Understand Risk Analysis
As I mentioned before, a project can also come with risks. And as a manager, you need to be aware of these risks to avoid being overly optimistic!
There are so many times when I’ve been confident about the deadlines for certain tasks, only to find that I’ve missed them! You obviously don’t want to be in that same situation. 😅 You need to take a different approach and predict the unpredictable. In other words, identify unexpected events or issues that might occur. A formal approach to this would be to produce a risk analysis and a risk prevention plan.
The risk analysis and risk prevention plan are documents that provide details of the risks that could impact on the success of the project. They explain how to manage issues and plan for any damaging consequences that could result if the issue were to occur.
As the project supervisor, it will be your responsibility to produce the risk analysis and prevention plan. These documents will contribute greatly to the quality of your project management.
In some ways, your role is to guarantee the resilience of the project, ensuring that it holds up when faced with unexpected or random events that could jeopardize its objectives.
At which stage of the project should I produce the risk analysis?
You can start the risk analysis during the very first stage.
However, you will need to keep it updated throughout the project by adding new unplanned items.
Start the Risk Analysis
An efficient way of producing your risk analysis is to focus on two important activities: your strategy for identifying risks and your approach for their day-to-day management.
Define the Scope
When you’re trying to identify risks, the first thing you can do is define the areas you wish to monitor. Do you want to detect risks to your project schedule? Your methodology? Your resources? Or perhaps your development quality?
Lead a Brainstorming Session
Once you’ve defined the scope for your analysis, you can compile a list of potential risks that you’ve identified.
To generate a comprehensive list, ask for your team’s contribution via a brainstorming activity. For example, you could use a SWOT analysis to create an inventory of positive and negative factors in the project. This approach will guide you toward identifying a number of risks.
I’ve also heard of a TOWS analysis. What’s this?
A TOWS analysis is an extension of the SWOT analysis. It’s a diagnostic tool that identifies the relationship between the strengths, weaknesses, potential opportunities, and threats that need to be considered within an organization.
The Four SWOT Elements:
S (Strengths): Things you do really well.
W (Weaknesses): Areas for improvement.
O (Opportunities): Positive opportunities that could arise.
T (Threats): Dangers or problems that could occur.
How should I produce my SWOT and TOWS analyses?
Meeting: Put together a multi-skilled team.
Brainstorming: For each SWOT element (strengths, weaknesses, etc.), list whatever comes to mind.
TOWS matrix: Put the SWOT elements together in a TOWS matrix to develop your strategies:
Strengths-Opportunities (SO): How can you leverage your assets to take advantage of any good opportunities?
Weaknesses-Opportunities (WO): How can you improve your weaknesses to be able to grasp good opportunities?
Strengths-Threats (ST): How can you use your assets to protect against risks?
Weaknesses-Threats (WT): How can you ensure that your weaknesses won’t make you vulnerable to risks?
By working together as a team and using the TOWS matrix, you’ll be able to detect potential risks.
Identify Risk Types
To flush out the different areas that could present risks, I suggest using a diagnostic questionnaire to help you determine potential risks to your project.
It covers seven different themes:
Project Resource Risks
These risks relate to resource availability, suitability, and management required to deliver a project. These may include human, material, or financial resources.
By identifying them, you’re ensuring that the project has the resources it needs to deliver its benefits and planning for any gaps or overspends.
Project Resource Risks | Status |
Does the project have sufficient resources (human, material, and financial)? | [YES/NO] |
Are the team roles and responsibilities clearly defined? | [YES/NO] |
Have adequate monitoring and control mechanisms been put in place for the project? | [YES/NO] |
What are the key project dates and are they all feasible? | [YES/NO] |
Is the workload evenly distributed between team members? | [YES/NO] |
Is the project delivery schedule realistic? | [YES/NO] |
Technical Risks
These risks relate to technological issues, defects, or potential obsolescence in the technology used.
By identifying them, you can guarantee that the chosen technical solutions are suitable and reliable. Alternatively, you can arrange for support or a replacement.
