Picture this: You've just been selected to manage one of the largest, most important projects your organization has ever undertaken. Senior management expects this mission-critical project to bring significant benefits to the organization, and you've been chosen to lead it because of your reputation for building highperformance teams and delivering results. It's the opportunity of your career.

But every opportunity also brings substantial risk. If, despite your best efforts, the project should fail or fall short of expectations, the consequences for you and your organization could be devastating. And, unfortunately, the odds of success are fairly low. Project performance statistics show that 50 percent of projects end up late or over budget. Twenty-five percent fail completely. And only 25 percent actually succeed.

A number of factors are making it more difficult than ever to achieve project success. The fiercely competitive economic environment means there's tremendous pressure to produce results quickly. The tendency of today's organizations to be interconnected with multiple business partners means more internal and external areas to be considered in the project, creating enormous complexity. What's more, the very criteria for success have changed. Today, coming in "on time, on budget and to specifications" just isn't enough. To be considered successful, you must also clearly demonstrate that you have achieved project objectives, effectively managed change and transition, exceeded stakeholder expectations and realized measurable business benefits. But don't be discouraged. You can improve the chances that your project will ultimately succeed. And one of the most critical steps is to develop — right at the outset — a process for analyzing your project's likelihood for success, potential barriers to success, and key success indicators. This begins with stepping back and taking a hard look at the realities affecting your particular project.

Project challenges

Every project faces challenges and risks. These can be numerous, and their impact can vary depending on the scope of the project and the approach used. As organizations become more focused on special-purpose projects, the complexity of managing risks increases. The risk profile of a given project is largely a product of the complexity of the project and the maturity of the project processes. Examples of complex projects are those that involve:

  • Complex transactions or initiatives that have a significant organizational impact, such as mergers and acquisitions, spinoffs and global initiatives;
  • Significant dollar investments, such as enterprise system implementations;
  • Customer and supplier initiatives such as technology implementations, portal implementations and e-markets;
  • Compliance or regulatory-related initiatives that require strict assurance that objectives will be met within acceptable timelines; and
  • Cost reduction through outsourcing and shared services arrangements.

The project risk profile is also likely to be increased if the following factors are present:

  • Lack of mature internal project methods and processes;
  • Poor track record of project delivery;
  • History of problems with budget, schedule, status and overall project success; and
  • Solutions that may not be realizing expected benefits.

Critical project risk points

Identifying potential trouble spots at the outset reduces the risk of problems down the road. Experience suggests challenges will emanate from three primary areas (see Figure 1):

  • Business environment – external, other internal functional areas and divisions;
  • Project framework – team structure, composition and vendors; and
  • Execution – legacy systems, products chosen for the project, interfaces.

Business environment

Projects and change initiatives do not operate in isolation. They are part of the larger organization and, as such, will be influenced by factors beyond your control. You must consider these environmental factors, because they will affect your success. These factors largely equate to the scope and content referred to as the Project Context by the Project Management Body of Knowledge.1

Project framework

The project framework includes areas within the project manager's direct control or ability to influence. They include elements such as project management structures, sponsorship, dependencies and staffing. These are often guided by internal policies and procedures, but they can be significantly altered by the use of external vendors that usually utilize their own approaches and tools.

Project scope and execution

The overall project scope and the approach to execution carry inherent risks. The scope includes all processes that are required to complete the effort and develop the product or produce the planned benefits. The execution processes include the activities performed to achieve the project's product and realize the expected benefits. Although the processes can be considered separately, these activities often occur concurrently. The actual execution is often guided by a particular development life cycle, but it also covers project activities such as organization change management and benefits realization.

Given all the challenges facing major projects, many leading project managers are building project risk management methodologies into their overall project management approach.

What is project risk management?

As depicted in Figure 2, project risk management is an independent process that reviews the health and viability of a project. It provides the project manager and executive management team with a clear sense of whether a project will accomplish its objectives and whether significant risks are present. Project risk management can include:

  • Reviewing the risks and strengths of new or existing projects;
  • Ensuring the presence of known requirements for project success, such as skills, processes, structures and culture;
  • Providing unbiased, independent evaluation of the projects prospects for success; and
  • Working closely with project teams and stakeholders to ensure that risks are collected, prioritized, and mitigated.

