Over the last 3 weeks, we've discussed the process and tools of the Risk Management Process. The Steps, the Risk Matrix, and the Risk Register, all valuable tools for the Risk Management Process. While I haven't covered everything, there is enough for a good start; but now comes the note of caution. There is a reason why a Morey's Law exists for the Risk Management Process.
In the first post I indicated that you needed to avoid Double Jeopardy, where risks are identified as happening in sequence (i.e. "if a generator fails, the sensor fails, and the bypass circuit fails... then the whole facility can be lost."). In the event of this happening, each of the risks should be identified and dealt with individually, rather than treating it as a cascade failure. However, that is only one part of the risk inherit in Risk Management.
Unfortunately there are other risks beyond "cascade failure." While performing Risk Management, you could find yourself dealing with a variety of situations, which you should be aware of before starting the process:
1. I'm the Smartest Person, and Everyone Must Know It: In this particular situation, there is a person in the room who has extensive knowledge (or thinks he / she does) and contributed to every conversation; not to add to the conversation, but to show how intelligent (s)he is. In many cases, these people will also try to belittle the ideas of others, especially those they find as threats. The most entertaining moments are when there are two people vying for the position of "smartest person," as they will take a simple matter and grow it into hours long discussions. They tend to have an interminable need to have the last word, will often reiterate the points already made to ensure "proper understanding." In many cases, this person is not trying to be difficult and may feel that they are honestly contributing helpful information to the process.
|Pixar's Finding Nemo|
knowledge and experience. That means you cannot simply remove the person from the meeting.
The second category is a senior manager / executive who wants to subsume the project into his / her department. This category typically means a representative from the department will be present, and instructed to make arguments how their resources are best suited to addressing the risks identified during the meeting. Once they own all (or nearly all) the risk and risk solutions, the argument will be made (after the meeting) that since the department is already taking all the risk, they should have ownership of the project.
3. The Project Needs to Fail: Either because of politics within the company, or because an individual person feels the project needs to fail (whether for their own gain, or because they want to see the leader fall), this person will try to devise as many risks are possible with sever consequences. This will then be used as an argument that the project should not be allowed to continue, because the risks are too great.
The biggest difficulty with this situation, is that ALL risks should be identified and addressed. This person will try to say that the risks cannot be addressed, and your role is to ensure they are addressed in order to ensure a minimized impact to the project.
In each of these cases, the solution can be proper facilitation techniques. As the meeting progresses, you maintain control of the communications of the meeting, and ensure that there are reasons for each step along the way:
1. If a point is brought up repeatedly, then indicate that it was already addressed and ask to move forward.
2. If a lengthy discussion begins (i.e. two "smartest" people in the room), then advice that additional meetings may be needed, and table the conversation for a follow-on meeting, specific to that topic. Identify in the Risk Register that a follow-on meeting will be necessary to finalize the risk.
3. Ensure that you are paying attention to how many risks are being assigned to different people / groups. You may need to ask the meeting to take a step back and ensure that the most effective people / groups are taking on the risks, rather than the group that wants it.
4. If an individual becomes rude or belligerent, remind that person of the rules of the Risk Management Meeting. You may need to call a recess and have a conversation with the person in question, or let your manager know about the issue in order for him / her to address it.
5. If it becomes apparent that a different department is looking to take over the project, advise your management about the issue. Most often this will be a political issue within the organization and probably above your level. If it is your level, then you need to be able to address why the department was chosen for ownership and why it is viable to stay within that department.
6. Address each risk, and ensure that they are all tracked and management practices used to reduce the impact. Don't forget, that in some cases, the risks identified may be so inconsequential or the likelihood of occurrence so small that they best thing to do is accept the risk (a favorite of the Project Needs to Fail category is to load the project with as many of these risks as can be dreamed up).
Risk Management is a required step, but when you undertake Risk Management, remember Morey's Law #14: