The classic Atari game Pitfall! taught us all what happens when we leap without looking—a crocodile will maul us to pieces. The same can be said of not heeding project risks. David Hillson writes for the Association of Project Management with ten of the biggest myths of project risk management. Ignore these insights at your own reptile-ridden peril.
10 Loads of Crock
- All risk is bad.
- Risk management is a waste of time.
- What you don’t know won’t hurt you.
- The risk manager manages risk.
- All risk can and should be avoided.
- Our projects aren’t risky.
- Risk management requires statistics.
- Risks are covered by routine processes.
- Contingency is for wimps.
- Risk management doesn’t work.
Risk can be defined as “uncertainty that matters to the project,” and uncertainty is not inherently bad. Sometimes things can go better than expected, meaning not all risks are bad, and a smart risk manager will account for such possibilities. Managing good and bad risks is never a waste of time if it means contingencies can be produced accordingly. Indeed, in project management, what you do not know will hurt you, so very hard.
And since no one person can know or track all risks all the time, everyone on a team should actually be held accountable for the risks that pertain to his or her job functions. The risk manager’s job is to ensure that the right processes are being maintained to stay on top of the risks. Process is important, because not every risk can be outright avoided in a cost-efficient manner, and so decisions must be made about whether to transfer, mitigate, or plainly accept the risk. By their very nature, not all risks you run into are going to be things people have seen before and recorded in a risk register, so you need to stay vigilant.
About risk management requiring statistics, Hillson writes:
[Quantitative risk assessment] is a powerful method for analysing the overall effect of risk on project outcomes, but it requires time, effort, specialist tools and expertise. Many risks cannot be easily quantified either, so a qualitative approach is needed. Even on very risky projects, the data used in QRA are based on the risk register, so qualitative assessment is always required, while QRA is optional.
Risk management only fails when you are not considering your project in the right context. “Try, try again” is the right mantra in these situations. Any project managers who believe they are too competent to require risk management are just naïve; a competent project manager would not need to be convinced to track risks in the first place.
You can hop some more crocodiles at the original article: https://www.apm.org.uk/blog/top-10-myths-risk