Every project is at some risk of failing to meet one or more of its fundamental objectives: on-time completion, budget compliance, scope fulfillment, or quality. Many of the threats to successful project delivery can be avoided, transferred, reduced, mitigated or prevented entirely. The remaining threats have to be accepted or the project needs to be cancelled. By intelligently accepting the right risks, even complex and risky projects can be successful.
“Acceptance” does not mean resigning to a threat and hoping for the best. It means finding a suitable way to accommodate it in a manner that leaves the project with a reasonable probability of success. The Project Manager will typically accept and manage threats that:
- Are more than offset by rewards
- Cannot be prevented, avoided, transferred, or reduced to zero
- Are inherent in projects that are based on estimates
- Cause deviations in the expected range of variability
- Can be balanced by contingency
Some threats are unavoidable: inaccuracy of the estimates, variability in outcomes, assumptions, allowances, rules of thumb, unforeseeable risks, and the residual risk that remains after as many threats as possible have been managed out of the project. Intelligent acceptance of residual risk is addressed below.
The first step in managing project risk is to identify it using a structured approach. In an experiment conducted each of the author’s “Managing Project Risk” seminars, participants read a one-page scope of work and identify the project risks. On the initial try, they usually find 3-10 risks (all threats). After learning a structured, methodical approach, they typically identify 30-50 threats and opportunities.
Once the risks have been identified and converted into quantifiable risk statements, the project team and project owner can systematically reduce threats by altering the project and/or its environment. The intent is to identify cost-effective measures that can reduce the probability and impact of threats until they are within the risk tolerance of the organization.
As an example, say an Owner of a $50,000 project simply cannot afford a budget overrun of more than $5,000 (i.e., has low cost risk tolerance). But the project team determines that the project is at 90% risk (i.e., high probability) of a $10,000 cost overrun (i.e., high impact), or $9,000 expected value of the overrun. So, the team identifies these actions:
|
Original Expected Value |
New Expected Value |
Cost of the Change |
|
| Use high quality materials, produce 30% less scrap |
-$4,000 |
-$2,800 |
-$1,000 |
| Use higher skilled employees, cut time 5 days |
-$2,500 |
-$500 |
-$400 |
| Eliminate one “nice-to-have” feature from the scope |
-$1,500 |
0 |
-$10 |
| Manage customer expectations |
-$1,000 |
-$20 |
-$200 |
|
Total |
-$9,000 |
-$3,320 |
-$1,610 |
By making these changes, the team reduced the probable cost overrun to $3,320, which is within the risk tolerance of the Owner. But, in order to reduce that risk, the Owner will have to spend $1,610 more; or a total of $51,610. Because a residual risk of $3,320 overrun still remains, the team asks the Owner to add that amount as contingency. Now, the project budget is $51,610 plus $3,320 contingency, the threats have been intelligently accepted for continued management, and the project proceeds.
Bio: This article was adapted from a training entitled “Managing Project Risk” by H. Wynnlee Crisp LLC Project Management Training (hwcrisp@aol.com 425/681-7887). The company offers 22 seminars and webinars on project management practices in sponsoring organizations’ own facilities.