Two people shrugging as money burns above them, representing project risks.
How To Manage Potential Project Risks In 3 Steps
Two people shrugging as money burns above them, representing project risks.

How To Manage Potential Project Risks In 3 Steps

Published in Project management on , last updated .

A lot of development teams these days use agile practices to manage their work. If you’re in the SaaS space, it may feel like everyone in the world runs teams on Agile development cycles. But there are thousands of companies – big ones – that haven’t made the switch to agile or scrum or Kanban or whatever the hot new workflow management process is these days. In the traditional waterfall development approach, PMs plan all the work involved for a project upfront rather than self-organizing and planning as they progress. A key element in planning for a waterfall development project requires that you figure out where it’s going to go wrong before it does. This is when PMs identify project risks.

Let’s dive into what a project risk, some common examples of project risks, and how project managers deal with them.

What is a project risk?

Basically, a project risk identifies a single thing that could go wrong with a project. That’s why project managers usually make a list of project risks, trying to pull in every possible thing that could make their project go wrong. A project risk can cover any aspect of the project management process, from managing individual collaborators to reacting to broader market conditions. By identifying project risks early, project managers can share this information with the team and individual stakeholders, involving everyone in managing these risks as the project moves forward.

7 types of project risks

There are so many potential risks involved in managing a project that it can make your head spin. That’s why project managers usually start with a list of risk types, and only then can they properly outline a project’s potential risks. Here are the 7 types of project risks project managers usually deal with.

Scope creep

One of the most common risks with your project is simply doing too much. Scope creep happens when your project’s overall scope grows far beyond what you originally set out to do. This can happen when stakeholders tack on tasks that represent their own priorities, collaborators get distracted by tangential work, or your brainstorm simply generates too many great ideas.

Performance risks

Your project moves along thanks to the people working on it. But as human beings, people can’t constantly perform at 100% capacity. Sometimes, you’ll see performance dips that can have impacts on your project. That’s where performance risks come in, especially if you’re working with collaborators who have underperformed in the past.

Resource risks

Projects need resources to succeed. That can be the time collaborators spend on it, the budget you’re spending on tools and services, or even just the tools you have at your disposal. These risks often involve those resources running out or getting stretched to their limit.

Operational risks

“Operations” describes the processes and workflows that keep your project running. This includes approval processes, workflows that involve other teams, and overall just how things get done. When you find places where these processes can go wrong, you’re dealing with operational risks.

Communication risks

A project runs on communication. Whether it’s the project manager making sure everyone understands what they need to do, collaborators giving visibility on what they’re working on, or stakeholders making their expectations clear, clear communication is essential. Communication risks can occur if conversations happen in parallel channels, or simply if messages aren’t going through correctly.

Market risks

Not every risk is within your sphere of control; in fact, some are completely beyond your ability to affect them. Market risks cover the changes and upheavals that happen in your industry as a whole, and how these can affect the way you work. If, for instance, a recession causes the biggest companies in your industry to lay off their employees, your project could be affected.

External hazards

This broad category involves risks that, similarly to market risks, are beyond your control. That said, it’s a much more general category, including everything from natural disasters to terrorism and vandalism. While you can’t predict a natural disaster, you could potentially include vandalism as an external risk in an architectural project, for instance.

3 steps for identifying and dealing with project risks

Step 1: Identify and Analyze

  • Have A Brainwriting Session:  Bring your team together to brainstorm and write down potential risks. One way to do that is to give everyone index cards and ask them to write down ideas. Following that, everyone can swap cards and modify each other’s ideas, evaluate the likelihood and impact of the risk, or add ideas on how to mitigate it. At the end of the process the team will have a trail of ideas. This is especially great for large teams.
  • Interview Colleagues And Stakeholders: Interviewing people with relevant experience can harness a lot of ideas on potential risks, and what to do about them.
  • Learn From The Past:  Most projects have archives and records, which can be a good source for analyses and evaluations. If you or your organization frequently runs projects, read through records and data of past projects. This will be a huge asset as you’ll learn about potential risks to your project.
  • Do A Root Analysis: Make a make a list of potential sources of risk. Then figure out the root cause of potential problems. There are several methods to do this, such as the Fishbone Method and the Five Whys Method.
  • Do A Pre-Mortem: Similar to a brainstorming session, bring your team and stakeholders together to think of possible scenarios where things could go wrong.  You can give examples of specific situations, such as “It’s go-live day, everything has gone wrong, and we are not able to reach the CEO.” You can then ask everyone to brainstorm such potential scenarios. Following that, combine everyone’s ideas into clusters of similar scenarios, and work backwards to brianstorm potential reasons how and why such situations could happen. Use the potential reasons to write risk lists to understand which potential failures could lead to a cascade of other issues.

