- Project risk (which can be defined as the likelihood that a project will fail to meet its objectives) is a key aspect of Project Portfolio Management.
- Because risk, by nature, is impossible to control, mitigation strategies require an airtight monitoring process.
- We recommend following a 5-step approach to risk monitoring and management: identify and assess current risks, prepare response plans, track the occurrence and evolution of risk, identify new contingencies, and evaluate the quality and effectiveness of your risk monitoring process and strategy over time.
Project risk is defined by Project Management Institute as “an uncertain event or condition that, if it occurs, has a positive or negative effect on a project’s objectives.” Put it simply, to most project professionals, risk is the likelihood that a project will fail to meet its objectives.
In project management, there is no such thing as “zero risk”. What more, unmanaged or poorly managed project risk can expose an organization to significant harm. Hence the importance of risk monitoring and management, which can be defined as the process of identifying risks and devising ways of dealing with them. Here is the key information that project managers and other project management professionals should have about risk monitoring and management.
The 6th edition of Project Management Institute’s PMBOK introduces a significant change compared to version 5, namely the move from “Control Risks” to “Monitor Risks”. More specifically: “Monitor Risks is the process of monitoring the implementation of agreed-upon risk response plans, tracking identified risks, identifying and analyzing new risks, and evaluating risk process effectiveness throughout the project.”
The rationale behind this edit is easy to grasp: risks are, by nature, outside of your control. They belong to the realm of uncertainty — otherwise they wouldn’t be risks! Therefore, there is no point in hoping to shield your projects, portfolio or organization from risk completely. But you can and should identify, evaluate, monitor, and mitigate the risks to your projects.
Monitoring project risks is essentially about managing changes (both expected and unexpected) to the project. Following PMI’s definition of risk monitoring we suggest a 5-step approach:
- identifying and analyzing the risks to your projects
- coming up with appropriate response plans for each risk
- tracking the evolution of the risk landscape
- identifying new risks as they arise
- running and evaluating the effectiveness of response plans
The very first step is to recognize the threats to your projects and portfolios. Try to determine what could threaten the cost structure, schedule, or scope of your projects. Then analyze the nature, probability, and potential impact of the threats in order to qualify and quantify the risks, categorize and prioritize them, and get a reliable mapping of your project risks.
Risk management professionals usually break down risk in four main families:
- technical risk (e.g. technology- or production-related risk)
- external risk (from market, customers, regulation, or even weather!)
- organizational risk (tied with resources, funding, project dependency)
- project management risk (culture, planning, collaboration…)
A response should be planned for each and every risk. Some risks warrant immediate, decisive action. For instance, should a key supplier fail to meet an important delivery deadline, a plan B — that is, placing an order with another vendor — needs to be activated without delay. On the other hand, if your supplier increases the price agreed upon for delivery, your response plan may involve less urgent yet more complex trade-off decisions.
In any case, it is recommended to assign a person who’ll be responsible for managing each risk (the ‘risk owner’) and who’ll also be in charge of executing the response plan and of working with project managers to evaluate the effectiveness of the responses and adjust as needed.
Risk owners, project managers, and portfolio managers should work together to track the overall risk to their projects over time, making sure that the agreed upon response plans are activated in a timely manner when the related trigger conditions occur. The support of a dedicated risk management tool or a robust Project Portfolio Management tool with powerful risk management capabilities can be decisive to make sure that risk realization doesn’t go unnoticed.
Risk tracking also involves reviewing and reassessing project risks and the planned response plans on a regular basis. As the project moves forward, as market and business conditions evolve, you may find out that some of the threats you had identified are no longer relevant, or that some risks are more or less threatening than you had initially assumed. The probability of occurrence and potential consequences of contingencies may have changed. Similarly, the effectiveness of your risk response plans may be affected by new developments — either internal or external.
The world changes. Projects change. This also means that new risks arise over time. Major changes to the project or its environment, such as the occurrence of a severe disaster, a reshuffle in leadership or competitive landscape, a key technology breakthrough, are just some of the events that may bring about new risks and threats to your projects. It is essential to identify the new contingencies as early as possible and to analyze and assess them appropriately in order to keep your prioritized risk mapping up to date.
Actual performance doesn’t always match planned performance. Some risks may have been overlooked or misestimated (sometimes with reason: it is impractical to plan for outliers, yet they can and do happen!), or the response plan may not stand the test of reality. It is critical to candidly and objectively assess the results of your project risk monitoring and response strategy in order to pave the way for continuous improvement.
More about project risk monitoring and management:
- What is Project Risk Management and how to manage it?
- 3 assumptions that make projects fail (and what you can do about it)
- What the Covid-19 crisis can teach us about Project Management?