Four sleps lor reduc|rg projecl r|s|

By Robert L. Bogue
July 18, 2005, 7:00am PDT
Whether it's small or large, complex or simple, everyproject has risk. It's our job as managers to do our best to not only minimizethe risk
in our projects but to minimize it as soon as we can. In this article,you'll learn a simple Iour-step approach Ior doing just that.
Inventory
The Iirst step to managing the risk oI a project is toinventory the situation. That is, identiIy all oI the risks that you think arepossible in
the project. The inventory should include all internal Iactors Iorthe project such as resource changes, assumption Iailures, and
sponsoravailability. It should also include all external Iactors such as a change incompany direction or a change oI technology direction.
Most oI all, however, itshould include the things that are new in the project. II the project isworking with a new technology, is using a
new development methodology, or eveniI there are new, relatively unknown team members, these need to be listed aspotential risks to
the project.
The purpose oI the inventory phase isn't to classiIy therisk or identiIy its importance. That step happens later. The goal is tocollect all the
risks. II you mix in the process oI evaluating the risk you`llIind that you won`t get a complete inventory oI the potential risks Ior
theproject. Staying Iocused on capturing risks is essential to the process.
Evaluate
Once you have a complete list oI potential risks, it`s timeto evaluate them. Each risk should be evaluated based both on its probabilityand
on the impact that it would cause iI it happens. The loss oI a key teammember may have a low probability; however, the impact to the
project can begreat.
Some people struggle with the evaluation step because bothoI the numbers, percentage and impact, are guesses. They recognize that
evensubtle changes in the values Ior these numbers canhave a huge impact on the total risk oI the project. However, in general,
theobjective here isn`t to come up with a single number that represents each risk.The objective is to develop a Iramework Ior evaluating
the various risks againstone another. Although precision in the estimating process is useIul it's notessential.
The other Iactor to evaluate when looking at a risk is itsduration--how long that it can have a potential impact on the project. Forinstance,
the loss oI a subject matter expert early in the project is a riskbecause their input is still needed. However, later in the project they may
not have much input and thereIorearen't a risk iI they leave.Therisk oI a Iunctional analyst leaving is greatest in the initial phases oI
theproject when they are intensively interacting with the customer. Later on inthe project, the loss oI the Iunctional analyst has a smaller
potential impactIor the project.
In order to get a consistent number Ior all oI the risks,multiply the probability which should be per interval oI duration by the impactand
Iinally multiply that by the duration. The resulting number is a singlenumber, a risk quotient, which can be used to prioritize risks within
theproject. For instance, iI the probability oI the risk happening in a given weekis 10, the number oI weeks the risk may happen is 10
weeks, and the impact is$1000, the overall risk is $1000. (.10*10*1000 1000)
Prioritize
Now that you have a single risk quotient Ior the variousrisks, it's possible to prioritize the risks Ior the project. It can give you aclear
vision oI what the risks are and which ones you'll ultimately need to beconcerned about. This is also a part oI the process that typically
helpsvalidate the estimates made above. For instance, iI your greatest risk ispersonnel turnover (as it usually is) you may want to more
objectively evaluatethe probability. II the average person stays at your organization Ior threeyears you can assume a probability oI them
leaving in a given week is 1/156(3x52 weeks/year) which is a 0.00641 percent chance.
Control and mitigate
Once the risks are prioritized you can go through the listand identiIy which risks are controllable, which risks are things that can
bemitigated, and which risks must be accepted. For instance, the risk oI loosingkey personnel can be mitigated by providing completion
bonuses or even justmonitoring their happiness more closely. Technical risks can be controlled bymoving them Iorward in the project so
that they are proven out nearlyimmediately.
In general, the Iastest way to reduce the overall riskquotient Ior a project is to tackle the controllable risks early in the project.The more
quickly that you are able to validate the risk associated with an itemthe more quickly the risk is no longer a risk (so its probability can be
zeroedout.) Focusing on controllable risks won't completely eliminate risk but itwill quickly cut it down.
The next step is to develop mitigation strategies Ior thoserisks that can`t be controlled. Completion bonuses are a routine way
thatorganizations which are closing down operations mitigate the risk that thepeople participating will leave beIore the project is ready to
let them go.
Not every mitigation strategy needs to involve money. Simplygetting a verbal, personal commitment to Iinish the project is oIten enough
toIurther reduce the probability that a person will leave during the project. Mostpeople value their own sense oI selI worth and they
believe that their abilityto meet their personal commitments is a part oI the admirable part oI theirselI.