Technical Risks | Status |
Are there any potential risks when integrating with other systems? | [YES/NO] |
Are the testing and development tools sufficiently robust for the project? | [YES/NO] |
Which steps are the most important for the project to succeed? | [TO BE COMPLETED] |
Which parts of the project are the most complex to develop? | [TO BE COMPLETED] |
Does the team have a clear understanding of the development priorities? | [YES/NO] |
Are there any risks associated with prioritizing the development tasks? | [YES/NO] |
Is the chosen technology suitable for the project requirements? | [YES/NO] |
Team Management Risks
These risks relate to team management aspects, such as staff turnover, insufficient skills, or internal conflicts.
By detecting them, you can ensure that the team is stable, competent, and motivated, which is essential for project success.
Team Management Risks | Status |
Are all team members available when you need them? | [YES/NO] |
Are there any risks of staff turnover or burnout within the team? | [YES/NO] |
Are team roles and responsibilities clearly defined and understood by all team members? | [YES/NO] |
Does the team have the necessary skills for the project? | [YES/NO] |
Organizational Risks
These risks relate to the organizational structure, culture, and processes.
By taking these risks into account, you can anticipate any organizational obstacles that could jeopardize the progress of the project.
Organizational Risks | Status |
Is there enough support for the project from the leadership team? | [YES/NO] |
Could any internal procedures within the organization prevent the project from running smoothly? | [YES/NO] |
Is the organization ready to adopt the changes required by the project? | [YES/NO] |
Quality Risks
These risks relate to the project’s adherence to quality standards and expectations.
By identifying them, you can guarantee that the project will meet the required standards and stakeholder expectations.
Quality Risks | Status |
Have quality assurance processes been put in place for the project? | [YES/NO] |
Is there sufficient testing planned to guarantee product quality? | [YES/NO] |
Is the project capable of meeting all user requirements? | [YES/NO] |
Security Risks
These risks relate to the protection of data, assets, and people against potential threats.
By identifying them, you’ll be able to take measures to protect the organization from loss, damage, or reputational harm.
Security Risks | Status |
Does the application comply with security standards and best practices? | [YES/NO] |
Is there a plan to manage security vulnerabilities that might emerge post launch? | [YES/NO] |
Is the project taking security issues into account from the outset? | [YES/NO] |
Compliance Risks
These risks relate to failing to adhere to current laws, regulations, and standards.
By identifying them, you can ensure that the project complies with all legal and regulatory stipulations to avoid potential sanctions or legal action.
Compliance Risks | Status |
Are there any compliance risks that could result in sanctions or fines? | [YES/NO] |
Does the company have evidence to prove its compliance if there’s an audit? | [YES/NO] |
Does the application adhere to all relevant laws and regulations (e.g., data protection, accessibility)? | [YES/NO] |
Identify the Impact
Once you’ve compiled your list of risks, you need to assess the impacts on the project if they were to arise. What are the consequences of delivering the functional specifications late? What impact would short-staffing due to vacations have on the project?
By asking these types of questions for each risk, you’ll be able to identify their effects on the project.
Measure Risk Criticality
Risk Prioritization
Once the risks and their impacts have been identified, you then need to focus your efforts on prioritizing them.
How do you distinguish primary risks from secondary risks?
To determine risk priorities, you need to make use of risk assessment criteria. There are two very well-known criteria, which are probability and severity:
Criteria 1—probability: Is this a recurrent risk?
Criteria 2—severity: Will this have a serious impact on the project?
With the help of your team, you’ll be able to assign a probability score using the following scale:
1: very low
2: low
3: medium
4: high
5: very high
You can use the same scoring scale for severity. You can then calculate the criticality of each risk by multiplying its probability by its severity.
Risk Title: “Numerous failed tests”
Probability: 3 out of 5
Severity: 4 out of 5
probability (3) x severity (4) = criticality (12 pts)
By assigning a score to each of your risks, you’ll be able to sort them from the most critical to the lowest impact.
