Transcript:

Hello and welcome to our Impactful Projects and Planning series.

I'm Jami Yazdani. In today's session, we'll talk about how to identify and manage project risks. And so what do we mean when we say managing project risk, much like project management, risk management is a distinct discipline in itself, and like project management, it intersects with many aspects of the work happening across an organization. From a project management perspective, risk management considers potential risks that could impact a project with the ultimate goal of minimizing the negative impact of threats and maximizing any potential opportunities.

To meet this goal, there are really four activities that we want to undertake as part of project risk management. First, we want to identify the potential risks to our project. Second, we want to plan how we'll respond to those risks. Third, we want to monitor risk throughout the project, and then fourth, implement any response if risks become a reality. So let's walk through each of these activities

to manage project risks. The first thing we need to do is identify any potential risks to our project. There are lots of ways to approach this, but the simplest way is to look at your project environment for mission driven organizations, we can ask a couple of questions. So first, what outside forces could derail our project? And so these could be things like a funder or partner not providing promise resources. It could be economic or political factors like changing prices or new regulations. We can also consider inside forces so those things that happen within our organizational environment, perhaps we have limited capacity to staff or support the project. There could also be a resistance to the change that the project will bring. There could also be departmental silos or communication issues that will make collaboration challenging. We can also consider the assumptions we are making, and then what might happen if those assumptions are wrong, so maybe we're assuming certain staff with key skills will be available, or that a vendor is going to deliver support on time, or that we're going to have access to certain data or information. If any of these assumptions are wrong, they could become risks to the project.

We can also look at past projects. So what went wrong in those projects? What challenges did those projects face? Those challenges might also be risks to our project.

It's really important to note that risks are conditions that may impact your project, and technically, they can either be positive or negative. And so while you can identify positive risks or possible opportunities, most project managers tend to focus on negative risks or threats more than positive ones. And if we really think about that, that makes sense from an impact and time perspective, we want to have plans and responses in place for potential negative risks or threats to our project, so that we can either avoid them or react quickly if they occur. The reality is that most positive risks are going to be easier to respond to, and may even give us more time in the project, more time to act. So it makes sense to spend less time worrying about them. So I don't know about you, but I spend more time planning for personal negative financial risks, like saving enough for retirement than I do, planning for a positive risk, like what I do if I won the lottery, if I won the lottery and could retire early, I'm sure I'd figure it out. And so that same logic really does apply to most projects. If the project suddenly got an influx of money or time or resources, I'm sure we'd all be able to figure out what our response would be.

So project management risk starts with that clear identification of risks to our project. Different projects and different organizations will, of course, have different risks, but there are a couple of common negative risks that I tend to see in projects, in nonprofits and other mission driven environments. So a common threat is funding instability, whether from a reliance on donors or government entities, or because of economic downturns or because of grant dependency. So not having enough funds or access to funds when we need them, represents a significant risk to most projects, underestimating our budget, our budget needs, our project timelines, perhaps to meet funder requirements, is another common risk that I see. So maybe we've promised more than we can reasonably deliver with the money we have or the time we have, and so our project is going to risk delays or unmet goals or even cancelation.

Scope creep is another common risk in mission driven projects which is sometimes related, sometimes related, or stems from another risk, and that's that diverse stakeholders don't agree on the scope or deliverables. And so scope creep happens when we start adding elements and deliverables to our project beyond what we initially intended. This represents a huge risk, because it can delay and derail our project scope creep sometimes happens because stakeholders don't agree on the project scope or deliverables, or once we start engaging with stakeholders, we find that their needs and wants are different than we imagined. Again, this can create delays or derail our project entirely. Another common risk is a reliance on volunteers, and so these are folks who may or may not have the time or skill set that we need. And so we could also have key volunteers leave in the middle of a project. And finally, high rates of turnover and burnout in our organizations. And so turnover is an issue in most organizations and a risk for for many, many projects, as a key project team member could always leave the organization, but turnover and burnout are of specific concern and mission driven organization where reports of both are disturbingly high. And so while we can plan for turnover by thinking about backups or making sure we have folks on our project team who share skills, burnout is little trickier. And so if your colleagues are already overloaded with responsibilities, it can be really hard to have your project's task rise to the top of their to do list. So those are just a few common risks. Once we've identified risks, we can plan for how we will respond to them.

Now there are so many risks to our project, again, that it makes sense to focus on those that will most negatively impact our project, but also those that are most likely to happen, and so for high impact, high probability risks, we absolutely want to spend some time planning for how we will respond to them. Now, best practice is to create what's called a risk register, and that's where we document the risk, the trigger, or what specifically has to happen for us to say that this risk has become a reality and that we want to respond to it, what our response will be, and who will be responsible for monitoring and responding that's the owner of the risk. We can also use the risk register to categorize or rank our risk by their impact and probability. Our goal with creating a risk register isn't to create more paperwork or project documents, but to really think through what we would do if things go wrong, so that we can react quickly. Now, while risk registers are absolutely best practice, the reality is that most project managers, once they've identified a risk, we really kind of have two options. We can either try to mitigate or avoid that risk early by incorporating our response into our project plan, or many of us. I think the reality really is that the other option that many project managers take is that we're going to think through a possible response to some of these risks, but we're not going to document it. We're going to keep it in our back pocket. If we think about these two options, and if you like sports analogies, we might think about this as playing offense or defense. So we can play offense and try to avoid a risk entirely by planning for it during project planning, or we can do minimal planning for it so that we are ready to play defense if the risk occurs and so.

