Risky business: project risk management

Marc Kaducak

Marc Kaducak, head of the Office of Project Support Services, wrote this column.

Life is full of little gambles known as risks, and so are projects. We can allow risks to paralyze us with fear, or we can objectively assess them and carry on making progress. Project teams perform this assessment by implementing a risk management plan.

Lucas Taylor of U.S. CMS is currently developing a standard project risk management plan with input from the Fermilab project management community. This plan describes how to identify, assess and report risks. Most project teams are already managing risks in a similar manner, and hopefully a standard plan will allow for even more quality, consistency and efficiency.

In general risks are ranked along two axes: 1) the probability of their occurrence and 2) the severity of their impact. Often these things are difficult to quantify precisely, but the act of identifying and roughly ranking risks helps to guide a project’s plan. Risks with high ratings along both axes require special attention. Sometimes a risk can be avoided altogether by choosing a different approach such as using a more conservative technology. Certain risks can be transferred to a nonproject entity such as a vendor with insurance or guarantees. Sometimes the most sensible treatment is none at all, also known as accepting the risk. Probably the most common treatment is to actively reduce the probability, impact, or both through additional testing, pursuing two options in parallel, including extra margin or headroom, or any number of other approaches.

Human factors can have significant influence on risk assessments. Our individual perspectives can be limiting, so there is value in seeking input from a diverse group. There is a tendency to overstate risks that are more popularized or sensational versus those that are more statistically significant. The classic example is the fear of flying versus driving. We also have our optimism bias, where we assume that we will succeed where others have failed. One way to convert this optimism into reality is to learn from history, which is why an organized list of risks and lessons learned helps to improve our likelihood of success.

Speaking of optimism, things occasionally go better than planned. In risk management these favorable risks are called opportunities, which can also be ranked in order to pursue those with the most potential upside.

If building our complex projects is somewhat of a gamble, a good risk management plan is like using loaded dice. Roll the bones!