I’ve often referenced Dr. David Hillson’s definition of risk as “uncertainty that matters” in my articles about project risk management.
The last word in that short sentence is critical.
If stakeholders don’t feel that the information presented to them about a risk matters to them, they will ignore it. At best, this means the effort which the project team spent on identifying, analyzing, and communicating risks was wasted, but at worst, it could result in a stakeholder not implementing a recommended risk response.
There are many reasons that risk information might not matter to stakeholders. Here are just a few:
- Risk event descriptions are too vague
- Information about critical risks is lost in a sea of trivial risks
- Stakeholder interests or their risk tolerance level is not taken into account
- They haven’t been educated about the value of risk management
- The cost of prevention or reduction outweighs the costs of risk realization
But one of the most damaging and prevalent causes I’ve experienced is when the information provided to stakeholders is out of date.
As with everything else on projects, risks change over the life of a project and if stakeholders are aware that the details reflected in a risk register or in a project status report or dashboard don’t reflect current realities, the team’s credibility will be hurt. And, if those stakeholders were skeptical about risk management to begin with, this will just give them ammunition to ignore risk response responsibilities in the future.
To get a sense as to what others were experiencing, I ran a one week poll in PMI’s LinkedIn Project, Program and Portfolio Management discussion group and in the ProjectManagement.com community asking practitioners how frequently were risk registers reviewed and updated with stakeholders.
Context counts – for example, a lower complexity project might have fewer register updates than a higher complexity one.
Out of the one hundred responses received, 34% indicated a weekly or shorter update cycle, 41% voted for monthly, 21% indicated quarterly or more infrequently and 4% indicated risks were never updated.
While it is encouraging that three quarters of the practitioners were at least updating risk information monthly which might be appropriate for long duration projects, the fact that a quarter of the responses showed either very infrequent or no updates is unfortunate.
While there is some limited value in sharing risk information in the early days of a project, as complexity grows, the likelihood of not experiencing an issue which could have been addressed through more proactive risk management increases dramatically.
A ounce of prevention is worth a pound of cure, but only if that prevention is practiced over the life of the project.
(If you liked this article, why not read my book Easy in Theory, Difficult in Practice which contains 100 other lessons on project leadership? It’s available on Amazon.com and on Amazon.ca as well as a number of other online book stores).