Article Menu

Wednesday, 15 February 2012 11:34

Ten Reasons to Trash your Risk Management Plan

Written by 
Rate this item
(0 votes)

GB_Feature_WebDo you have a Risk Management Plan (RMP)? If you do not, then this article is not for you. If you are managing a project of any size and you have not developed a Risk Management Plan, then your project is most likely already in trouble.

If your answer is yes, then you may want to continue reading this article. Many people talk about and also attempt to develop a Risk Management Plan but either give up on it or place the effort in the low-priority to-do list. Others have a risk plan that does not actually provide the guidance and value that is needed to be effective.

Because the maker of the RMP did not give it the attention it deserves, it is usually thrown together without any real in-depth research, just to say that it was done. Like the son that was told to clean his room. When his mother checked it, the room was cleaned. But she later discovered that everything was piled high in the closet, out of sight and out of mind. It is important for the project manager and team to view the plan as something that can provide lifelong project value. All too often, project teams develop a Risk Management Plan because everyone says they should. It may be part of a methodology or a requirement within a Project Management Office (PMO) and is given cursory attention, something like punching a ticket or checking something on a list. Or they may have just passed the Project Management Professional (PMP) exam and know they need to have an RMP. So they do one! Why? To report that they have one and they can now tick that off of their checklist.

So, if you have an RMP, I give you my top ten reasons why you should trash that plan. Take a look at these and reflect on them.

Risk management is one of the nine knowledge areas of the Project Management Body of Knowledge (PMBOK®). Every management template includes an area to provide information about risk. Several books and articles have been written on the subject of risk management. Here are a few good books on risk management that you may want to read or add to your library:

  • Risk Management, Rita Mulcahy
  • The Practice Standards for Risk Management, PMI
  • Project Management a Systems Approach, Harold Kerzner

From a global perspective, more organizations are putting emphasis on risk management to assist in reducing the number of reported project failures. A well-developed Risk Management Plan should mitigate the risk for project failure.

For example, listed in the table below are the results of a poll from our project management website, allPM.com. In that poll, we asked for the top five documents needed for project success.

GB_Table_1_web2

As shown in the table above: The Risk Management Plan and Log is one of the top five documents needed for project success. Having a Risk Management Plan for your project is not optional; it is a necessity for the overall project success. The guideline and methodology we recommend for risk management is derived from the Project Management Body of Knowledge (PMBOK). In this article, we discuss some of the concepts regarding the creation and management of a Risk Management Plan.

Here are some ideas for creating and maintaining a good Risk Management Plan (RMP). You should start developing your Risk Management Plan during the early feasibility study. The RMP should be elaborated during the business case development process. Highlights of the RMP should be included in the development of the project description document and the project charter. The final RMP should be a part of the overall Project Management Plan.

A good Risk Management Plan and execution of that plan requires most of the team members to be involved. Collectively, the team will identify, analyze and develop the components of the Risk Management Plan.

A good outline of the PMBOK’s Risk Management Plan structure is shown in Figure 1.

GB_Table_2_web

I recommend a risk management plan be developed and acted on throughout the life of the project.

Here are the Top Ten Reasons to Trash Your Risk Management Plan

1. You should trash your RMP if you have not spent enough time or effort in developing the plan.

2. You should trash your RMP if your project is large and complex and you only spent a few hours developing the plan.

3. You should trash your RMP if the right people were not involved in creating the plan.

The project team can have the most brilliant people involved. However, if you missed a key stakeholder when identifying risk, you may have overlooked a key element in the plan that will cause the project to fail.

4. You should trash your RMP if the plan has been on the shelf for more than ten days.

A good plan must be reviewed on a regular basis. A Risk Management Plan should be reviewed every week and be a permanent part of every project management status meeting.

5. You should trash your RMP if you never talk about risk in your project meetings.

Every Project Manager (PM) should make it a part of their daily and weekly schedule to talk about risk. You cannot ignore this subject; the stakes are too high.

6. You should trash your RMP if your management only thinks of risk in terms of losing money.

Risk can be thought of as positive and negative. Management may need to be educated on the positive risk and how they can be managed.

