Project Risk Management

A Guest Post from Johann Meeke

Why do most projects overrun on time or cost?

Perhaps it’s because sane people are involved. One of the components of sanity is optimism. (It’s why we are happy to get out of bed each morning – because we think things will be okay). Sane people, trying to anticipate the problems ahead, on a new venture, will most often believe things will be good … and that bad things can be dealt with!

When is a risk a threat and when is it an opportunity?

Imagine you commissioned a new bridge. The week before opening the constructor tells you that it needs to be delayed by 48 hours. Do you cancel the whole project … or just wait 48 hours?  What happens if they come to you and say they can open it early by 24 hours. Do you declare the project a failure? Of course not. But this is the point about project risk. The very essence of what we mean by risk needs to be reflected on. Now the nature of risk is much more uncertain.

Contrast this to an incident where the bridge is built but collapses through poor workmanship. Now there is no doubt about the nature of risk. It’s very clear.

Projects present a particular form of challenge to the risk manager. Firstly, the definition of risk needs to more balanced. Secondly, the processes used to identify and evaluate risk need to be specifically considered and finally the risk mitigation techniques require tailored consideration.

Typically projects have three main risk variables:

  • Price – will you make a profit by building/delivering for less cost that you can eventually sell it for. (Or will you be on budget).
  • Performance – will it work to customer specification, over its entire life (or life of contract obligations)
  • Programme – will you complete on time.

All these variables interact in a positive and negative way. You could deliver early but might have to sacrifice performance and price (by compromising spec or putting more resource, i.e. cost, into the project). You could delay the programme (a negative) by reducing costs (normally a positive).

What is actually happening is a trade-off between threat and opportunity in a manner that’s doesn’t happen so directly in most others areas of risk management.

For example, installing automatic sprinklers in a factory doesn’t provide a direct opportunity to earn more profit. It might protect the profit you have projected. But as can be seen above, trading off programme and performance risk, on a project, might lead to directly increased profits (because costs have been reduced through less overtime working for example).

The reason this point has been concentrated on is because there is a strong tendency to assume project risk management is just like any other form of risk management – with just a few more time and cost constraints.

So what are the main differences in managing risk?

Well, for this article we will ignore those risks that can be subject to some form of preconception e.g. building site health and safety where normal safeguards should be applied. Let’s instead focus on the unique aspects.

Risk identification

By definition a project is a new thing. Whether developing a new product, building a new factory or installing a new IT system – it will never have been done before, under quite the same circumstances. You may have built a similar factory nearby, but the ground conditions will be different, the neighbours, the weather, key staff might have left and so it goes on.

In short, you can learn from the past but the future consists of potentially significant new elements. Therefore, whilst you can rely on checklists and lessons learned you will also have to consider the unknowns that have never been encountered in quite the permutation you will come across. For this reason, some form of multi-disciplinary “brainstorming” or scenario envisaging should take place. This will allow you to comprehensively explore the future and how it might manifest itself. The multidisciplinary approach allows quick identification of risks that arise through a combination of circumstance or that might fall through gaps.

Risk Assessment

Determining downside threat without also calculating upside opportunity would make a project risk management exercise like a car with brakes but no engine. For example, considering the costs of project overrun will give one view of management action – however, looking at the potential benefits of delivering early (e.g. improved cash flow, availability of staff for other projects, project bonuses etc.) will give a completely different emphasis. Blending the upside/downside trade-offs between performance, programme and price is the very essence of good project management.

Risk  Treatment or Mitigation

Dealing with risk here is more than ensuring compliance. It is about having the correct upside and downside KPI’s. it’s about integrated contract negotiation with proper project monitoring. It is about mitigation that starts at the bid phase with clear contracts and a thorough understanding of what needs to be done, by whom and by when. It’s about having the right staff and material, when and where needed. In short, it’s a whole world of complex interactions requiring experience and skill, underpinned by robust processes.

Some concluding thoughts

How does one tell a good project risk management process from a mediocre one?

Perhaps the most obvious indicator is where the risk management starts when the project starts. In reality it should have started at the bid or inception phase.

On other occasions it has actually occurred at the bid phase – but has never been integrated into the project plan after contract start.

But perhaps the best indicator of all is a bit more personal. Most project risk assessments are de-humanised. It’s the modern way as we search for the commanding heights of objectivity. But imagine the effect of an excellent project manager versus an average one. Would it affect timings, costings, relationships. You bet. If your project risk management hasn’t even assessed this most obvious of risks then I suggest it is back to the drawing board.

Explore posts in the same categories: Enterprise Risk Management, ERM, Execution Risk, Green shoots, Operational Risk, Risk


You can comment below, or link to this permanent URL from your own site.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: