The Common Sources of Project Risk
The first key to managing risk on your project is to know where to look for it. The good news is that 80% or more of all risks originate from the same sources on every project. Once you know the project characteristics that contribute to higher risk levels and the common sources of most project risks, you can quickly and effectively identify risk factors for any project. These factors should be first evaluated during project definition and will be the main reason why several iterations of planning are often necessary. In Table 14.3, most of the key project risk factors are listed to better guide your risk identification activities. You will note that many of these are emphasis points for project definition and detail project planning.
Risk Source Category |
Examples/Factors |
---|---|
Project size and complexity |
Effort hours Calendar time Estimated budget Team size (number of resources) Number of sites Number of business units Number of system interfaces Number of dependencies on other projects Number of dependencies on other systems Degree of business change |
Requirements |
Volatile requirements Unrealistic or aggressive performance standards Complex requirements |
Change Impact |
Replacement or new system Impact on business policies Impact on business processes Impact on organizational structure Impact on system operations |
Organization |
Changes to project objectives Lack of priorities Lack of project management "buy-in" and support Inadequate project funding Misallocation and mismanagement of resources |
Sponsorship |
Lack of strong executive commitment Lack of clear ownership Loss of political support |
Stakeholder involvement |
All key stakeholders not identified Missing "buy-in" from a key stakeholder Stakeholder needs not completely identified Key stakeholders not fully engaged |
Schedule |
Estimate assumptions are not holding true Schedule contingency is not adequate |
Funding |
Reduction in available capital Cash flow issues Inflation or exchange rate factors |
Facilities |
Adequate for team productivity requirements Adequate for project security requirements |
Team |
Full-time or part-time roles Location of team members Can't find desired resources Lack of experience Lack of business knowledge Lack of skills Lack of commitment Personal issues Lack of prior experience working together |
Technology |
Missing technical data Use of unproven technology Use of non-standard technology Development approach Level of complexity |
Vendors and Suppliers |
Contract types Risk-reward elements Procurement process Experience with vendor/supplier |
External factors |
Changing weather conditions Changes in legal and regulatory environment Approvals from governmental agencies Political changes |
Business factors |
Time-to-market Mergers and acquisitions Economic events Market conditions |
Assumptions and Constraints |
May create schedule, costs, resource, or quality risks |
Project management |
Lack of experience Poor leadership Poor communications Lack of contingency plans Inadequate risk management |
caution
As the project size and complexity increases (see size and complexity factors in Table 14.3), the level of risk can increase exponentially. |
While most sources of risk are inherent attributes of project initiatives or are outside the project manager's control (as the preceding table summarized), there is another common source of project risks that is generally self-inflicted. These are the project risks we create by not performing adequate project definition or detail project planning. For a complete listing and explanation of those factors, you can review Part II of this book. For a quick review, many of the key factors are listed in Table 14.4. Please note that some risk source categories are listed again in this table. This is intentional. In some areas, there are universal, inherent factors that contribute to project risk, and there are other risk factors that are introduced due to inadequate project planning. One example is the project schedule. Estimate assumptions not holding true and inadequate contingency buffer are inherent risks on any project. However, a poorly developed schedule is self-inflicted and a result of project planning deficiencies. Yet, it can be as devastating to your project critical success factors as anything.
caution
Unidentified or unacknowledged project planning defects are the most popular source of unknown risks. |
Risk Source Category |
Examples/Factors |
---|---|
Project management |
Improperly defined project deliverables; Incomplete planning; Improper procedures; Not defining clear roles and responsibilities; Lack of contingency plans; Inadequate risk management; Inadequate attention to the right details; Inadequate resource staffing |
Project Definition |
Unrealistic objectives; Inconsistent objectives; Incomplete scope definition; Inconsistent scope definition; Improperly defined project deliverables |
WBS (and Project Schedule) |
Not reviewed and approved by stakeholders; Missing tasks; Lack of team understanding; Missing project management activities; External dependencies not identified and understood |
Project Schedule |
Missing task dependencies; Tasks not clearly assigned; Resources over-allocated; Calendar realities not factored; Inadequate contingency or reserve |
Project budget |
Poorly developed cost estimates; Missing cost sources; Inadequate contingency or reserve |
Requirements |
Incomplete requirements; Poorly defined requirements |
Assumptions and Constraints |
Not completely defined |
Technically, these factors are actually planning defects. They only become project risks if they are not corrected before planning is complete. |