3. Making Project Risk Management an Organic Exercise
Almost every project starts with a set of generic risks that are brought
up at the beginning of the project including users' resistance to change, lack
of resources, and immature technology, to name a few. Top PMs direct their
teams, not only to identify the common risks, but also the most pressing and unique
risks in such a way that risk identification is a reflex throughout the project
lifecycle. This is no small task at the beginning of a project.
risks, Top PMs also look to their collaboration with key stakeholders, who
often explicitly or implicitly define risk and concerns in their requirements.
Great PMs understand that this process happens all the way through the entire
project life cycle from the requirements elicitation step onwards. They regard
this as an asset for defining risk throughout the project process. Hence, expert
PMs also trust their teams to use and apply their expert knowledge as a source
of risk mitigation. To achieve this, the PM actively empowers team members to
take ownership of the project and proactively spot risk by participating in risk
identification and management.
In many large, complex and critical IT projects,
it is common to hold daily "Standup" meetings. A practical and typical question
relating to risk at such a meeting is simply: "What is getting in your way?"
practical terms, the third question during a daily standup reflects more prudent
responses as a team is empowered to contribute to the project's success. Of course,
some blockers may be temporary or removed immediately following the scrum, however,
some are potential candidates which may grow into substantial risks. Team members
need to be encouraged to identify these potential risks and their inclusion should
be celebrated rather than look down upon even at the end of the project lifecycle.
recognition is also not as simple as stating the risk and proceeding forward.
Risk recognition should be regularly assessed, in terms of probability, severity,
and a metric that is sometimes forgotten: proximity. The latter metric allows
for the team to define the right action items, whether it be "Do nothing until
next risk recognition step" or something more tangible should the risk be more
proximate. What is important to recognize here is that Top PMs understand
how to make risks actionable, as any risk is unhelpful if it is unmanaged. Additionally,
the list of action items should not only be reactive but also proactive in nature,
ultimately informing a Risk-Adjusted Product Backlog.
In short, a Top PM
recognizes that regardless of experience or authority, they are not and should
not be the single source for risk recognition and management. Stakeholders, their
team, and other important project contributors should be involved in risk recognition
and management not only during early stages but also regularly through the project
life cycle. This is important because there is very little use for having risks
that have been identified at the start of the project but have not been managed
Key takeaway: "To achieve successful project
management, the whole team must be responsible for identifying risks. Risk discovery
has to be a continuous process that happens throughout the whole lifetime of the