A lot of development teams these days use agile practices to manage their work. If you’re in the SaaS space, it may feel like everyone in the world runs teams on Agile development cycles. But there are thousands of companies – big ones – that haven’t made the switch to agile or scrum or Kanban or whatever the hot new workflow management process is these days. In the traditional waterfall development approach, PMs plan up front before beginning work on a project, as opposed to self-organizing and planning as they progress. A key element in planning for a waterfall development project requires that you figure out where it’s going to go wrong before it does. This is a practice PMs like to call risk management.
“Risk management” identifies, analyzes, and responds to various risks throughout the life of a project. It is critical to delivery of large projects. Every PM should know at least the basics when evaluating deliverables and timelines.
A savvy PM should conduct risk management assessments throughout the lifetime of the project. The earlier you catch and deal with risks to your project, the better. Conduct your assessments weekly or bi-weekly based on the tempo of your team’s delivery. If you’re working on a big 6 month project, bi-weekly will probably do. A short 4 week project needs more frequent check ups.
Assessments don’t have to be huge or scary. Pick a few techniques that you’ve found work for you and stick to a rhythm of assessing them to find problems before they derail the project. Which techniques should you use? Read on for more info on how to identify and manage potential project risks and then avoid or reduce their impact.
Step 1: Identify and Analyze Project Risks
- Have A Brainwriting Session: Bring your team together to brainstorm and write down potential risks. One way to do that is to give everyone index cards and ask them to write down ideas. Following that, everyone can swap cards and modify each other’s ideas, evaluate the likelihood and impact of the risk, or add ideas on how to mitigate it. At the end of the process the team will have a trail of ideas. This is especially great for large teams.
- Interview Colleagues And Stakeholders: Interviewing people with relevant experience can harness a lot of ideas on potential risks, and what to do about them.
- Learn From The Past: Most projects have archives and records, which can be a good source for analyses and evaluations. If you or your organization frequently runs projects, read through records and data of past projects. This will be a huge asset as you’ll learn about potential risks to your project.
- Do A Root Analysis: Make a make a list of potential sources of risk. Then figure out the root cause of potential problems. There are several methods to do this, such as the Fishbone Method and the Five Whys Method.
- Do A Pre-Mortem: Similar to a brainstorming session, bring your team and stakeholders together to think of possible scenarios where things could go wrong. You can give examples of specific situations, such as “It’s go-live day, everything has gone wrong, and we are not able to reach the CEO.” You can then ask everyone to brainstorm such potential scenarios. Following that, combine everyone’s ideas into clusters of similar scenarios, and work backwards to brianstorm potential reasons how and why such situations could happen. Use the potential reasons to write risk lists to understand which potential failures could lead to a cascade of other issues.
Step 2: Mitigate Project Risks
Now that you have identified potential risks, and analyzed their potential impact, it’s time to think about how to avoid them or minimize their impact. Assess and rank the risks in order of likelihood and impact, and develop a plan to mitigate them. Mitigation addresses project risks before they happen and attempts to reduce their impact.
- Clarify Requirements. The first step in minimizing risks is clarifying the project’s mission, objectives, targets, and milestones. Most importantly, ensure every team member clearly understands his or her roles, deliverables, deadlines, and performance standards. You can clarify this by meeting with each team member on an individual basis. Use project management tools such as Trello, or Asana to assign tasks and keep, to maximize accountability and ensure everyone understands their responsibilities. Leave no room for ambiguity and uncertainty.
- Do a feasibility study. Feasibility studies and prototype building should be conducted long before the full project is executed. This way, you can pinpoint any possible discrepancies or human errors early on. It’s also a good way to test for any risk factor by evaluating methods before the project starts to progress.
- Risk Transfer: Risk transfer involves passing the risk to someone else. This doesn’t change or remove the risk, but gives someone else the responsibility of managing it. Insurance, performance bonds, warranties, fixed price contracts, and guarantees are a few types of risk transfer. Since this be costly, be sure its worth it by measuring transfer costs and the likelihood that the risk will occur. Also, consider managing the risk jointly with contractors and other stakeholders. This will spread out and minimize impact should the risk occur.
- Make Response Plan: Decide which corrective actions to do should a risk occur. Corrective actions can include a contingency plan or workaround. A workaround is an unplanned responses to unexpected project risks. Be sure to document and incorporate workarounds into the project and risk response plans.
- Make A Contingency Plan. Contingency planning involves defining steps to be taken if a risk should occur. Contingency means addressing the risk at the time it occurs and attempting to reduce its negative effects. So a contingency is in fact a good plan B. In a project plan, there are float periods, which can be used for backup. Make sure to include a budget for contingency planning and notify stakeholders, so all parties are aware of alternative courses of action if and when a plan doesn’t go as planned.
- Submit Project Change Requests As Needed: Implementing contingency plans or workarounds frequently results in a need to change the project plan. This ensures risks are minimized and responded to properly.
Step 3: Monitor Project Risks
This step involves seeing if the risk responses were effective and updating them for continuous improvement. Monitoring risks ensures that action plans continue to minimize or disperse risk impacts. Usually this step is done throughout each of the project’s milestones or phases.
Here are a few ways to go about this step:
- Do Risk Audits: If risks occurred, monitor if the response plans were effective. Were they effective in minimizing or controlling the risk as predicted? If not, a new response-plan should be developed. This helps the project team learn how to improve risk measurements and management for future projects. It also gives feedback about which response actions are the most effective.
- Do a Variance and Trend Analysis: Determine if risk exposure has changed throughout the project’s progress. Monitor project costs and how it is performing against the baseline plan. Any significant changes could mean that you’ll need to update your system for identifying risks, and that you’ll need to perform another risk analysis. Monitor for new project risks and risk triggers as well.
- Do a Reserve Analysis: As the project progresses, risks that occur can have an impact on the project’s cost or schedule reserves. Compare the reserved currently available with the amount of risk remaining to determine if the reserves are sufficient.
- Update the Risk Register: Document the outcomes of risks reassessments, audits, and risk reviews. Such updates will show you changes in risk probability, impact, and rank. This can also change your response plans. Document actual outcomes of risks as well, if the responses were implemented as planned, and if any previously identified risks occurred. This will be useful info for future projects.
- Have Status Meetings: Bring your team and stakeholders together to discuss progress, if the project assumptions are still valid, if risk triggers occurred, and if the correct policies and procedures are followed. Discuss potential new risks or triggers, decide on preventative actions, and agree on response plan updates.
Which risk management techniques are your favourite? Leave a comment or hit us up on twitter @unitoio!