Dr. David Hillson
Einstein is reported to have said “The major problem in communication is the illusion that it has occurred”.
Communication is a two-way process, involving both send and receive. I may think I am sending a clear message to you as I write this note, but unless you receive it and understand what I meant, I have failed to communicate with you. There are particular problems when it comes to communicating about risk, since everyone views risk differently.
Perception of risk is a complex topic, affected by a range of factors that form a 'triple strand' of interconnected influences. One strand involves a rational assessment of the situation; a second strand is formed by subconscious factors including heuristics and cognitive biases; the third strand arises from gut-level reactions including emotions.
As a result it is very important to give proper attention to how we communicate about risk, to ensure that people have the information they need in order to respond appropriately.
One problem with risk communication in projects is that there are many different people who need to know about risk, but they do not all need the same information. We can’t simply give everyone a copy of the risk register and expect them to deduce the information they need. Communicating about risk deserves more care and attention than that. Different stakeholders need different levels of risk information.
A stakeholder is defined as any person or party who has an interest in the success of the project. This always includes the project sponsor, project manager, project team, and the customer or client. It may also include suppliers, subcontractors, users, senior managers, joint venture partners, the general public, regulators, politicians, pressure groups, and even competitors. How can we decide what to tell each of these very different groups of people?
There is a simple answer to the question of what risk information should be provided to each stakeholder. It relates to the level of their interest in the project, or their 'stake'. The risks should be reported at the same level as their stake. So:
- The project team need to know about detailed project risks in their area of the
- The project manager needs to know about all risks to project objectives.
- The project sponsor is interested in business benefits and project deliverables, so
needs to know about risks to these.
- Users need to know about functionality risks.
- Senior management should be told about strategic risks.
- And so on…
Each risk is defined in relation to an objective, and objectives exist at different levels in the organisation. The stakeholder who is either responsible for a particular objective or interested in its achievement needs to know about any associated risks. By linking risks with objectives and mapping objectives to stakeholders, we can focus our risk communication efforts to ensure that each one gets the information they need.
- © David Hillson