7. You should trash your RMP if you have not done an exhaustive identification of all possible risks.

Rita Mulcahy, in her book, states that you should ID hundreds of risks in the early stage of your project. Not all risks will be part of the plan, but the exercise of finding and documenting as many as possible can benefit your project.

8. You should trash your RMP if you don’t know who to talk to about a risk.

There is a people side of risk management that we cannot ignore. Subject Matter Expert (SME), stakeholder and sponsors must engage in the conversation about risk.

Risk, issues and problems are discussed in the same context.

Risk and issues are different; they should be tracked and managed separately.

9. You should trash your RMP if a budget to handle risk is not established.

Your risk plan should be supported by a budget for risk response and contingencies. As PM, you limit your risk budget issues during the course of the project. The budget needs to be settled early in the project.

10. You should trash your RMP if you don’t know when to use quantitative methods to access the risk.

Risk Management may not include a quantitative analysis. Only in special circumstances will you need to invest the time and money in doing a quantitative analysis of your risk.

Summary

Are you doing risk management or are you just going through the motions? Risk management is just one of those things to do in your busy project environment. You know you need to do it right, but the urgency and priorities of other areas of the project do not allow you to allocate the time and resources to manage your risk properly. Therefore, you may want to trash your RMP and seriously do what’s necessary to manage the RMP correctly. I realize that it is hard to break away from day-to-day priorities. But if the RMP is done correctly, it will add value to your project. In the words of Nike, “Just Do It.” You will enjoy its benefits.

Don't forget to leave your comments below.

George Bridges is a Director of Business Analysis with more than 25 years of experience in business systems analysis, business process modeling, operations research and Information Technology. George teaches business analysis and project management to hundreds of seminar and class participants every year. He has participated in the analysis and development of business systems for major corporations, such as Ford Motor Company, Unisys Corporations, and for a large church in the Metropolitan Detroit.

References:
1 - Risk Management - Tricks of the Trade for Project Managers, Rita Mulcahy, 2003
2 - The Practice Standard for Risk Management, PMI
3 - Project Management – A Systems Approach, Dr. Harold Kerzner
Read 4990 times Last modified on Monday, 16 April 2012 12:15
Published in Articles
Tagged under
George Bridges

Latest from George Bridges

Related items

More in this category: « Tension at the Workplace: Gen X vs. Gen Y Facilitation Top 5 »

Comments  

 
0 # Maureen Sullivan 2012-02-15 04:55
Great article George! I particularly like Reason #4 :) Maureen
Reply | Reply with quote | Quote
 
 
0 # George Bridges 2012-02-15 05:11
Thanks Maureen, The idea here is that the RMP should be review often and regularly.
Reply | Reply with quote | Quote
 
 
0 # Eric Wuolle PMP 2012-02-15 05:17
George, One factor often overlooked in the synthesis of the project's approach to risk is the organization's risk management framework, which may have explicit or implicit risk management practices. For example, on the RM budget aspect, some organizations do not expect, nor value, any more than a cursory, monthly review of the Risk Management Plan, and the Risk Register. So, my comment is, ensure the risk management framework in your organization supports a robust risk management approach, with all that entails.
Reply | Reply with quote | Quote
 
 
0 # George Bridges 2012-02-15 05:20
Eric, If you are saying that the governance and strategic direction of the organization is key to good risk management, then I agree with your comments. It will be very difficult for a project manager to handle risk properly without the risk management framework to support them.
Reply | Reply with quote | Quote
 
 
0 # Erika Dean 2012-02-15 06:06
The tag line of trashing the plan is cute but a little overboard. The 10 points of when you are saying to trash the plan should be revised to indicate that you don't need to trash it but your job as project manager in risk planning isn't done yet and you can still use what you have done as a starting point but you need to finish the risk planning with all of your stakeholders. Risk management is iterative so we don't need to be discouraging people that tried to do something (however inadequate) but provide coaching to them to follow through with it all the way. Finish the job!
Reply | Reply with quote | Quote
 
 
0 # Greg Smith 2012-02-15 07:03
Great article! There is one exception to "You should trash your RMP if you have not done an exhaustive identification of all possible risks." Someti mes an exhaustive investigation can reduce the opportunity to deliver early, on a project where the date is as an important as the requirements. Sometimes the sponsors will agree to the risk of not doing an exhaustive investigation, because the risk work itself puts the date in jeopardy.
Reply | Reply with quote | Quote
 
