Are You Making These Risk Response Mistakes?

    2=Planning, 4=Control

  •  Minute Read

Risk management is an important part of the decision-making process for any project. It involves identifying, assessing, and responding to potential risks that could impact the project. However, many project teams still make common errors. In this article, we will look at some of the most frequent project risk response mistakes and explain how to avoid them.

So, what do I mean by risk response mistake? A mistake is an action that is misguided or wrong.

"If you treat risk management as a part-time job, you might soon find yourself looking for one." —Deloitte

Joe Cunningham once managed a project to implement a commercial-off-the-shelf (COTS) software solution for a bank. He and the team had identified the project risks, but they had failed to analyze the common causes of the most significant risks. Consequently, the team was responding to risks but missing a high-leverage response.

Perhaps you are making mistakes like this one. But, you don't have to.

I've created a list of ten risk response mistakes. I'm sure that you aren't guilty of all. Read through them, thinking about one of your projects. Make notes where you might improve.

10 Risk Response Mistakes

1. Failure to identify risk owners. Once a risk has been identified, project managers should ask, "Who owns the risk?" A risk owner is a person responsible for developing and executing a risk response plan.

2. Failure to respond to several small, related risks. Failure to respond to several small, related risks can have a ripple effect that eventually leads to a significant event.

3. Failure to identify and plan for secondary risks. When risk owners are developing risk response plans, they may fail to consider secondary risks, risks that arise as a direct result of implementing a risk response. Wise project managers educate and ask their risk owners to identify and plan for significant secondary risks.

4. Failure to develop contingency plans. Some risk response plans are executed immediately; other risk response plans are contingent. That is to say; the plans will only be executed under certain predefined conditions.

5. Failure to develop fallback plans. What should a risk owner do if the contingency plan fails? They should develop and be prepared to execute a fallback plan for significant risks. The fallback plan may be used to mitigate a threat or enhance an opportunity further. 

6. Failure to define risk triggers. Some risk owners do a great job of defining contingency plans but fail to define the risk trigger clearly such as missing a milestone. Triggers may be used to provide the warning that the risk is about to occur, providing time to implement the risk response plan.

7. Failure to respond to opportunities. Many project managers still struggle with the fact that risks include positive events or conditions, that if they occur, cause a positive impact on the project goals. Therefore, many project managers fail to identify these positive events and miss the opportunities that could save the project or enhance the project's value.

8. Failure to update project management plans including the schedule management plan, cost management plan, quality management plan, procurement management plan, human resource plan, scope baseline, schedule baseline, and cost baseline. As risk owners develop response plans, project managers should update the project management plans accordingly. For example, the project manager may add new activities to the schedule and further define how contingency reserves will be consumed.

9. Failure to update assumptions log. Project managers and team members make lots of assumptions, particularly in the early parts of a project, based on the information at hand. As the project team discovers new information, previously identified assumptions may need updating, or new assumptions may need to be added.

10. Failure to create contracts or agreements with third parties. Some risk owners may wish to leverage a third party to respond to risks. The project manager should ensure these decisions and contracts are outlined and approved as needed.

Taking Action on Risk Response Planning

Consider using this list as a checklist for one of your current projects. Keep your risk management as simple as possible while ensuring that the responses are economical and effective. Scale your response plans as needed; do more planning for larger complex projects and less for smaller projects.

You may also like

What is a RAID Log?

What is a RAID Log?
>