7 deadly Risk Management mistakes
1. Disregarding enterprise risk management
Essential. It is necessary to specify the processes and methodologies used by an organization to identify and manage the resulting business risks, be they operational, strategic, financial, etc. Then it is necessary to analyse what threats the company may face during the useful life of the projects. Before and during the preparation of the risk management plan, it is vital to consult with the Director of Risks and ensure that we comply with the previously established strategy (delivery of the necessary documents, defined management software, etc.)
2. Using incomplete risk breakdown structure
The Risk Breakdown Structure (RBS) is the catalyst for identifying a large number of risks. Each industry has its own risks; the risks that threaten a software project may not be the same as those of a construction project. The project manager can start with a template from a known agency and customize it based on past project history and project-specific risk categories.
3. Ignoring subjectivity
The risk identification process is critical to successful risk management. The perpetual problem with risk management information is subjectivity. Different people will perceive risks in different ways. You will find that risk-averse stakeholders will identify a large number of risks, unlike those leading a project, who may not see or may be unaware of the real risks.
It is the responsibility of the risk management team to eliminate subjectivity and ensure the quality of risk information. Subjectivity can be avoided by using the Delphi Technique, since it keeps the opinions of different experts in the field anonymous, even after the identification phase is over.?
4. Assignment of all risks to the project manager
Successful risk management can never be a one-person army. The risk management team should inform subject matter experts, stakeholders, clients, and team members of what is expected of them. The project manager should track the status of assigned risks, and the risk owner should report the status of the risk frequently. The creation of a risk management RACI Matrix (Responsible, Accountable, Consulted, Informed) will ensure that roles and responsibilities are clearly identified and communicated.
领英推荐
5. Neglecting cost-benefit analysis of risk management
The risk response strategies are Avoid, Transfer, Mitigate and Accept, but many times the acceptance strategy is never considered. Some risks just need to be accepted. There are two reasons to do it:
1. The infeasibility of the first three response strategies.
2. That the cost-benefit analysis is unfavourable. If the value of the loss is much less than the benefit obtained, due to the implementation of a control, it would be rational to accept the risk.
6. Improper use of the reserve for contingencies
The contingency reserve can only be determined after the project manager has made several revisions to the project management plan. The contingency reserve should only be used when a planned or known risk materializes, but never for a risk that has not been planned, since this can only be managed by the management reserve. It is also not correct to use the contingency fee of one risk at the expense of another risk, unless the latter has already expired.
7. Do it once
Many project managers carry out risk identification at the beginning of the project and file them away until they become problems. Risk management should be practiced from the start to the close of a project. It is not correct to do it only during the planning stage, nor should you stop looking for new risks during the execution phase. The project manager must raise the culture of risk management and ask team members to report new risks, and they will have to go through the process of analysing and planning their response strategy.