Project risk management is broader than quality assurance in that it spans all three of the areas most likely to impact your project: business environment, project framework and project execution. Quality assurance (QA) typically focuses on the processes and products within the project team. Vendors involved in projects commonly integrate a QA role into their project approach. But a closer look often reveals that the QA scope is geared to the vendor's interest, not the success of your project and the achievement of your business objectives.

Benefits of project risk Management

Project risk management increases the likelihood of project success. It provides a holistic view of risks, challenges and potential problems and builds processes to help you monitor and manage them. This not only reduces the cost of your project, but gives you, as the project manager, a valuable tool to reduce risk associated with project investments and tactical project activities. Your confidence will increase knowing that your project will meet targeted goals and achieve expected outcomes.

Project risk management activities will give you clear visibility of your project risks and strengths and help you:

  • Clarify and assess the accuracy and relevance of project scope;
  • Validate and communicate project progress and risks;
  • Evaluate and quantify project processes against benchmarks; and
  • Ensure project accountability and stakeholder management.

Project risk management is preventive. Armed with proactive information about the project status, you will be in a better position to anticipate and prevent issues that lead to cost and schedule overruns. Preventing downstream defects and project delays will help you improve your project performance by:

  • Identifying strengths and weaknesses of the project approach;
  • Recommending effective project, process and technology controls;
  • Validating progress and potential to meet goals; and
  • Enabling effective project reporting and communication.

Project risk management will help you demonstrate measurable value, manage change and realize anticipated project benefits by:

  • Measuring achievement of business case and strategy;
  • Focusing on operational readiness; and
  • Assessing change integration and organization acceptance.

Implementing project risk Management

A variety of models—consultative, audit, phase end, quality gates, and others—can be used to implement a project risk management function. Since no two projects are the same, one size does not fit all. The model you choose will depend on the type of information you need and other roles within your project. But it is critical that the project risk management function be independent of the project itself in order to ensure objectivity. The objective of the project risk management process is to provide a risk, status, and quality review and assessment mechanism over the activities and structure of the project.

Depending on your objectives, several assessment variations can help you understand and manage project risk. Based on the project life cycle, any number of the following reviews can be employed, as noted in Figure 3. The key forms of reviews are discussed below.

Risk assessments

Performed at any time during the course of the project, risk assessments help the project manager identify risk areas and evaluate their potential impact on project success. Key drivers of project success are used to evaluate the project and provide a scorecard on relative project performance. The evaluation will facilitate identification and prioritization of key project risks that are most relevant to the project's success.

"Checkpoint" reviews

Also known as gate reviews, these can be executed as a series of reviews. Checkpoint reviews focus on evaluating the high-level and detailed project processes and outcomes. The reviews occur over the life of the project and focus on critical tasks at a particular time in the project. These tasks can be used to recommend improvements to critical processes and deliverables and to focus management attention on project risks and the development of mitigation strategies.

"Go-live" readiness reviews

Performed shortly before implementation or project completion, this type of review is used to confirm that people, processes and systems are ready to adopt the changes to be implemented. This type of review can help identify major risks that could affect a project's success so that the organization can plan accordingly.

Post-completion review

A necessary last step toward ensuring project success, these reviews enable management to confirm the benefits of the project by evaluating whether the business and system goals have been achieved. These reviews help identify areas that may need additional attention to promote project benefits, such as organizational change adoption, operational support, or revision of new processes and procedures. Post-implementation reviews also provide an opportunity for accumulating lessons learned and identifying best practices that can be applied to future project initiatives.

Conclusion

A project risk management methodology provides a framework and wide range of supporting processes for undertaking the appropriate set of reviews and risk assessments throughout a project. Adopting such a methodology ensures that project risks are identified and managed, and greatly increases the likelihood of a successful project— by any definition.

Footnote

1 PMBOK 2000.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.