 
0 # George Bridges 2012-02-15 07:13
Yes, how true Greg. Perhaps we should have the top 11. I know that a fundamental principle in RMP is to do exactly what you suggest in your comments. Than ks for the feedback
Reply | Reply with quote | Quote
 
 
0 # Hussain Javed 2012-02-15 14:19
My knowledge added.
Reply | Reply with quote | Quote
 
 
0 # Michael Davis 2012-02-16 04:20
Karel has rightly pointed out that the author seems to have confused the risk management plan with the risk response plan. There is no need to continuously review the RMP itself once the overall methodology for identifying, assessing and planning responses for risks has been established and operationalized ; reviews or updates of the RMP are usually only necessary when the project is about to enter a new phase or something changes that could impact the approach to risk management. The comment about item #9 is also correct in that there is a difference between the risk management budget and the project funding (contingency) allocated for risk response plans. Finally the idea that the risk response plan should be "trashed" if you have not done some sort of exhaustive review of all possible risks (#7) is questionable. First, experienced project managers and teams working in a familiar domain can usually zero in pretty quickly on the most critical risks that must be managed, so efforts to do an exhaustive review of all possible risks soon reach the point of diminishing returns. Second, project disasters often occur because an unexpected combination of risks, or a "black swan" event that would not have been identified anyway occurred. It is better to go with a perhaps incomplete list of the most likely risks, and manage them competently, than to spend a lot of effort trying to find every last possible risk and end up with insufficient time or resources to develop proper risk response plans for the important ones.
Reply | Reply with quote | Quote
 
 
0 # Karel 2012-02-16 06:12
It will be interesting to see when Michael Davis'comment will be deleted by the moderator... Is it because it is forbidden to give critical feedback that my comment was deleted?
Reply | Reply with quote | Quote
 
 
0 # Karel 2012-02-16 06:14
Anyway, here is my original comment that Michael Davis is referring to: It seems to me the definition of RMP used in this article is not aligned with the definition of RMP in the PMBoK, 4th edition. An RMP defines how risk management will be executed on a specific project. It does tell you for instance how you are going to execute your risk identification process, but the RMP tells you nothing about individual risks (this contradicts with #7). In time, the RMP is written before risk identifcation starts. Therefore, I do not understand #4; the RMP can remain unchanged until a formal change is required (e.g.: additional monitoring, use of a new tool, additional reporting, changed risk tresholds). #5, #8: agree, but trash the RMP because the ways on how and to whom you communicate on risks should be written down in the RMP. #9: Please check PMBoK, 4th ed., page 280, "budget". The RMP tells you nothing about the amount of money to reserve for contigencies. The RMP claims money for the execution of risk management activities.
Reply | Reply with quote | Quote
 
 
0 # Gerry 2012-02-18 09:28
George you signed off your article with Nike - 'just do it'. To right, unfortunately it is the executive, directors and clients whom are issuing this rant. The PM desires to follow a process to attain benefits/goals/ corporate objectives, that is who we are. So like many PMs out there I do my best to acquire relevant information from SMEs, present the info to the highest level and gain approval. From there, well the Team 'just do it'.
Reply | Reply with quote | Quote
 
 
0 # Jeffrey Mitchell 2012-02-21 02:57
I would just add to the conversation that all projects are operating in an risk environment. The known risks need to be dealt with appropriately in the RMP (identification , qualification, method of monitoring and planned reponses). The unknown risks by their own nature are what causes a project to get into trouble (hence the need for contingency plans / budgets). The project manager and project team need to continue identify new risks (threats & opportunities) and fold them into the RMP (progressive elaboration of the RMP). The RMP should be periodically be reviewed by senior management for comment and evaluated at the end of the project as to its effectiveness and a value to the project / organization (lesson learns).
Reply | Reply with quote | Quote
 
 
0 # George Bridges 2012-02-21 07:28
Two of my favorite books on Risk Management are 1. Identifying and Managing Project Risk, by Tom Kendrick, PMP 2. Risk Management, Tricks of the Trade for Project Managers, by Rita Mulcahy, PMP
Reply | Reply with quote | Quote
 
