The Real Idea Behind Risk Management

(It’s not one of those academic reasons that you may think)


To say that Risk Management is misunderstood or used incorrectly across the world of project management, is an understatement. For some inexplicable reasons, everyone talks about Risk Management but no one consciously exercises it during the course of the Project. I have been lucky enough to consult in almost all major domains and the recurring theme has been the almost total absence of “Risk Management” practices or processes. This is scary, to say the least.

Sometime back I was consulting on Risk Management in one of the leading Steel Manufacturing companies in the world. There were senior managers who undertake large programs and projects and several of them were arguing that Risk Management is not really that important if the organization has taken some safeguards. Before I could explain to them exactly how dangerous this assumption was, one of them received a call and his face became instantly grim. He told me in a shaky voice that one of the new trainees fell into a “Ladle” of molten zinc. The death was instant and extreme. No one argued about the importance of Risk Management after that. This does not mean that Risk Management is required only for such situations.

Just to give you an Idea about the extent of casual approach towards Risk Management by many organizations, I will share with you another incident. Sometimes I am hired to conduct assessment on the “Existing Project Management Processes” across the organization. This requires me to look at some of the “Project Documents” from past projects and running projects within the organization. While I was going through project documents of several projects,  I could not help but feel a sense of Déjà vu every time I would look at the “Risk Register”. I separated the risk registers of all the projects and was shocked to see that they were exact copy of each other. In fact, in one case, I came across a risk register which was not only completely copied, the Project Manger had forgotten even change the name of the project listed on the risk register. In further investigations it came to light that since the organization was very strict on “Non compliance” reported by the QA auditors, the Project Managers had learned to “Fill up the documents” for inspections and just for inspection purposes.

Projects by nature are risky. Its defined in the very definition where it says “Temporary Endeavour Undertaken To Create a Unique Product Service Or Result.” The uniqueness causes the project to have a lot of uncertainties at the beginning of the project.

Then the new question that emerges is, can we know all possible uncertainties? Can anyone ever do that?

Absolutely Not. But that does not mean that we should not Identify Anything whatsoever.

Let me try and explain this differently. Assuming that you have a box that contains each and every project risk that is applicable to your project. Hypothetically speaking, off course. Now just because you identified some risks does not mean that those are the only risks that are applicable to you. The ones you could identify are called Identified Risks and that ones that you could not identify are called unidentified risks.


Now the risks that you could not identify may directly result into issues as you did not identify them and, hence, could not have a plan to prevent them from happening. This means that in the next phase of the project or the next project you would identify as risks all the issues that happened in the past. This way you would find a little more Identified Risks in the given box thus reducing the total no. of Unidentified risks in that box of Project Risks. This way over time you would have very few unidentified risks in that box.

Hence, the best way to reduce the number of unidentified risks upfront in a project is to literally go crazy trying to identify the number or risks. Identify as many as you can as the more you are able to identify, the box of risks remaining the same the number of unidentified risks would end up reducing drastically. It goes without saying that you would not be providing for all the risks just because you identified them. These risks would be prioritized and compared to each other before you would identify the critical few that you would ultimately provide a response for. But that is a different story and we will discuss some other time.

I am a person who loves the outdoors and can go for seriously long walks and treks. This also means that I need to be resilient to temperature differences and even surviving in rains and heat and completing my journey without falling ill. Goes without saying that my stomach has to be able to digest different kinds of food at different altitudes without giving up on me so that I have the energy to complete the journey. This would mean that I have to be resilient. What a lot of people do not get is that no one can be a superman. Hence I am somewhat resilient physically but what makes me more resilient than I actually am, is the immense risk based planning for the journey. Knowing fully well that I cannot carry anything above 8 kgs on my back for 10 days with an average of 10 to 11 hours of walking every single day, I make a list of all possible risks that could happen along with their consequences. I, then, painstakingly prioritize the competing risks and find out which risk would have more chances of occurrence as well as high on the overall impact. The different kinds of possible impact have different kinds of weightage. For example impact on my health has more weightage than impact on schedule. This kind of practical but intense risk management allows me to take practical trade-offs (e.g., carrying a foldable thermal foil instead of a deodorant and so on). All this keeping in mind that the weight of my pack cannot be over 8 kgs. When I go on organized treks I found that I was even better prepared than the trek organizers. I was having a lot less issues than the other much stronger and younger people. It was risk management that had made me very resilient. To a large extent I was prepared with what could come our way, snow fall, falling in the cold stream, rains or lack of potable water or even a fall or cut and would not force me to leave my trip mid-way (unlike so many who would give up within the first 3 to 4 days).

Just imagine if this was done for a professional project. It would make the project a lot more resilient. Things happen. But the question is would you have to just give up on your project just because a few things did not go your way. The more risk management is done for a project the bigger the quantum of negative events that would be required to budge the project from its normal planned path. I have seen so many projects closed or delayed or go over budget,  just because a few negative events occurred.  Project Risk Management = Project Resilience.

Therefore, you must identify as many risks as you can upfront. Some companies use checklists to identify as many risks as possible as this directly reduces the number of new surprises in the project which in turn makes the project a lot more manageable and less costly.

The real reason for Risk Management is to make the project less complex, less expensive, more manageable and a lot more resilient.

Visit this space regularly to see more such practical blogs.

If you like this blog, please share this link with others as well as recommend this site to others.

========================  end =============================

Post Comments : *
You are not logged in, Please login here to post your comment  
The way the identified and unidentified risks explained very well. How the lessons learnt can be used for reducing unidentified risk - good pictorial explanation. Ramanan Selvam
Date : 2020-07-29 19:31:17    Comment By : ramanan,  Chennai,  India