A robust risk culture goes beyond having a strong basic risk management process. But the rewards for the extra work you’ll put in to build that culture are huge. Particularly for large, complex, or strategically important projects.
Some of my readers may hope to influence the risk culture of their whole organization. But, for many, I suspect this may be too great an ambition. For you, the right aspiration is to build a positive risk culture within your project. As a Project Manager, that’s entirely within your scope.
But these ideas scale. And the process for creating a robust risk management culture within your project can apply equally if you get a chance to influence your wider organization.
Risk culture is a shared set of processes, knowledge, attitudes, beliefs and values about how to deal with risk. If your team has a common purpose and approaches risk in a consistent way, which reflects that purpose, that will protect your project and make it more secure.
For your risk culture to work well, three things need to come into alignment:
With these components in place, your project can be confident of making informed decisions, and understanding the risks it takes.
A project is a temporary endeavor. So why would you go to the extra trouble creating an infrastructure?
Every project will have a culture, whether you craft it or not. Part of the project leadership role is to decide what culture will serve you best, and to work at creating it. It isn’t extra work to create a culture: it’s extra work to create a worthwhile one.
And there are plenty of benefits you can gain by embedding risk management into your day-to-day project practices. These work together to have an increasing effect on the overall health and performance of your project.
When you build risk management into your culture, you will reduce the overhead of imposing risk management on each step. Your team will apply a consistent set processes, with standard tools and templates, automatically. And, for a longer project, you’ll be able to optimize these over time, to work efficiently. Ideally if you can provide your team with training, you will see greater consistency in how they apply your processes.
Records and History
One of the challenges of identifying and analyzing risk is to learn from the past. Placing risk management at the heart of your poject culture, you can build an archive of knowledge, to carry forward to future projects. You may or may not be able to start to embed this culture more widely in your organization, but you have a career. And you can carry this knowledge with you from project to project.
Patterns and trends may start to emerge, that you can use to optimize your risk planning and processes, and inform benchmarks and metrics. This will hep you improve your budget and schedule estimates, and therefore reduceover-runs.
Prudent behavior is an obvious outcome of a more risk-aware culture. But prudence is just a filter applied to your decisions. The more powerful outcome will be better quality decision-making.
You get better decisions when they can draw upon more data, and a deeper understanding of the nature of risk and uncertainty. You will start to see more consistency in how your team evaluates scenarios, seeing risk as a core business and strategic issue, rather than a stand-alone project-only concern.
Your biggest wins will come from better governance, with little or no extra cost and time overhead. Taking an evidence-based approach to planning, strategy-development, and policy-making will lead to more robust decisions, with conscious choices around risk profile. And when you apply risk methodologies in a consistent way, they will contribute to improved oversight and transparency around high-risk decisions.
As a Project Manager, you will almost certainly be thinking:
Okay, I buy it. I want a robust risk culture… What’s the plan?’
So let me give you a workplan, in the form of an outline Work Breakdown Structure.
If you do aspire to extend your Risk Culture beyond your project, then one way is to treat a successful project implenentation of risk culture as an organizational pilot.
In this final section, I want to briefly outline the asset set you’ll need to develop, to maintain your risk culture.
A risk culture needs underlying policies. But keep them as light-touch as you can. They need to reflect the nature of your project and the risks it faces. Think about factors like scale, complexity, value, consequences of success or failure.
Crucially, your policies should identify responsibilities at all levels. Everyone must share responsibility – that is the meaning of ‘culture’. But who will take the lead on risk management, and review the processes, tools, and outcomes? And what about governance? How will risk be monitored at Sponsor or Project Board level?
Develop processes that meet the needs of your project and fit the priorities of your stakeholders. You will do better with a simple process that is used effectively than a comprehensive one that is soon abandoned or used infrequently. Document your processes clearly, and disseminate them widely. And keep them under periodic review.
Perhaps most important is the need to integrate your processes with supporting infrastructure like:
Build a set of tools to meet your project’s needs, and follow the process you’ve created. The most fundamental risk tool will be a risk register. But, on larger projects, you will need more; all the way up to complex and costly enterprise-scale software products.
Set up training and learning programs to create a team of capable people who share a common understanding, language, and toolset. After training, create opportunities for everyone to use their new knowledge and develop their skills, judgment and awareness. Maintain their professional development by encouraging sharing of experiences and learning.
The old saying ‘what gets measured gets managed’ is true here. If you don’t monitor and gather data on risk management activities, then there will be little incentive for people to comply.
Likewise, if your sponsor and project board do not review what these data are telling them and act on what they learn, then poor performance will be tolerated. Use simple incentives like recognition and thanks. And, above all, ensure that people know what you expect of them and that this expectation is a part of how you will assess their performance on your project.
As with all change, establishing this culture needs commitment throughout your project, but especially from the top. This means that, once started, you must maintain your commitment to it.
And more than that, you need conspicuous support and endorsement from the governance structures and individuals that oversee your project. Lobby them hard.
As a project manager, risk management is in your blood. You are used to imposing its discipline on the uncertainty and pressures of a project environment. But here is your chance to do it well.
Whilst this kind of culture-building is never easy, this is not a costly initiative, yet it offers a great return on effort. I urge you to consider it.
All you need to do is follow all the principles of good Project Management.
These include foreseeing and acting on all threats.
‘Easier said than done’ you say.
An earlier version of this article was published at ProjectManager.com in May 2016.
Dr Mike Clayton is one of the most successful and in-demand project management trainers in the UK. He is author of 13 best-selling books, including four about project management. He is also a prolific blogger and contributor to ProjectManager.com and Project, the journal of the Association for Project Management. Between 1990 and 2002, Mike was a successful project manager, leading large project teams and delivering complex projects. In 2016, Mike launched OnlinePMCourses.
Please log in again. The login page will open in a new window. After logging in you can close it and return to this page.