If you are taking on Project Management, you will need to come to terms with its necessary consequence: project risk. It’s a topic I’ll be covering a lot, over time, because it is so central to project management. I have already written, at length, about why projects go wrong. In this article, we’ll look at some of the sources of project risk.
It is often helpful to understand categories. But I am not talking about the often-cited categories of project risk, like:
I want to look at the fundamental nature of risk.
Risk is defined as:
Uncertainty that can affect outcomes
So, from that point of view, risks are an inevitable part of projects. We have more uncertainties than everyday operational work, because projects are novel and try to introduce change. Learn more about the basics of Risk Management in the Risk Management Explained podcast.
And if uncertainty is a characteristic of risk, then our understanding of project risk must start from the source of our uncertainty. This leads me to four types of project risk, based on why we don’t know.
Let’s start with the toughest of all…
We can’t know what we don’t know. Until, that is, we discover it. Nassim Nicholas Taleb wrote a whole book (US, UK) about what he describes as ‘Black Swan Events’. These are events for which we have no warning. These are risks that we cannot foresee, because they are based on things we do not know. The only way we uncover these hidden truths is by constant research and exploration. And the only way to deal with them as sources of project risk is constant vigilance. We need processes that deliberately look out for the first signs of an unexpected event.
When we discover the existence of something, that throws up a second problem… We don’t yet know much about it. Our unknown unknown has become a known unknown.For #project risks we cannot foresee, horizon scanning is essential Click To Tweet
Known unknowns are gaps in our knowledge. These sources of project risk are common in many of our projects. Examples include:
None of these are unknown-unknowns. For each one, we know there is a problem and can characterize that unknown. Each is susceptible to familiar processes of research, data-gathering, and assessment. But as we refine our knowledge, and analyze what we learn, we reduce our uncertainties, and therefore our risks.Known unknowns are gaps in our knowledge. Respond with research Click To Tweet
Sometimes it is possible to refine our knowledge to such a degree that no uncertainty remains. At other times, we bump into a core of ‘irreducible uncertainty’. That is, there is sometimes an amount of uncertainty we can never resolve, until events play out. We’ll come back to that.
But first, lets look at the knowledge we don’t know we have…
There is knowledge you have – often from your past experience – that you have never brought into your conscious awareness. This s one of the principal reasons why lessons learned reviews are such a valuable project management discipline. Reflecting on your experiences is the surest path to wisdom. But if we assume that team members do have hidden knowledge that is relevant to your project, how can you reveal it?
Here are my suggestions:
Your curiosity is the way you’ll unlock these sources of project risk. And, like our known-unkowns, once you release them, they become…
Known-knowns are the risks we know we know about. Yet some of them remain risks.
Because there remains some uncertainty that we cannot, even in principle, resolve.
We know the weather is a risk to many types of project. And we know that we know it, so it is a known-known. But there is nothing we can do to create certainty about this season’s rainfall, or night-time temperatures, for example, until it is too late.
Likewise, we know hat, over the course of a large and lengthy project, some of our team will fall ill. Maybe worse. And we know we know it will happen. We can take actions to mitigate the impacts. We can even supply flu vaccines and encourage safe travel, to reduce the likelihoods. ut we can never remove the risk entirely, and we can never know who it will strike until it does strike.
Statistics will tell us how much priority to give these types of project risk. But the risks remain because the uncertainty is random in nature. We understand randomness. (Well, statisticians and actuaries do – most of us have a pretty weak understanding). But we can never eliminate it.Not all risks can be reduced with research. Randomness rules. Click To Tweet
There are many potential sources of project risk. One of our Project Management Checklists has over 60 examples. In this guide, I’d like to discuss the categories we use in that checklist.
These tend to be a mix of naturally occurring events and the kind of risks that arise as a result of the complexity of human endeavours.
These are all of the different commercial risks that can arise.
Most of these risks are fairly readily managed. The mistake people frequently make is to assume that nothing can go wrong, because technology is reliable. I kid you not… I know it sounds absurd when written down, but many people have that unspoken assumption, despite all evidence to the contrary.
Often it isn’t the tech that lets us down, but the user. There are all sorts of risks that people pose… If only we could do our projects without them. Of no. That won’t work. Then we’d need to use technology!
Whether you are thinking of embedded organizational processes that affect your project, or your project’s own processes, any process can fail due either to:
Real estate, assets and equipment are all subject to uncertainties that can affect your project’s outcomes.
Avoid being lazy and simply documenting the risk of project cost over-run. What are the sources of financial risk? Each is different, but each can be managed. Cost over-run is too nebulous and fuzzy to lend itself to a mitigation plan.
As soon as two people start to discuss your project, you have politics to contend with. Foreseeing the social an political sources of project risk is an important activity at the start of devising your stakeholder engagement plan.
In the case of project risk identification, a checklist can help you in two ways:
So, checklists prevent costly mistakes and speed up consistent delivery.
Take a look at our Project Management Checklists now.Checklists prevent costly mistakes and speed up consistent delivery. Click To Tweet
Please tell us below, how you handle the identification and categorisation of risks on your projects. I’ll respond to every substantive comment.
Dr Mike Clayton is one of the most successful and in-demand project management trainers in the UK. He is author of 13 best-selling books, including four about project management. He is also a prolific blogger and contributor to ProjectManager.com and Project, the journal of the Association for Project Management. Between 1990 and 2002, Mike was a successful project manager, leading large project teams and delivering complex projects. In 2016, Mike launched OnlinePMCourses.
Please log in again. The login page will open in a new tab. After logging in you can close it and return to this page.