So if a risk is that a vendor might not deliver on time, I could play offense by trying to build an extra time around their deliverable, or by planning for increased communication with the event, with the vendor to avoid the risk from happening in the first place. The longer you manage projects, the easier this type of offense really becomes as your approach to projects will incorporate elements that help you avoid common risks. And so one of the reasons I suggest folks focus on Project communication during planning is to help avoid many common risks that can be mitigated using more effective communication. Now, if you don't try to avoid a risk early by incorporating mitigation into your project plan, then most project managers just keep their responses in their back pocket. Essentially, they have a rough idea of how they will play defense, how they will respond. So maybe I've thought through how I might respond to a vendor risk maybe by tweaking the schedule having a backup vendor, even if I don't document it in a risk register.

And so again, our goal with risk management is to identify risks and plan our responses for complex projects and very significant risks. Go ahead and create that risk register. It's also a useful exercise. If you're new to project management or new to an organization, it really cannot hurt to bring our defense out of our back pocket where others can see it. All right, so for risk responses that we haven't tried to incorporate into our plan, our next step is to monitor those risks that we've identified. Much like we identify risks by looking to our project environment. We monitor risk by paying attention to what's happening in our project and our project's environment. So essentially, we keep an eye on those internal and external forces and possible points of failure, and if our risk does become a reality, then we take action by implementing the responses we've been planning, whether we've been planning them on a risk register or we've had those responses in our back pocket. So if we go back to our common project management risks in mission driven environments, there are several that I do think can be mitigated or at least reduced through good project planning. So scopes creep, stakeholder divergence, volunteer Alliance and staff burnout and turnover can often be avoided through careful planning for stakeholder engagement by assigning clear roles through communication approaches. And so, for example, if we plan to spend some time discussing and confirming the project scope with key stakeholders early in the project, that can often help us avoid scope creep for something like staff turnover, we can be thoughtful about who is included on our project team to ensure we have folks with overlapping skills, or by increasing collaboration on tasks so folks could step in for someone else. But it's also something we may just want to monitor and have ideas about who might step in if someone leaves. Some of these other risks are, I would say, harder to mitigate through project planning, but these are actually risks that can be mitigated before a project even begins, if your organization engages in project feasibility planning, and so if we have carefully considered our capacity, our funding, our resources before we start a project, we set our project up for success, and we can avoid some of these risks, but monitoring and having a response plan may also be necessary. So that was a really quick introduction to managing project risks. We want to identify potential risks plan how we'll respond, whether it's through offense, by incorporating the response into our project plan, or through defense, by planning how we will respond, then we monitor our risk and implement any responses if risk becomes a reality. Now before I take any questions you might be interested in our project planning checklist, the simple checklist helps you and your team consider the essential elements that set projects up for success, scope, stakeholders, roles, resources, risks and more. This free download helps you move from idea to execution with clarity and confidence. You can find it at yazdaniconsulting.com/resources if you're curious about how our approach to project management helps mission driven leaders bring clarity and calm to complex work, visit yazdaniconsulting.com/approach to learn more, and because your plan is only as strong as your people, we can also work with you to develop customized project management training that empowers, aligns, and can make your team more self-sufficient. All right, so I'm happy to take any questions that you have about project risk. Please add them in the comments. I'll give folks a few moments to add their questions. If I'm not able to answer your question live, I'm happy to respond later in the comments. And you can also find all of the ways to contact me at yazdaniconsulting.com/contact please, reach out if you'd like to talk about risk or about projects in general.

Okay, so a question is the risk register includes someone who owns the risk. Who should that be?

And so this is a great question. Generally, I would say it should be a stakeholder, usually someone who's on your core project team, maybe a project sponsor. It really should be a person who is in the best position to know when the trigger happens. So somebody that's in a really good position to be monitoring the Project and Project environment to know when something happens, but also is able to either manage the response, like help initiate that response, or at least is in a position to kind of engage with whoever needs to enact that response. So for the backup vendor example, if one of our responses is to go with a backup vendor, if a vendor doesn't deliver on time, maybe it would be someone on your project team who would be working closely with the vendor right so they would know when, when things had gone awry. Or it could be someone on your project team who's in a good position to work with your finance folks to get a new contract going with a vendor. Now, even though we assign an owner when we write a risk register, or even if we kind of have a response in our back pocket, the risk register is ultimately the responsibility of the project manager, as we do, have, you know, a more complete view, kind of overall, broad view of the project than anyone else does.

All right, great. So feel free to comment or reach out to me with any additional questions, and thank you for participating in our impactful projects and Planning series, visit yazdaniconsulting.com/ipp to find about upcoming sessions and to view recordings of all of the past sessions in this series. Thank you.