Why is Risk Management important on every project, big or small, and how do we track it?
Jonathan Bohlmann | Solutions Analyst
“If you are never scared or embarrassed or hurt, it means you never take any chances.” – Julia Sorel
Risk Management is not a pleasant topic, and some people would like to avoid it. Many times when a Project Manager brings up the topic of Risk Management, the participants get that glossy look in their eyes and zone out. Most of the time it is hard to find someone who is willing to even discuss the topic of risk, but Risk Management is vital to the success of a project.
Why Do We Need to Manage Risk?
Experience proves that when a risk analysis is conducted for a certain project; problems are reduced by a staggering 90%. In addition, in the article by the Project Management Institute, “Pulse of the Profession 2015,” it is stated that “83 percent of high performers report frequent use of risk management practices, compared to only 49 percent of low performers.” Managing risk helps ensure that your business is performing at an optimal level. However, risk management is not a one and done type of deal. Do you go to a doctor only once in your life time for a physical? Of course not. You go on a regular basis to help detect any problems at the earliest opportunity. The same is true with risk; you take an assessment at the beginning and you regularly assess the risk throughout the life of the project. Some risks will no longer be pertinent or will have been mitigated, while others may come into play.
The following are a few benefits of risk management:
- Increased operational efficiency by mitigating exploits that could normally drain organizational resources responsible for remediation
- Increased revenue due to increased operational efficiency
- Decreased number of incidents to remediate internally or with a customer/vendor
- Clearer understanding of current threat climate
- Creation of a risk-focused culture within the organization
Risk management needs to be given greater authority during the life a project, and Senior Executives must lead risk management from the top. Risk management should gain enough attention in the organization at a senior level, so that the organization can properly evaluate and elevate the risks when needed. In addition, risk needs to be adaptive rather than static. As previously mentioned, if the risk analysis is only assessed at the beginning of the project and never again, you may be monitoring risks that are no longer relevant and miss the new risk signals. For example, if the union employees are negotiating a new contract while your project is being conducted, a risk could be the union goes on strike and could prevent part (or all) of your project from moving forward. Once that contract is signed, the risk goes away and no longer needs to be monitored. At the same time, a major storm is developing on the west coast and is expected to hit your area which could impact your project. If you are not evaluating all potential risks during the life of the project, you will be unprepared for any new risks.
The business division is accountable for risk mitigation decisions. Therefore, they should always be educated on the project at hand. They should also be subject matter experts and accountable for managing and coordinating the process, but are not the decision makers. Senior leaders are responsible for making the decision of how a risk should be mitigated. Or, when a risk issue is realized, they have the authority to reduce or mitigate the risk based upon the core business objectives.
How does TekStream manage risk?
Project Risks are items that have the likelihood to occur and impact a project. Risk Issues are risks that have already occurred. Using JIRA® to help us manage risk, TekStream has standardized the risk management process which in turn allows our customers to monitor the risks and evaluate/implement risk strategies. This creates a knowledge base of risks across the project and enables transparency into the Risk Management process.
In our Oracle WebCenter projects (on site, PaaS, and IaaS), we start to manage risk by conducting a QuickStream process to gather requirements before developing the Phase 1 project plan. During the discovery and define steps we look at all aspects of the project from hardware to resources to human interaction to software and evaluate, with the client, any risk that may come up in the project. This gives the customer the first of many reviews of the risks to be both aware of and possibly mitigate the risk before the full project kicks off.
My hope is the reader will come away with a better understanding of why risk management is as important to us and your company on their next project. If you have any questions on risk management, please reach out to me and we look forward to helping you on your next project.