It would be ideal if we could convince our project stakeholders to read this document before they get involved with our projects, but that is unlikely. I also assume that you may have struggled on past projects with getting key stakeholders to review risk registers (to say nothing of the challenges you might have had with getting them to appropriately execute risk response plans).
Here are a few (pragmatic) practices that could improve this situation:
- Be careful about inviting external or senior management stakeholders to risk identification and assessment workshops. I know, this sounds counter to the mantra of "wall-to-wall" communication that we strive for. At the same time, most risk identification sessions I've attended have a "doom and gloom" or "venting" nature to them - this could turn off an external stakeholder. The high volume of low severity risk events identified and discussed could drown out the impact of the few critical risk events that are raised.
- Focus on doing detailed analysis and developing risk responses for critical risk events - those that cannot be responded to within the project team are excellent candidates. Be ruthless about weeding out the generic or ridiculous risks from the register - all it takes is one poor risk to impact the credibility of the practice.
- Be as specific and detailed as possible with regards to risk descriptions and be extremely clear about the potential impacts. Try as much as possible to quantify the potential impacts in terms of schedule, cost, quality or other tangible metrics that a stakeholder or executive will find meaningful.
- Build the risk response actions right into your project schedule. By having these actions buried within a risk register, it is pretty easy for everyone other than the project manager to ignore them. If they are part of the schedule, it becomes a lot harder for risk response owners to plead ignorance - of course, this requires that the risks are critical and actionable!
- Review the risk register at every second project team meeting (e.g. once every two weeks) and after any significant project change is identified or proposed. Don't spend hours on this re-assessment, but ensure that the risk register is current otherwise you will again risk impacting future credibility or participation in the practice.
If you are interested in getting a few more ideas that can help move project risk management from theory to practice in your organization, read the PMI Project Risk Management Standard or you can sign up for the Practical Project Risk Management webinar offered by my company at http://www.solutionq.com
Don't forget to post your comments below