Project Risk Management Strategies

Capability improvement is like walking up the ‘down’ escalator. This aphorism was shared with me almost fifteen years ago at the 2008 PMI Global Congress in Sydney, Australia.

Among the presentations I was eager to attend, there was one titled Assessing Project Risk Management Maturity in a Large Energy Company. The speaker had based his work on the Risk Maturity Model developed by Dr David Hillson in 1997. I was keen to hear how the speaker had applied a theoretical concept to deliver benefit for his organization.

What I have since learned, I plan to share with you over a series of blogs. Right now, I’ll use this first post to illustrate our likely direction of travel.

The early days of Project Risk Management

The person that shared that initial observation was David Hillson himself because, by chance, David was attending the same conference. In those halcyon days, there was no global risk management standard, and he was speaking of the need for risk practitioners to rally behind one - ISO 3100 would be published a year later, in 2009. Believe it or not, there was much less alignment then than there is now, about what constitutes good project risk management practice. 

Over the years, David has done a lot to help embed and shape the ways in which project risk is conducted on countless projects around the world. The point here is that project risk management has been evolving for some time and, since capability improvement is like walking up the ‘down’ escalator, it must comprise of stretch goals, so that we never stop evolving, never stop being curious and never stop learning. Bias towards maintaining the status quo will make your organization uncompetitive. In an era of rapid digital disruption, no growth can be found in the comfort zone. To stay relevant, growing pains may be felt by some.

Raising Project Risk Performance standards

For me, raising levels of risk management capability is synonymous with quality control or, more broadly, raising standards of project performance. If you are responsible for delivering capital projects, and if the lifeblood of your business revenue depends on the timely delivery of projects, you can’t afford to let your organization’s risk management skills idly waste away. 

In the upcoming posts, we shall climb nine treads of our veritable escalator. The direction of travel will be intentional. In essence, we shall explore project performance capability multipliers. Each subsequent step will build on earlier gains. 

• Establishing the right project risk management culture

  A wise person once said, risk management is too important to be left to risk managers alone. Risk management, no matter the type of risk, is everyone’s business. To be clear, it is in the best interests of everyone on your team to do all they can, to manage cost or schedule risk, within their sphere of influence, as soon as practical. Do you have the risk management culture or tools to support that approach?
  
  

• Promoting a risk analysis discovery and growth mindset

  Successful project performance requires stakeholders to agree and commit to delivering against a series of estimates or forecasts. With any forecast there is uncertainty but, when dealing with the unknown, we don’t always have to make our best guess. Having the curiosity to look back on past projects and apply objective data can minimize the influence of bias and, ultimately, help reduce the assumption to knowledge ratio from one project to the next. With the right mindset, teams don’t see risk management as a bad news story but a competitive asset.
  
  

• Optimizing the project risk balance of people, process, and technology 

  In an era of digital disruption, continual capability improvement typically centers around striking the right balance between people, process, and technology. A fit-for-purpose solution will be unique to a given point in time and specific need, so some level of self-awareness and capability improvement planning is paramount. In today’s market, this is also the key for attracting and retaining key talent. 
  
  

• Project Stakeholder and risk management

  Continual capability improvement is about lifelong learning, staying ahead of the game and, in the workplace, organizational change management. Ensuring the right people are engaged to the right level, and that your key stakeholders are getting the best out of the change journey, is critical to success. 
  
  

• Collecting project risk data that matters 

  Form the earliest days of computing, mathematicians have had to explain that computers cannot think for themselves, and that the quality of the output is a function of the inputs. More simply, garbage in equals garbage out … or as others in the risk world may quip, garbage times garbage equals garbage squared. The democratization of data is a good thing but, without good facilitation and appreciation for risk theory, poor process and poor data quality can be worse than useless, causing misdirection and potentially self-inflicted losses.
    

• Project Risk analysis data literacy and thinking in uncertain terms 

  Tradition in the project management world is for people to describe project goals in certain, deterministic terms, using single-point values, but we live in a transitory, uncertain world. It is far more meaningful for the project team (not just the risk manager) to communicate and scrutinize the level of estimate accuracy along with underlying drivers of uncertainty. Realism can be brought to planning and project delivery if the whole leadership team is competent and comfortable, thinking and communicating in probabilistic, uncertain terms. 
  
  

• Real-time scenario planning, prioritization and team alignment 

  Technology has dramatically evolved since the Oracle’s Primavera Risk Analysis (OPRA) tool first came on the market. Not only are computers faster and capable of more insightful analyses, but algorithms are also much more efficient at producing insights that matter. Safran Risk is a good case in point. By combining both cost and schedule data in one model, teams can have confidence that their calculations more accurately represent a possible cost of delay. Additionally, the speed at which Safran Risk runs (measured in seconds, not minutes) is such that teams can brainstorm and refine the probable impact of a number of risk scenarios, in real-time. Not only can this accelerate the analysis process by days, this also offers the organization a level of agility, and responsiveness, to help manage risks that may have otherwise been hidden when using outdated legacy tools like OPRA.
  
  

• Avoiding the risk of using the wrong risk tool

  In the decision science and risk management world, Douglas Hubbard is a well-known author. In his book titled, The Failure of Risk Management: Why it is Broken and How to Fix it, Doug takes great care to explain that decisions of any significant consequence should only be made using quantitative analysis. With greater awareness, risk managers are more attuned to the risks of using qualitative risk matrices. For organizations that have already switched from qualitative to quantitative analysis techniques, there is remains a risk of not switching from tired, unsupported, unstable legacy tools. In broader, project management circles, the MacLeamy Curve is often used to help highlight the fact that it is easier and cheaper to invoke change earlier in a project than later. If we continue to think of risk management as a change management project, it is easier to appreciate that there is benefit in upgrading tools sooner than later. Not only are there the potential time and cost savings described above, but also, by employing a consistent means to capture and store your most critical cost and schedule project performance data, in one table, you are essentially future-proofing your risk management practice and positioning yourself to be AI-enabled or, more accurately, employ advanced analytics.
  
  

• Bonini’s Paradox and the art of developing reasonable estimates 

  Bonini’s paradox states, “As a model of a complex system becomes more complete, it becomes less understandable. Alternatively, as a model grows more realistic, it also becomes just as difficult to understand as the real-world processes it represents.” AI systems today are notoriously unexplainable. That doesn’t make AI systems of any less worth, it just places more value on an alternative, simpler form of Monte Carlo simulation (MCS) that the whole team can rally behind. For the most sophisticated, or risk savvy organization, there is value in employing MCS models as a primary model, serving as a control to better interpret secondary AI models. Safran Risk’s simple and intuitive layout makes it the tool of choice for risk practitioners who work closely with project teams, helping them easily quantify and manage uncertainty that matters.

We will climb these nine steps on our capability improvement journey, and I hope you’ll join me on this project risk management Odyssey. I look forward to exploring the art of the possible with you and, hopefully, help improve your organization’s project performance capabilities.