As a new project manager, you want to ensure that the projects you manage have the least amount of risks so that the outcome of success is high. This type of management is considered project risk management. There are many steps within project risk management that you may take several different steps to ensure that you are recognizing, analyzing and responding to risks throughout the length of your project. However, one important thing to do before taking any sort of action is to first identify the risks. In other words, understand what possible events can hurt or benefit the project you are working on. Although this is important to do before you take any other steps to solve issues, it is good practice to continue doing so as your project progresses and its environment changes.
There are many different kinds of tools and techniques that you can use to identify risks within your project. The Information Technology Project Management textbook by Kathy Schwalbe discusses four common techniques to identify risks.
The first technique is called brainstorming. This is when teams strive to create ideas or look for solutions for a problem by collecting ideas randomly in a meeting, without judgement. This meeting should be run by a facilitator that could add in new categories of possible risks to continue the flow of ideas. Once the ideas are collected, the facilitator can group and categorize the ideas into different sections to make them easier to manage and look at. Nonetheless, be careful to not overuse or misuse this technique because studies show that brainstorming in small face to face groups may produce little to no effective results, compared to people working individually to create ideas. This can be due to fear from group members of disapproval or criticism of their suggestions or possible domination of the meeting by just one of two people, that may prevent generation of ideas from many to all group members. A possible way to prevent this issue could be to create a set of ground rules for the meeting to ensure all group members may suggest ideas freely. Since every situation and brainstorming meeting is different in its own way, it is best to create rules accordingly, however, here is an example of what they could look like:
The second technique is called the Delphi technique. This technique kind of works to collect information that aims to avoid the negative group effects that are found in the brainstorming technique used above. More so, it generates a consensus amongst a group of experts who aim to make predictions about future developments. To use this method, you basically perform repeated rounds of questions and written responses with incorporated feedback to responses from the previous rounds, to a group of experts in the area in question. It focuses on gathering group input without the possible bias effects. Below is an example of what this process can look like.
Another technique to help identify risks is interviewing, which is a method many people are familiar with. With this fact-finding technique, you collect information in either in person, phone call or virtual meetings. When you interview people with similar project experiences, you can use it as a tool to identify potential risks. This meaning, if a particular project uses a specific type of software or hardware, interviewing people who have had recent experiences with the said piece of software or hardware can help you with identifying potential risks of working with it or give their insight on knowledge of the usability and previous complications with using it so that you can be prepared to handle those potential risks. Additionally, this isn’t only limited to experience with software or hardware, it could be in any area such as working with particular customers.
Lastly, another common technique used to help identify risks is performing a SWOT analysis. SWOT is an acronym for analysis of Strengths, Weaknesses, Opportunities, and Threats. This technique can be used during the process of risk identification where you have your project team look at the broad view of possible risks for projects. For example, before creating a particular proposal, the project team can sit down and discuss details on the strengths of their company, weaknesses of the specific project and what opportunities and threats exist on it. This can produce an overview of the risks and opportunities that you can look at within a particular project or situation.
Now that you have identified some risks within your project, possibly using some of the techniques discussed above, you can generate some official documentation for it. One output of risk identification is called a risk register, consisting of a list of the identified risks and some other additional information. More so, it is a document of a table or spreadsheet, that includes the results of different processes within risk management. A risk register includes risk events that can occur to help or hurt the project. There could be negative and possible risk events. Below is an example of what a potential risk register could look like, although it may vary based on your project and circumstances. It includes most of what should be included in a risk register with real world examples of risks.
Another possible output of risk identification can be what is known as a risk report. A risk report includes the sources of overall project risks, which is the effect of uncertainty on the overall project. It also includes key factors of overall project risk exposure, summary of risk events including number of risks, total risk exposure, distribution across risk categories, metrics and trends. It is important to note that this report is something that is developed as the risk planning process as a whole progresses. Although this is a very high level explanation of what a risk report is and what it includes, the risk reports you generate for your project and team will be created and viewed based on a number of different things about your project and situation. One really important factor that it could potentially be based on is who your end user or who your customers are. Risk report structures will change and become more focused on specific areas of risks as you go deeper within the organizational ladder. A website called, ERM Insights by Carol, describes risk reports in further detail and includes this example of a heat map that is generated from a project. Although this is not exactly what a risk report is or could look like, you can see the kind of information that it can convey.
Works Cited
Nizhebetskiy, Dmitriy. “Risk Register Example and All You Need to Know About It (+Template).” Project Management Basics, https://pmbasics101.com/risk-register/.
PMP. “Project Management techniques: Brainstorming.” Project Management Practitioners, https://pmp-practitioners.com/contrary-to-popular/.
Williams, Carol. “THE ULTIMATE PRIMER FOR EFFECTIVE RISK REPORTING.” ERM Insights by Carol, 10 December 2018, https://www.erminsightsbycarol.com/risk-reporting/.
Mulder, P. (2017). Delphi Technique. Retrieved [insert date] from toolshero: https://www.toolshero.com/decision-making/delphi-technique/
Schwalbe, Kathy. (2007). Information technology project management. Boston, MA: Thomson Course Technology.
Commentaires