Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

How to Manage Project Risks, Part 1: A Perspective

There are 8 types of risk that need to be managed effectively for your project to be successful

Any formal 'project' conducts a risk analysis. It is standard practice. But, in most cases, it is not practiced well.

Firstly, while 'decision trees' and other methods may be used, often quite fundamental relevant risks are missed.

Little discussion is held as to what the desired end state is of the risk management approach for any one risk. So, how do you know if you're successful?
Secondly, there seems to be a view that all risks can be treated the same, whereas there are risks that are a potential threat that may or may not occur, risks that exist and need to managed down and risks that exist and cannot be changed but their implications need to be carefully managed. How each of these types of risks is managed should be different.

Thirdly, risk registers abound but contain so much data that, even on an A3 sheet of paper, the room for risk mitigation action recording is minimal. At best, a sentence or two exists. The rest if left to chance. Most importantly, little discussion is held as to what the desired end state is of the risk management approach for any one risk. So, how do you know if you're successful?

There are eight project risk dimensions

  1. Critical success factors — factors that need to exist or go right for this project to be successful

  2. Project-specific risks — threats to this particular project

  3. Project delivery risks — systemic risks to the successful delivery of the project itself, applicable to all projects

  4. Benefits delivery risks — systemic risks to the successful delivery of the benefits, applicable to all projects

  5. Business risks — risks to the business, its customers and suppliers from this project, applicable to all projects

  6. Design risks — risks that the solution/output delivered is not what was asked for or expected

  7. Corporate risks — risks to the success and survival of the organization that any one project may impact (increasing or decreasing)

  8. Leading indicators of failure — project trends that cumulatively can spell disaster for the project.

Over the coming weeks we'll discuss each of these risk dimensions and how they need to be managed.

However, there is another dimension to project risk that formal risk approaches often ignore — the 'Swiss-cheese' effect.

It is rare that a single risk will bring down a project. What causes most problems is when a series of mishaps, mistakes, events and other minor happenings occur simultaneously or in quick succession causing a disaster.

You know the sort of thing, the automatic backup machine is late being delivered, the person who has managed the backups leaves, the new person starts the process but gets lost and fails to finish and then the system goes down losing all current data. . . So, while we can formally and effectively manage project risks, we must always be wary of these 'Swiss-cheese' events — when all of the 'holes' in the cheese line up and something falls through it — that can easily bring our project down.

To read Jed's last column, 12 Ways to Ensure Your Projects Never Fail, click here

Jed Simms is CIO magazine's weekly project management columnist. Simms, founder of projects and benefits delivery research firm Capability Management, is also the developer of specialized project management and project governance Web site www.project-sponsor.com

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: SIMMS, Simms International

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the CIO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Whitepapers
Latest Stories
Community Comments
Latest Blog Posts
Whitepapers
  • The State of Privacy & Data Security Compliance
    With the plethora of new privacy and data security regulations, we believe it is time to ask whether regulations help or hinder an organization’s ability not only to protect sensitive and confidential information assets, but to be competitive in the global marketplace. Further, how difficult is it to be in compliance, who is the typical person or functional leader accountable for compliance? What is the value to the organization? Finally, what differences (if any) exist in security practices between compliant and non-compliant organizations?
    Learn more »
  • Shedding Light on Backup and Availability Challenges in Virtual Environments
    This IDG white paper explores specific backup and availability challenges organisations must surmount as they move to virtualise their business-critical applications. It then shows how attaining proper service levels for these applications requires a high degree of visibility into the VMware virtual environment.
    Learn more »
  • Case Study: Svenska Kraftnät safeguards web and ensures communication security with Clearswift
    Energy producers from surrounding countries load power onto the Swedish National Grid’s network, with energy suppliers then paying the Swedish National Grid to load onto their grids for them to sell-on to customers. Using Clearswift’s Email Appliance, and MIMEsweeper for SMTP means that the organisation has safe and resilient email helping them to meet their goal of providing a safe, robust, cost-effective and environmentally sound energy transmission system.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Recent comments