Do you make these common mistakes with your Risk Management Processes?
Learning to manage risk effectively is a process in itself. PMO leaders and those charged with setting up strategies to tackle organizational and project risk have to review, reflect and improve as they go. That’s the only way to develop an appropriate level of maturity.
Project management maturity matters. In the 2020 PMI Pulse of the Profession Report, organizations that are ranked mature in their capabilities outperform organizations that are not when it comes to delivering projects that meet their goals.
The first step to building risk management processes that are fit for purpose is understanding what is going to work for you. A risk management check up will give you an unbiased assessment of how you are doing and what has the potential to be improved.
A good place to start is looking at things that commonly stop businesses from moving to the next level of efficiency and maturity. There are three common mistakes that process owners and executives make which could be easily avoided. They are:
- Failing to invest in the process
- Failing to clarify the methodologies in use
- Failing to gain agreement on the degree of formality required.
Let’s dive into those in a little more detail so you can see if they are issues in your business.
Mistake #1: Not investing in the process
The first mistake we often see is a failure to invest in the process. Risk management doesn’t simply happen – even the most proactive PMO will struggle to increase maturity levels and manage risk effectively without the tools and processes to support them.
There needs to be a budget for each project to actively manage risk: paying for those mitigating actions doesn’t come for free. There should also be a PMO-level budget for investment in software tools and systems to allow teams to analyze and manage risk effectively.
Processes alone won’t help you get better at risk management. You also need people who know what to do and are empowered to do it. That means extending risk management into the job descriptions of project delivery team members. A budget for training and communication to encourage project risk management take up and best practices across all teams is a good idea too.
Finally, risk management is important, and that should be reflected in the seniority of the people who are ultimately responsible for it. Role descriptions and a clear hierarchy for risk management ownership will help. Make sure there is someone at an executive level who is invested in the professional management of risk.
Mistake #2: Not clarifying the methodologies
What exactly are you using project teams to do when it comes to using the risk management process?
The success – or otherwise – of risk management comes down to people knowing what is expected of them. It’s also important to have a standard approach so that teams can choose the appropriate tools and techniques for their project. That allows for comparability of risk impact across multiple projects and ensures teams are carrying out the best analysis for the type of work they are doing.
The PMO can document what techniques, tools and methods should be in use, and what kinds of project they apply to. Do you expect managers to run risk management workshops? Or use Monte Carlo simulation? Is one analysis tool enough or is the expectation that the PMO will support multiple tools?
Set your standards then project teams can simply pick from the list.
Making the choice of risk management tool can be a little daunting but using expert consultants to help set up your processes is a way of making the whole thing faster and easier.
Mistake #3: Not gaining agreement on formality
How formal are your risk management processes? It honestly doesn’t matter whether you go for light, hardly-any-documentation processes or a full enterprise risk management approach with plenty of analysis and documentation to back up each project risk.
You choose what approach works best for your level of risk management maturity, the types of projects you do and your organizational culture. That part is easy.
The mistake comes when individuals across the business aren’t aligned with their approach. Let’s say one project manager invests a lot of time and effort in a formal process. Their colleagues reject the process for being bureaucratic. No one engages with risk management on that project as it is perceived as overkill. The project manager struggles to get buy in for managing risk, and as a result, risks aren’t managed effectively. The project flounders and barely scrapes through to delivery.
Let’s look at that scenario again, from a different perspective. This time the project manager chooses and appropriate level of formality with fewer scheduled risk meetings but more emphasis on managing the high priority threats. Less is documented, but the right people are engaged. Risks are adequately managed and mitigated. The project still has its fair share of challenges, but the team pulls together and completes on time with a successful result.
When you mandate an appropriate level of documentation and oversight in a way that matches the culture of the organization, the overall results are going to be better.
We’ve done many, many risk management check ups over the years. We always love presenting the findings and helping teams understand how to make better use of what they’ve got and where they are going.
The mistakes above may seem like huge things to tackle, but with the right support and a clear plan for moving forward, you can jump to the next level of project risk management maturity in the most straightforward way.