger these. As a result risk registers tend to be too long and unfocused, they can be significantly reduced by focusing on the threats.
- Ignoring opportunities: apart from cheering people up by looking on the bright side and being hopeful, projects and programmes can make their own luck by taking actions to encourage positive events.
- Gaming the system: it’s amazing how easy it is to game risk modelling. It’s almost standard practice now to ignore any opportunities in the risk register when doing cost modelling as this will “erode my contingency”. Surely if these opportunities are real, and modelled properly, then that’s OK?
Have a look at your own project or programme and see if you think any of the above ‘sins’ might be true for you. If you think they are, get in touch as we’re keen to see risk being done really well.
If you need any further support, our services may be able to help. Why not have a look at our brochure to see the services we offer, or visit our website at www.aspireeurope.com
Aspire Europe are joining in with the Black Friday deals hitting the high street this weekend and the Cyber Monday deals hitting your screens next week.
For a limited time only when you purchase one of our foundation eLearning courses (£199), you’ll receive access to the practitioner course absolutely FREE! Making you a saving of £99 this Black Friday and Cyber Monday.
The courses this is applicable for are;
- MSP® (Managing Successful Programmes)
- P3O® (Project, Programme and Portfolio Office)
- MoP® (Management of Portfolio)
- M_o_R® (Management of Risk)
- Change Management
- Managing Benefits
Get in touch now to secure your deal!
Simply contact us either by email at email@example.com or alternatively give us a call on 01275 848099 for more information.
M_o_R®, MoP®, MSP®, P3O® and PRINCE2® are [registered] trade marks of AXELOS Limited, used under permission of AXELOS Limited. All rights reserved
If you want a free knowledge nugget to find out about Risk Management, then this interview is for you.
In this interview Rod Sowden (the Aspire Europe MD) not only explains the MSP® perspective on risk, but also explores the key area of risk aggregation which is key in a programme environment. Without effective risk aggregation management the programme will always be exposed to risks that appear minor at a project level representing a major threat to the programme.
To access the pod-cast, click here
MSP® is a [registered] trade mark of AXELOS Limited, used under permission of AXELOS Limited. All rights reserved.
Risk management is one of those strange things that we know we should do it, but when we do, it doesn’t seem that interesting. We have conducted numerous gateway reviews, health checks and maturity assessments and invariably organizations seem to be just going through the motions, we have termed the phrase “risk watching” rather than managing.
One Programme Director, when considering the MSP® Risk Management Strategy, concluding that whatever he did, risks seemed to happen so their strategy would be not to manage risks but manage them all as issues, pragmatic at least.
So here are our Magnificent Seven for Risk Management:
- The approach aligns with objectives of the initiative – if it is high risk then much more attention should be given to managing them, this can be achieved by putting it at the top of the agenda
- Focus on the threats and understand what could trigger them, far too many programmes and projects focus on the consequences, for example, stakeholder resistance can be the result of poor communications, so it is the impact or effect of the threat of failing to communicate effectively.
- Engage stakeholders in the process of identifying and managing risks, normally business operations will understand the risks much better than project staff so should be fully involved
- Focus on the aggregating effect of risk, a wise man once said the worst thing that happened to risk was the risk register, as it hides the relationship between individual risks.
- Clear and simple guidance that is provided in the context of the organisations vocabulary and culture, don’t overcomplicate guidance with jargon.
- Informs decision making through the availability of current information and that lessons are being learned and shared.
- Innovate in the way risk management information is presented to a programme or project board, avoid laying a large risk register in front of them, keep it simple and they will stay engaged, they don’t want to the initiative to fail, if they are disengaged when discussing risk then rethink the approach – basically worrying about what might go wrong is never going to be fun
MSP® is a [registered] trade marks of AXELOS Limited, used under permission of AXELOS Limited. All rights reserved.