Risk is the price of progress
Learning Risk Management on the job is a very risky thing to do. It is like an airline pilot learning on the job with a real airplane, live crew and fare-paying passengers! Not a pilot most people would knowingly fly with!
The effective management of Risk involves 4 interlocking disciplines:
- Risk Identification
- Risk Analysis
- Risk Mitigation
- Risk Management
Let’s look at each risk discipline in a little bit more detail
What are all the possible risks which could occur and negatively impact your up-coming project?
For each risk you have identified, what is the likelihood of it happening (low, medium or high) and the impact on your project if it did (also low, medium or high). Some people find it helpful to show this as a 3x3 matrix of likelihood and impact.
The screenshot above shows a 3x3 map created using our free Risk Analysis tool RiskMapp.
For your top priority risks, e.g. medium/high on both likelihood and impact, what can you do to either stop them happening (Risk Reduction) and if not then to lessen their impact if they do (Risk Resilience)
Now you must implement your risk mitigations and then periodically cycle round steps 1-3 to make sure your risk identification, analysis and mitigations are both current and effective. Adjust as necessary.
For more details on Risk Management see “A Systematic Guide to Project Management”.
Business Risks or Project Risks?
If you wish to test skills in managing Business or Enterprise risks then you should refer to our Business Acumen Simulations such as XSIM or YSIM which encourage teams to identify and prioritise risks and then mitigate them through Simulation decisions via Risk Reduction and Risk Resilience building. For the rest of this article however we will focus on Project Risks.
With a configurable Project Simulation like SPREAD you can
- Setup a typical project over an agreed time period (e.g. 12 weeks or 12 months)
- Configure a list of project activities which participants can choose from to do the project. Include good, non-optimum and undesirable activities in your list so that participants can learn from making poor choices. You also define the impact of each activity in progressing the project.
- Project Activities can be once-off or repeatable and can also depend on other activities. Dependencies can be “hard” or “soft”. Hard dependencies stop you selecting the dependent task, whilst soft dependencies allow you to run a dependent task but with its performant degraded. Like non-optimum and undesirable activities, soft dependencies allow participants to learn by making poor choices.
- You now design a schedule of potential “risk events” and when each can be triggered (unless mitigated first).
- You configure certain project activities to mitigate against each of these risks (as well as the activity’s other project impacts)
- You may have one project activity mitigating or partly mitigating more than one risk. If you wish, an activity’s mitigating effect can be expired so the activity needs repeated for its mitigating effect to become active again.
- You can have a risk which requires more than one activity to mitigate it. (Thus it is a many-many relationship between risks and project activities – just like the real world).
If the appropriate risk mitigating activities have not been selected before the risk event schedule is reached then the risk will occur and its impact will be felt in your project and you will be notified that the risk has occurred and what it means.
In the screenshot of the SPREAD Business Simulation Game (above) note the list of allowed project activities on the left side of the screen (configured for your typical project), your current risk management score on the gauge and the pop-up window advising you that you have missed the opportunity to mitigate a risk which has just occurred on your project with whatever specific consequences.
Risk Management is not a skill you can get right first time or learn safely on the job!
Risk Management is therefore ideal for learning experientially through computer-based Business Simulations and paper-based scenarios. Usually, but not always, it is best if these are team-based Simulations/Scenarios (rather than individually played ones) as project risk management is very much a team activity. The closer these scenarios reflect the type of projects your managers are likely to encounter the better. You would not train a Boeing 747 pilot in a Spitfire Simulator!