Join us at the 2023 Danish Project Management Symposium in Billund from October 26-27!
We will speak on the value of risk management, and focus on the often paradoxical reasons for why organizations (or maybe better: individuals in organizations) engage in risk management.
Here are the 10 reasons! :-)
(Read the nerdy version here: Pelle Willumsen, Josef Oehmen, Verena Stingl, Joana Geraldi: Value creation through project risk management, International Journal of Project Management, Volume 37, Issue 5, 2019, Pages 731-749, https://doi.org/10.1016/j.ijproman.2019.01.007)
We do risk management because it creates transparency. Risk management is helpful for managers, because it helps to understand what we know and what we do not know. It also helps us understand what the maturity of our activties and deliverables are, and what the most important item is on our todo list.
We avoid risk management because it creates transparency. For the same reason that risk management is seen as value-adding, we often also see it as value-destroying. In many instances, we need to "wing" a project, without letting our bosses and clients know. In many cases, they agree, because knowing the real state of our project would also get them into trouble.
We do risk management because it creates formalized reporting channels. Risk management creates value by formalizing critical conversations about critical risks that we face, what mitigation actions are at our disposal, and what the status of actions is that we have already taken.
We do risk management because it creates dialogue. This is sometimes (but not always) at odds with the previous statement. Risk management workshops for example are often seen as creating value by facilitating important conversations, and that value is not necessarily captured by the formal report these meetings produce.
We do risk management because it supports standardization of project execution. Standardization of project management is the foundation that any continuous improvement process depends on, and therefore ultimately a critical element of any organization striving for project excellence. A formal project risk management process encourages process standardization, as it facilitates many risk management activities.
We do risk management because it creates flexibility. Again, this sometimes, but not always, contradicts the previous point. Risk management creates a channel to escalate issues above the formal project execution process. It gives license to project managers (and other project team members) to reach out across hierarchical and organizational boundaries, thus supporting rapid issue resolution.
We do risk management to support fact-based decision making. Risk management offers a range of formalized, repeatable, quantitative methods. These methods allow us to collect and analyze the available data, and represent the results in a standardized format to support rational discussion and decision making.
We do risk management to support gut-feeling decisions. Some individuals like risk management methods, because it gives them the opportunity to post-rationalize gut-feeling based decisions. We can now have a long argument about the advantages and disadvantages of "gut feeling" (or heuristics or simple rules, if you want to give them a little more credit). Formal risk management method can be used to challenge and complement these gut feelings. They can also be used to massage input numbers until the desired result is achieved. The second option is generally not a good idea, even if it is very useful to the individual.
We do risk management because it allows us to be proactive. Risk management enables us to foresee the most likely and most severe risks, allowing us to stop them before they even happen. We can select reliable partners, diversify our supply chain, or eliminate unproven technical components from our designs. On a sidenote, it is unfortunately very hard to claim credit for a disaster not happening.
We do risk management because it allows to be reactive. Reacting fast in a crisis when a risk materializes is complementary to proactive risk management. It is also a much more effective career strategy, as managing a crisis is so much more visible than preventing one from occuring in the first place. Good risk management allows us to have the necessary financial and operational reserves, as well as sensitizes us to look out for the development of specific critical scenarios.
