You’ve put together your project plan, you’ve got a schedule that everyone can access with Primavera Reader and you’ve started to think about the risks that might stop you from achieving your objectives.
The trouble is, that’s a long list.
In many ways that’s a good thing: you’ve identified lots of things that have the potential to derail your project and knowing about them is the first step to stopping them from causing problems for your team.
Here’s how to make sense of your project risks and categorize them in ways that will make them much easier to manage.
Option 1: Categorize by Nature
This is about the type of risk that your project is facing. You’ve got a number of choices here:
- Pure risk (also called static risk). This is where the project might suffer a loss, but there’s no chance of it going the other way and playing out for the best. In other words, there is no opportunity to gain anything in this situation. An example would be a fire.
- Business risk (also known as speculative or dynamic risk). This type of risk is where your may lose something, but you could also gain something. Stock markets are an example of speculative risk, as is launching a new product: it might end up in a loss for the company, but the project could be a huge success and make a gigantic profit. These risks are related to the activity of the business.
Your management approach is going to be different for each of these. For pure risk you’ll want to find ways of preventing the loss completely.
For business risk you want to make sure you are maximizing your chances of the opportunity part and minimizing the chances of the loss. In this case, the more you can break the risks down, the better it is and the easier you’ll find it to plan for them.
Option 2: Categorize by Level
This is where you either manage risks individually at varying levels or group them to give you a wider perspective of the risk profile of a project.
- Workstream risk: This risk affects one workstream within a project, for example the strand of technical work. No other workstreams on the project would be affected if the risk materialized.
- Project risk: This risk affects the project overall.
- Overall risk: This is the outcome when you aggregate risks and view several (or all of them) grouped together. This is useful when you want to know what the big picture risk problems could be. For example, you might have four or five workstream risks related to the Sales area. When you aggregate them and look at what would happen if they all materialized, you’d probably want to take a more strategic approach to addressing them.
Aggregating risks gives you a different way of looking at the same information and it’s easy to do. Simply add another column to your spreadsheet or use colors or a subset on your mindmap to group risks together.
This approach works when your project is part of a programme of work, or there are multiple workstreams of activities.
Related Reading: 7 Key Factors to Successful Risk Management
Option 3: Categorize by Identification
This is a way of classifying risks by how much you know about them. The concept is the same as the Johari Window tool, which is generally used for building self awareness and personal development, but it has just as much application as a framework for risk management and business models too.
Known Unknowns: These are risks that you have identified (so you know about them) but you didn’t know if they are going to happen or not (the ‘unknown’ part). Manage these through your regular risk management approach, identifying risk responses and working up a plan to address them with the appropriate budget and tasks.
Unknown Unknowns: These are the risks that you haven’t identified yet. They won’t be on your mindmap or your project risk log, but they are still something you can actively plan for – yes, even if you don’t know what they are! You can address these by putting aside money for risk contingency and building extra time into your project schedule. Think about what went wrong on previous projects and while you can’t necessarily identify precise risks right now, that will give you an idea of how to factor in contingency and management reserves to address them.
I’d argue that under this framework the missing piece, ‘known knowns’ are things that you know are going to happen and could therefore be classified as issues.
That’s three ways of categorizing risk. Which of these have you used – or do you use another system for keeping your risks in order?
Let me know below.