So what are you “doing” about risk?

I was visiting a rather effective project, to assess how well it was being run.  I was impressed by the levels of control and team spirit the new, inexperienced project manager had achieved.

The project was on schedule, the client was happy and the last step was to sit down with the PM and talk through some of my standard questions.

“So, what are you doing about risk?”

We got onto risk, so I asked the question.  Proudly, the PM passed me a neatly printed sheaf of papers.  It was a thorough and comprehensive risk register – based appropriately on a spreadsheet.  I looked it over and could see a range of risks, each was evaluated (we’d get onto how later) and there was an action plan against each, with assigned responsibilities and a deadline.

There was nothing of concern here in terms of the process (I would focus on a couple of the risks later).  So I handed back the risk register, thanked the PM and then asked:

“So, what are you doing about risk?”

There was a pause, and the PM looked embarrassed.  Had I not realised what the risk register was?  Was the risk register wrong?  Should another tool be used instead?  Nervously, the risk register was passed back, in case I’d not realised what it was.

I acknowledged the papers, passed them back and repeated:

“So, what are you doing about risk?”

Now it got uncomfortable.  There was a pause and then the PM asked sheepishly: “I’m sorry, I don’t know what you mean.”

“So, what are you doing about risk?”

This time, I emphasised doing.  The penny dropped.  “Oh, we’ve not started on the actions yet.”

The “so what?”

A plan is nothing without action.  Often we unconsciously think that planning for risk will mysteriously prevent it; it won’t.  Your risk register is more than a record – it’s a management tool, so use it to manage.


2 thoughts on “So what are you “doing” about risk?

  1. Glen B Alleman

    Good example of “talking the talk.”

    All risk management processes in the US DoD, DOE, and NASA must have the retirement or mitigation activities embedded in the Integrated Master Schedule, with the risk ID’s from the register in a column in the same way the WBS number is.

    Then these this “response” activities must have allocated budget, an assigned accountable person how can repor on the current status of the risk to the Program Management Review (monthly) and contribute to the Risk Management Board (monthly).

    Then, when th risk becomes actionable, the cost and schedule is altered to reflect the “handling” processes that are now in effect.

    That would be one way to recognize that your’r “doing” risk management.”

  2. Pingback: The Science and Politics of Fear « Shift Happens!

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s