Effective risk management begins with transparency of project information and status but somehow potential risk threats that may undermine the success of a project is often not communicated for some reason or another (either on time, after the fact or not at all) at a team, project or governance level.
At an organisational level, this culture (defined as ideas, customs and social behaviours) can be somewhat explained by the position adopted by the Portfolio, Programme and Project Management Office particularly the value matrix paradigm of enabling on one hand, and rightfully restraining (or protective of the capital investment in the portfolio) on the other. However where the boundary is finite, then diligent people will always find ways to game the system if they feel bureaucracy is hindering project progress and success. After all, sometimes it’s easier to ask for forgiveness than it is to seek permission.
This behaviour is not without its drawbacks, at an organisational level, it gives rise to watermelon projects seemingly green on the outside but red on the inside once the project information and evidence is scrutinised and challenged. At a project level, the lack of transparency can lead to a culture of blame rather than support, particularly where management direction and recovery services are required.
In order for an organisation to be transparent to the main investment board, everyone needs to be transparent by default. From top down in their decision making and communication to stakeholders, bottom up in the timely exception reporting of potential risk threats that may impact stage tolerances (i.e. cost, time, scope, quality, benefits and risks) before they eventuate and business office support from HR, Finance and Procurement in advisory roles. A culture of transparency takes shape when leaders intentionally manifest their own personal transparency, and encourage it in the attitudes and behaviours of their project team members. In a few words, transparency starts and ends with people. To enable project success, the timely communication of potential risk threats to the project board is paramount particularly if these risks lead to a deviation above or below the approved target for time and cost.
No doubt effective management of risk is a continual activity, performed throughout the life of a project. Without an ongoing and risk management framework, strategy and procedure it is not possible to give confidence that a project is able to meet its agreed objectives and therefore whether it is worthwhile for it to continue. Hence effective risk management is a prerequisite to enable informed decision making, continued business justification and continued investment. This will only exist in an environment where the values of commitment, courage, focus, openness and respect are embodied and demonstrated by the project organisation and the behaviours of transparency, inspection, and adaptation come to life and build trust to those impacted by the business change.
As such structured risk identification workshops have a vital role to play in identifying project risks, particularly in the context of achieving strategic intent and financial and quantifiable benefits. What’s important is to embed a cyclical risk management process of identifying (context and risks), assessing (i.e. estimate and evaluate), planning and capturing this information in the project risk register, implementing risk mitigation plans and continually communicating both within the project and to key stakeholders any potential risk threats to the project benefits, objectives and strategic drivers.
In summation, effective risk management on a project is like rolling the dice between success and failure. Projects need to maintain a focus on threats, with appropriate management actions to minimise or eliminate the likelihood of any identified threat occurring, or to minimise its impact if it does occur, and maximise opportunities for the organisation. For projects, risk management depends on the effective identification, management and mitigation of risk.
Responses to risk should be proactive, using a number of options to minimise potential risk threats. No doubt the continual review of risks should be embedded within the project life cycle and have a supporting process and governance structures to ensure that the appropriate levels of rigour are being applied, with evidence interventions and changes made to manage risks.