As an enthusiast of LinkedIn’s group discussions, I have seen and contributed to a fair number of discussions on risk within project management.
One thing that strikes me is how the understanding of risk differs depending on the context within a project, and how often these differences lead to confusion. The participants in one particularly lively discussion relentlessly pursued lengthy dialogs stating and restating their positions only because they were actually talking about two different kinds of risk.
RISK IS ALL ABOUT CONTEXT
The discovery here is that ‘risk’ actually changes shades of meaning in dif ferent contexts. This can be extremely confusing for project stakeholders as well as project staff. Here is a pragmatic categorization to use when a discussion on risk seems to be going nowhere as a result of contextual differences.
- Decision Risk is encountered right at the beginning of your project, and to a diminishing degree over its life – if all goes well. It refers to the risks, among other considerations, that are analyzed in the course of making a decision. Usually such decisions include a range of options, with different risks across them. So none of these risks is a project risk yet, until the final decision is made and the losing options and their risks are discarded. The winning option’s risks are transferred to the project’s risk register.
How do you know if you are talking about Decision Risk? It will always be in the context of a decision related to some aspect of the project, other than decisions relating to how to deal with the remaining risk types below.
- Event Risk is your typical ‘stuff happens’ risk that pops up over the course of a project. In the course of anticipating these, you use the risk register to record them along with any agreed Decision Risks. The vast majority of these can be described in terms of future events with an impact on the project and occurrence uncertainty – once they are certain, i.e. either 100% or 0% probable, they graduate to something else.
How Event Risk differs from Decision Risk is simply this: you choose to take Decision Risks, but Event Risks choose you. You have no control over their likelihood or timing of occurrence, because if you did, you would have planned activities to make them go away. The good news is you actually have somewhat more control than this, since you can invest time and effort to mitigate, avoid and take other classic risk management actions to protect your project.
- Plan Risk is simply what happens when you experience variances from your plan that are not the result of external forces such as Event Risks. It is usually no more complicated than estimates not matching actuals, and having to make adjustments as a result.
Usually Plan Risk is obvious: the actual expenditure did not equate to the original estimate.
- Assumption Risk is like the flip side of Plan Risk, the difference being that assumptions have no estimate to vary from but they can still make your project late and over budget. The best thing to do with assumptions is to interrogate them forcefully until they confess their true nature, most often a risk or an activity, usually in the form of ‘investigate then adjust’.
As with Plan Risks, you can usually recognize an Assumption Risk fairly easily, but they can sometimes masquerade as an unanticipated Event Risk. But when you dig deeper, you can often find an assumption’s fingerprints.
KNOW HOW TO TELL THE DIFFERENCE BETWEEN RISKS
If you have not already, you are going to be tempted to flip over to your favorite PM methodology reference and look for these formal definitions. You will not find them. What you do have is a set of descriptions using language your typical stakeholder will understand – at least that is my intent. One of your biggest risks about Risk Management is actually getting participants in your organization to engage in it, and familiar language may help. Nothing will make them disengage faster than enduring an argument about risks in which the contexts differ – one person is talking about a decision risk while the other is describing an event risk.
Know how to tell the difference so you can guide that kind of conversation to a merciful conclusion, then explain in familiar terms what it really means to your stakeholders.
Bio:
Mark Jones is an experienced technologist with over 30 years of improving business operations with computing solutions. In addition, he is a published author (Project Management Competence – a Pragmatic Guide to Assessment for Project Managers, and Why You Need to Employ More People With Disabilities) and is working on other titles. His most recent PM accomplishment was leading a team building EHR management tools for Ehealth Ontario.
Prior to that he led large teams for IBM’s clients in public sector, retail, utility and telecommunications segments.