 
0 # Ravi Madhavan 2012-02-22 08:07
Good points in the article and some interesting observations too in the comments section. I see that the tenet of this article to emphasize on the necessity to identify and plan for the risk. And this cannot be negated at all. Any RMP will also have a mitigation plan in case the risk hits the project. Very reason RMP also expands to Risk Mitigation Plan as defined by many PMs. When identified and thought of upfront the PM is well prepared to handle the risk and prevent it from becoming an issue. The contingencies included in the RMP then helps addressing the issue without pressing the panic button.
Reply | Reply with quote | Quote
 
 
0 # René 2012-02-26 19:39
Great article - hope it serves as an eye opener for many a Programme, Project, Risk Manager or any other role or function involved in "achieving goals". As to Gregs remark that some sponsors decide (!) not to spend time on thinking about risks, I think those stakeholders (!) should read this article. In my opinion they do not understand the significance of the added value of making Risk Management a core activity of every undertaking - ALSO and maybe even ESPECIALLY for activities with a time constraint. Not spending sufficient time on the aspects that may affect the success of the activity (positive ànd negative) is sticking your head in the sand. And you know what the risk is of sticking your head in the sand: you cannot see who is about to kick your arse...!
Reply | Reply with quote | Quote
 
 
0 # George Bridges 2012-05-04 08:59
This comment made my day, today. Thanks
Reply | Reply with quote | Quote
 
 
0 # George Bridges 2012-03-08 08:36
The basic idea that is being promoted is that as a PM, don't just do your RMP as another "to-do" item. The RMP should be a "living" document that deserve the appropriate attention throughout the life cycle of the project.
Reply | Reply with quote | Quote
 
 
0 # Ally 2012-03-14 05:49
A very interesting perspective! The thought of trashing a risk management plan sounds pretty scary at first, I admit...but you've got some good points.
Reply | Reply with quote | Quote
 
 
0 # George 2012-03-14 10:57
The title and concept of the blog is to get people to think about the process.
Reply | Reply with quote | Quote
 
 
0 # S.Sudhavelan 2012-03-25 16:51
RMP results timely completion and budget control .
Reply | Reply with quote | Quote
 
 
0 # Dennis 2012-03-28 21:37
Like the article, there are some interesting points. I believe the goal of the article was to get PMs thinking about RMP and to some degree the artifacts that we produce and not just go through the motions of getting them complete instead actually create the plan and follow through.
Reply | Reply with quote | Quote
 
 
0 # Cordell Cameron 2012-03-31 09:25
When you're trying to justify persistence in the RMP remember that while its a frustrating consumer of time and resources, the two points above, "the exercise of finding and documenting" and the "regular review" in particular of those previous findings is how the RMP finally justifies itself, in areas that lie beneath the plan. You do have multiple problems. You just haven't tilled the soil well enough for them to surface.
Reply | Reply with quote | Quote
 
 
0 # Brenda Ross 2012-04-04 05:36
This is a good article if, for no other reason, than it provokes thought about proper risk planning and management. Point #9 is surely wrong, however. Risk response planning can help control scope, quality and time on a project. Risks, when they occur, affect more than just cost. Similarly, Point # 6 accurately identifies that risk management can be used to save money, but project management and risk management is way more than cost management. The idea of trashing your RMP should be immediately followed by 'and then starting a new one from scratch'. No matter how disengaged your stakeholders, sponsor etc. are towards risk, a PM should not operate without a RMP.
Reply | Reply with quote | Quote
 
 
0 # George Bridges 2012-05-04 08:58
Brenda, you state the #9 is wrong. So what do you do about having contingency reserve to handle the risk? Any suggestions?
Reply | Reply with quote | Quote
 
 
0 # Risk management plan 2012-05-04 00:47
Its analyzing their strategies and their risks in a more comprehensive and systematic fashion through enterprise risk management.
Reply | Reply with quote | Quote
 
 
0 # George Bridges 2012-05-04 08:53
Well said, I totally agree.
Reply | Reply with quote | Quote
 

Add comment

back to top