Risk classification example:
Risk #1: Understaffing due to vacations (15 pts)
Risk #2: Numerous failed tests (12 pts)
Risk #3: Late delivery of functional specifications (10 pts)
Establish Preventive Measures
Once you’ve identified your risks, you also need to find solutions to prevent the risks from occurring. You’ll produce a prevention plan to help you do this. This is a set of actions and precautions you’ll need to have considered beforehand to mitigate any issues.
Here’s an example:
Risk: The project is not able to meet all the user requirements.
Your thought process: How can we avoid creating a product that doesn’t meet user requirements?
Preventive measure: Validate the functional and technical specifications with the users and check that the planned functionality covers all the requirements.
By applying this principle to a large number of risks, you’ll be able to flesh out your table, which will represent your prevention plan.
However, it might be that some risks are so critical that they could jeopardize the viability of the project. In this case, feel free to focus your efforts on putting safeguards in place as preventive measures. By applying these correctly, you will decrease the probability of this risk occurring.
As a final note, remember to always designate someone well qualified to be responsible for handling each risk. As project manager, you don’t have to be responsible for executing all of the preventive measures.
For example, you could give a software architect responsibility for ensuring that good coding practices are applied within the development teams in order to minimize some technological risks.
And finally, remember that you should update your schedule and budget based on your prevention plan. Some measures could cost more in terms of time or additional budget. For example, improving your team’s skills could require additional time and money to pay for training.
Risks | Probability | Severity | Criticality | Person responsible | Preventive actions |
The project is not able to meet all the user requirements | 2 | 5 | 10 | Nathan (IT project team manager) | Organize workshops and validate the specifications with the project owners |
Plan Corrective Actions
In an ideal world, you’d love to have a project with no risks or unknowns. But this is rarely the case in reality. You might lose sight of certain aspects or issues could arise in spite of your preventive measures.
So, what do I do?
This is the time when you’ll need to apply corrective actions. These are measures that will alleviate the impact of a risk that has already occurred.
Let’s look at how to define corrective actions:
Risk: The project is not able to meet all the user requirements.
Your thought process: How can we handle the consequences or limit the impact of a gap between the product and the user expectations?
Corrective action: Prioritize the new requirements with the client, redefine the relevant specifications, and/or strengthen the development teams.
Risks | Probability | Severity | Criticality | Person responsible | Preventive actions | Corrective actions | Monitoring period |
The project is not able to meet all the user requirements | 2 | 5 | 10 | Nathan (IT project team manager) | Organize workshops and validate the specifications with the project owners | Prioritize the new requirements with the client, redefine the relevant specifications, and/or strengthen the development teams | from Oct 3rd to Oct 20th |
Once you’ve defined your preventive measures and corrective actions, you’ll need to add what we call a monitoring period.
This could be a date range or a particular phase in the V-model process when you’ll actively monitor the risk. There will be specific times when it will be important to monitor certain risks to check for early-warning signs.
Over to You!
Background
As project manager, you play a key role at AirGalaxy.
Your task is to manage the risks that are inherent in this kind of project. However well a project is planned, risks can occur that may compromise the success of the project. These risks must be identified, assessed, and mitigated in a proactive way.
Instructions
In this exercise, you’ll to complete the Notion prevention plan for the AirGalaxy test application project.
For each risk that hasn’t been fully completed in the table, you’ll need to select the appropriate category (technological, operational, financial, or legal) and complete the details.
For each risk that hasn’t been fully completed in the table, your task is also to suggest preventive measures and corrective actions. These actions must be concise, relevant, and aligned with the project context.
Let’s Recap
The risk analysis and prevention plan enable you to plan for and react to unexpected events that could jeopardize the project.
Diagnostic tools exist to identify, classify, and measure risks.
You should also use your team’s experience to help you carry out an effective risk analysis.
Preventive measures enable you to avoid risks, whereas corrective actions handle their consequences.
Probability x severity = criticality: A risk’s “criticality” measures the extent to which an issue is likely to happen and how damaging it could be.
Now that you understand how to assess and manage risks, we’ll define how to produce an effective project management plan to optimize the organization of the project.
