Risks are one of the most important aspects to consider and controlled in any project at any point of time be it at the beginning till the very end of project. I am trying to list the details that I have experienced on Risks and some of my experiences as well.
Primarily there are two types of Risks :
- Negative Risk
- Positive Risk
As the name suggest “Negative” this is same in nature as well, if there is something that is bringing negative impact on the project then that is a negative risk. Let me give you an example to help understand : Project is running smooth and then one of the project’s resource has planned for two weeks leave scheduled after three weeks, now since there is no other resource to work as replacement, then this becomes a risk.
Positive is what is good to have, but how can a risk be positive, this was my first reaction when I first came to know there are certain positive risks as well in the Project and you should also create your Risk strategy considering these positive once as well. On one instance where I actually experienced positive risk, in one of the project I was having a team of resources from a very long time and things were perfect from the various stakeholders and deliverable perspective. One fine day in stand-up during a team meeting one developer raised that they are so used to off working that now they only consume half of the time they used to consume when project got started, so this is a positive risk in Project, team is doing perfectly fine and Client’s expectations are also managed and you still can save some time. But this will impact on the team member’s overall motivation in long run that you have to manage, this could also result in a negative risk in terms of the resource might start looking for more challenging role and want to leave the team.
The best risks are identified once, where you know at-least in time that this is a risk so that you can plan for them. Risks can be identified at any point of time and it can also be identified by anyone, sometimes being a Project Manager you tend to think that Risk identification is your forte, but as a matter of fact everybody can identify a risk in project even somebody from out of the Project.
Likelihood or probability
Another important factor to consider is the probability or the likelihood of Risk, it might be possible that there is a risk in project that has low probability to occur at one point of time, but this also has to be tracked as it might be possible this risk becomes high probability Risk later. Let me take one example, suppose there is some data dependency from Client that he has agreed to give at some point of time and there is a risk registered at the start of project by Project Manager, if there is delay in getting data from Client, there is a risk of missing the deadline. Initially it was low probability risk as Client mentioned the data analyst from their side is already aware of that and he will start working beforehand to supply on time. But after some time the data analyst got very busy in some other project and now he has asked for support from some other team member to take this responsibility, now the risk of missing the deadline has become high and certainly needs different treatment altogether.
Based on the risk there is a need to plan for action, action can be either mitigated, transferred, avoided or accepted. All of these needs a plan and to be tracked to closure.
Categorize your Risks
Categorizing the risks is done based on various parameters, it may happen in one project you have different important categories and another project has altogether very different set of parameters to consider. Generally risks are categorized on the basis of these parameters :
These are more detailed out sometimes to next level of categorization like technical topics, design and development problems, peoples related, integration related. This list of categories keeps on evolving as you progress as an organization and get learning from different projects.
Risk tolerance is one of the less talked one if you see generically in any project. There are various other factors that can easily quantified in terms of managing the risks, but risk tolerance is purely based on the overall behavior towards the risks, it might be possible there are multiple stakeholders both internal and external and all of them have completely different risk tolerance levels. You need to look on the larger picture and then draft the overall strategy considering the risk tolerance level of all the stakeholders in the order of priority of involvement.
Risks generally happen in a trend and are repetitive in nature. Risks are also started with certain triggers if you tend to start monitoring. Not all the Risks give triggers that are obvious but there is always something that will act as a trigger for the risk, if that can be identified there is a high probability to getting your risk to be settled at a low intensity.
Risks are always good if identified and it is even better if you get a list of all the earlier occurred risks and you can compare and analyze based on your project’s circumstances. In organizations there are various projects, and each have their own set of risks, all these gathered make a good list of all the possible risks that can happen in other projects, if these are collected regularly and kept updated, this will make a good history of risks that can be used in other projects in future.
After listing all the above points and my few related experiences, I think I have covered most of the points, kindly let me know if you want to make any comment over any missing aspect of risk management in below comments section.