Avoiding the trap of TOO much risk management

I’m a good example of Colleen Wilcox’s quote that “A pessimist is an optimist with experience“.  I advocate the need for effective risk management in both projects and operations, so it would seem odd that I would choose to write an article about having too much of what I feel is a good thing.

In the article “Taking Risk Management Outside the Box” in the October 2012 issue of PM Network, the author writes (the bold words are my highlights) “…effectively identifying all risk that can be incurred in a project and, even more critical, defining adequate risk responses to the identified and analyzed risks.”  Later in the same article, this passage also caught my eye “...it is even more critical to foster creative thinking while developing and structuring responses to all individual risks in the risk register.

Don’t misunderstand me, I believe the author understands that risk management needs to be cost/benefit driven and that the effort expended in identifying, analyzing and responding to all risks will not be cost-justified and is more likely to impact the credibility in the discipline and reduce its future utility within their organization.  However, without providing this qualification, there is the risk (no pun intended!) of novice practitioners taking his advice literally.

The effective risk management practitioner needs to remind themselves of Dr. Hillson’s simple but powerful definition of risk as “uncertainty that matters”.  While it might be academically interesting to identify all risk, the costs of doing this are not justifiable.  It is more useful to classify risks as falling into one of the following categories:

  1. Medium to high uncertainties that matter – these are the risks that need to be given the full treatment including response development, response implementation and regular monitoring.
  2. Low severity uncertainties that matter – these risks and the early warning signs that they might be realized should be identified and monitored on a watch list, but don’t merit detailed analysis and response development or implementation.
  3. Uncertainty that doesn’t matter – other than ensuring that management reserves are in place, further effort shouldn’t be spent on these risks

Some ideas to consider:

  • Cast a wide net when identifying participants for a risk identification workshop to ensure broad coverage of risk sources.  This doesn’t have to mean inviting a “cast of hundreds” if you can avoid redundant participation.
  • Use a structured approach to risk identification including the use of tools such as a risk breakdown structure
  • Have an assistant observe the body language of participants to alert you when focus in a particular risk source or category is waning
  • Use Delphi or other methods to overcome individual risk biases when deciding which risks are severe enough to warrant detailed analysis and response
    development and implementation

Overspending on risk management is the same as having too much insurance – short term safety gains are outweighed by long term opportunity costs.

Categories: Project Management | Tags: , | 2 Comments

Post navigation

2 thoughts on “Avoiding the trap of TOO much risk management

  1. Kiron,

    Your article is music to my ears. Far too often I see projects being bogged down by completely inappropriate risk management processes that are a real drain on the time and people resources available. Often the reason behind it is that there is a miss-understanding of what the management of risk is all about together with poor project management knowledge and a lack of experience. Even those who should be expected to “know better” forget that assessing and mitigating “all risks” is impossible.

    Another, and potentially worse issue is that many senior managers who only having a passing understanding of how projects are managed (a problem in it’s own right) get given project responsibilities (titles such as Senior Responsible Owner and Project Director abound) and drive their project teams in the way they think they should be going. Unfortunately their lack of appreciation of how projects need to be led (due to minimal experience and knowledge) leads to those projects going off track and over budget on a regular basis.



  2. kbondale

    Thanks for the kind feedback, Paul!

    One of the benefits of having a facilitator work with the PM for a risk identification or analysis workshop is to “keep them honest”! Overall lack of pragmatic project management knowledge is a concern, but this is where a savvy PM can help by educating sponsors and team members when they join a project by setting expectations up front.



Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at WordPress.com.

%d bloggers like this: