Risk management is often overlooked, or done unofficially. Some practice it scarcely without even knowing that’s what they are doing. To add a little clarify to all this, here is a quick overview:
Risk management in a nutshell is
- Taking the time to identify potential risks in the project
- Identifying the impact of the risks should they happen
- Plan next steps regarding those risks before they happen
- Execute those next steps
- Monitor current and new risks till the end of the project
- For new risks, you go back to step 2 and 3
False assumptions about risk management
- Involves only the project manager
- Risks are only associated with technology (so the tech team)
- Is only done once at the beginning of the project
- Adds useless overhead to a project
- Risks are always negative
- Doesn’t require a particular budget
Reality about risk management
- Involves the whole team
- Everyone can contribute in identifying risks
- Anyone can be made responsible for monitoring and preventing a certain risk
- Mitigation plans can include building prototypes (amongst other examples) which involves team members other than the project manager
- Risks can be anything from the weather preventing to work, to team members leaving, to new technology being used. It is anything that can affect your project which was not planned.
- It’s done throughout the whole project
- new risk can be identified during the project
- the status of current identified risks can change, which can require to review the mitigation plan
- Can actually reduce project costs. If spending 100h on a prototype can prevent 250h of unplanned changes in the future, it’s a 150h reduction in the end.
- Risks can actually be positive but are called “Opportunities” in these cases instead of a “Treat”, see Risks: not always negative
- Risk management requires time. If no budget is planned for it, than the immediate reaction is to ignore risk management. Should risk management be done without budget, it will automatically be considered overage, and can then be perceived negatively. Risk management should have its own budget which gives a clear guideline when it comes to planning risks management and taking decisions on how you are going to act on each risks you identify.
This is a summary of course, there is much more to risk management, but hopefully this will shed some light for those who are still confused by the idea of risk management.
Call this a cheat sheet 😉