Typical Problems
As with any project management process, there are always challenges and things to be on the lookout for. Let's first review the four general problems that are typical with managing project risk:
- Undetected risks These are the risks that will get you, because you didn't even see them coming. The most common reasons for this are project managers not having the proper risk management mindset, project team members not raising awareness to specific risk factors, and planning defects that are not detected.
- Unacknowledged risks This occurs in dysfunctional organizations or in immature project management organizations. For whatever reason, often political in nature, an obvious risk factor is not formally acknowledged, and as a result properly managed. This is the proverbial "elephant sitting in the middle of the living room." A common example of this is an impossible schedule deadline.
- Not enough process It is not uncommon to see this area of project management totally ignored, at least from a systematic standpoint.
- Too much process On the other end of the spectrum, I have often seen gung-ho, analytical project managers over-do the risk management process. They can spend so much time here that planning is never completed, or they get so focused on risks that they become so cautious and won't take on any chances. Rememberproject risk management is not about "avoiding" all risks.
caution
In some cases, organizations knowingly accept the risk of abbreviating the project definition and planning steps to meet other objectives. |
In addition to the major problems typically found, there are a number of other smaller issues that are common to the risk management process we discussed earlier. Table 14.5 summarizes those common gaps.
Risk Management Process |
Common Gaps |
---|---|
Risk Management Planning |
No risk management plan. Risk management plan equals risk response plan. |
Risk Identification |
Performed only once and not proactively managed. Process is incomplete. Missing entire types/categories of risk. Confusing issues with risks. |
Risk Qualitative Analysis |
The organization has not established standard practices/tools. The probability of occurrence is not calculated for each risk. The impact of each risk is not determined. Risks are not prioritized. Risk Quantitative Analysis is not limited to high-priority risks. |
Risk Response Planning |
Response strategies are not documented. No risk response plan. Response strategies are not appropriate for risk severity. The project plan is not updated to implement and monitor responses. |
Risk Monitoring and Control |
The risk response plan is not maintained. Risk identification is not continued. The project plan is not updated to implement and monitor responses. Responses are not reevaluated. Progress is not tracked, or task owners are not held accountable. |