TOP Ideas

I recently reviewed a $15m project that was struggling. It was already 6 months late and likely to slip another 6 months, yet its risk log contained only three risks, one of which related to delivery. Overall, from a risk perspective, the project was rated ‘Green’.

When we performed our standard delivery risk analysis against the project it came out Amber with spots of Red.

Although the project was 9 months old, its requirements were still not finalized, the design was a moving feast and the cost of failure was escalating due to some of the decisions made to date. Yet it only identified one delivery risk — that the software component, that was on the critical path and had been outsourced to a vendor, may be late.

This missing of the obvious delivery risks is not an isolated case. Frequently our health checks find the root causes of major problems are delivery risks that were never identified and therefore not managed by the project.

‘Laundry lists’ of potential risks don’t help. Relevant risks still get ignored and extraneous, highly unlikely risks can be picked up ‘just in case’.

I’ve also seen several risk scoring approaches that may encourage people to score a risk as high but, as there is no action attached to rating the risk, the risk disappears into the scoring system never to appear again. Worse, the project team believe that they have ‘dealt with that risk’ by scoring it!

In addition, because the realization of benefits is still seen as outside the focus of most projects, risks to the delivery of the benefits and value — the reason why the project was commissioned in the first place — are usually not considered at all.

Why?

One reason for this seems to be that scoring delivery risks can be seen as rating the project team. If you rate, say. requirements risk as “high” (ie unstable) are you saying the project team hasn’t done its job in this area? I remember, when running a team through our standard delivery risk profiling process, the project manager objecting violently when the team wanted to rate requirements as ‘red’. As far as he was concerned they were clear and complete (but he was alone in this view).

Also, when brainstorming sessions or other methods are used to identify potential risks the focus seems to be more on outside factors that can threaten the project (Eg The resources are not made available in time) rather than the internal delivery status and capability risks.

Simple solution

This is why I devised a simple, quick but highly effective Delivery Risk Management process. To get a clear picture of your project’s delivery risks you only need to assess 10 project delivery and 10 benefits delivery risk categories.

In both cases three of these risks are what I call “environmental risks”. These environmental risks are inherent in the way the project has been set up and cannot be mitigated except by changing the project. They provide a context and multiplier on the remaining seven risk categories.

For example, if the risk of failure (an environmental risk) is low, then the potential business impact of unstable requirements is lower than if the risk of failure was high.

Each risk has four risk level options presented to ensure comparability of responses. Teams can score both their current and the targeted risk levels and then plan to manage the risk down to the targeted risk level. This simple process rates the risks, sets target risk outcomes and enables planning to manage the risk down the desired level. In addition, a standard, comparable delivery risk profile can be generated.

Each project’s delivery risk profile can then be compared across the portfolio and analysed at the next layer down to see which risk categories are reoccurring and why. This profile can also be used to progressively track the actual risk reduction achieved against the planned reductions. If a project is not reducing its risk profile to plan, this is an immediate (and early) danger signal.

Effective delivery risk management does not need to be complex or time consuming.

Simple, quick and highly effective — our “How to manage your project’s delivery risks” process Guide is now available at valuedeliverymanagement.com.

PS The Delivery Risk process Guide includes the roles of the project practitioner, business, PMO and governance teams and is fully supported with comprehensive workshop guides, profile generation spreadsheets and other materials to make it simple and easy to implement and use.