November 14, 2006 - Risky Business Part 2

Yesterday we began a discussion on risk by defining the difference between a risk and an issue. Our ultimate goal is to document, actively work and track progress against the risks until they are no longer a threat. The steps for accomplishing this are Identify, Prioritize, Define Mitigate Steps, Assign Owners and Track.

In some environments project managers identify risks at the beginning of the project and do nothing with them afterward. There is a section in the Statement of Work or Charter that requires them to fill in the project risks and dutifully they put in the standard ones: resource availability, aggressive time frame, etc. These risks are simply there as excuses in case the project fails. The PM can go back and say, “See? I told you we didn’t have enough resources.” The PM failed to take actions to prevent the risks from becoming issues.

Identify. The process for identifying risks is quite simple: write down anything that could go wrong or have an impact on your project. Avoid the temptation to do this in a vacuum. For technical risks, schedule a 90 minute meeting and pull the technical team into a conference room with a white board and brainstorm potential problems. Do the same for the Business. Limit the time to 15 – 20 minutes so you have time for the other steps in the process. Initially there are no dumb ideas and all should be captured as quickly as possible. This is not the time for discussion. Make sure everyone understands what the premise of the risk is, jot down a brief description and move on.