Step 2: Mitigate Project Risks

Now that you have identified potential risks, and analyzed their potential impact, it’s time to think about how to avoid them or minimize their impact. Assess and rank the risks in order of likelihood and impact, and develop a plan to mitigate them. Mitigation addresses project risks before they happen and attempts to reduce their impact.

  • Clarify Requirements. The first step in minimizing risks is clarifying the project’s mission, objectives, targets, and milestones. Most importantly, ensure every team member clearly understands his or her roles, deliverables, deadlines, and performance standards. You can clarify this by meeting with each team member on an individual basis. Use project management tools such as Trello, or Asana to assign tasks and keep, to maximize accountability and ensure everyone understands their responsibilities.  Leave no room for ambiguity and uncertainty.
  • Do a feasibility study. Feasibility studies and prototype building should be conducted long before the full project is executed. This way, you can pinpoint any possible discrepancies or human errors early on. It’s also a good way to test for any risk factor by evaluating methods before the project starts to progress.
  • Risk Transfer: Risk transfer involves passing the risk to someone else. This doesn’t change or remove the risk, but gives someone else the responsibility of managing it. Insurance, performance bonds, warranties, fixed price contracts, and guarantees are a few types of risk transfer. Since this be costly, be sure its worth it by measuring transfer costs and the likelihood that the risk will occur. Also, consider managing the risk jointly with contractors and other stakeholders. This will spread out and minimize impact should the risk occur.
  • Make  Response Plan: Decide which corrective actions to do should a risk occur. Corrective actions can include a contingency plan or workaround. A workaround is an unplanned responses to unexpected project risks. Be sure to document and incorporate workarounds into the project and risk response plans.
  • Make A Contingency Plan. Contingency planning involves defining steps to be taken if a risk should occur. Contingency means addressing the risk at the time it occurs and attempting to reduce its negative effects. So a contingency is in fact a good plan B. In a project plan, there are float periods, which can be used for backup. Make sure to include a budget for contingency planning and notify stakeholders, so all parties are aware of alternative courses of action if and when a plan doesn’t go as planned.
  • Submit Project Change Requests As Needed: Implementing contingency plans or workarounds frequently results in a need to change the project plan. This ensures risks are minimized and responded to properly.

Step 3: Monitor

This step involves seeing if the risk responses were effective and updating them for continuous improvement. Monitoring risks ensures that action plans continue to minimize or disperse risk impacts. Usually this step is done throughout each of the project’s milestones or phases.

Here are a few ways to go about this step:

  • Do Risk Audits: If risks occurred, monitor if the response plans were effective.  Were they effective in minimizing or controlling the risk as predicted? If not, a new response-plan should be developed. This helps the project team learn how to improve risk measurements and management for future projects. It also gives feedback about which response actions are the most effective.
  • Do a Variance and Trend Analysis: Determine if risk exposure has changed throughout the project’s progress. Monitor project costs and how it is performing against the baseline plan. Any significant changes could mean that you’ll need to update your system for identifying risks, and that you’ll need to perform another risk analysis. Monitor for new project risks and risk triggers as well.
  • Do a Reserve Analysis: As the project progresses, risks that occur can have an impact on the project’s cost or schedule reserves. Compare the reserved currently available with the amount of risk remaining to determine if the reserves are sufficient.
  • Update the Risk Register: Document the outcomes of risks reassessments, audits, and risk reviews. Such updates will show you changes in risk probability, impact, and rank. This can also change your response plans. Document actual outcomes of risks as well, if the responses were implemented as planned, and if any previously identified risks occurred. This will be useful info for future projects.
  • Have Status Meetings: Bring your team and stakeholders together to discuss progress, if the project assumptions are still valid, if risk triggers occurred, and if the correct policies and procedures are followed. Discuss potential new risks or triggers, decide on preventative actions, and agree on response plan updates.