Ten Most Common Project Risks, How To Analyse And Solve Them
As per The Wellingtone State of Project Management Report, “only 29% of the organisations mostly or always complete the projects on time”. This seems shocking but not when you consider the variety of risks facing any project (source: Wellington)
According to the Project Management Institute (PMI), the term Project refers to “any temporary endeavour with a definite beginning and end.” The Enterprise Risk Management handbook from the Institute of Risk Management cites the ISO 31000 definition of risk which is the “effect of uncertainty on objectives” where the outcome can range from positive to negative. This means all projects face a certain degree of uncertainty which can cause deviation from desired outcomes and not all risks are negative.
The risk management process is a core part of project management as it equips project managers and sponsors to assess the value gained from a project considering threats and opportunities associated with it and enables project managers to effectively respond to the uncertainties toward the successful completion of the project. The risk assessment of a project begins in the initiation stage and is a continuous process. As illustrated in the diagram below, it has four stages starting from identification of risks, analysis of impact, planning responses to risks and continuous monitoring.
Risk Register is a tool commonly used by project managers to maintain a log of all risks which facilitates risk monitoring and reporting. It contains information about the risk, expected frequency and impact and control mechanisms to solve reduce the uncertainty related to the risk.
While a project can face various kinds of risk, the most common kind of risks and how to mitigate them are laid out below:
- Risk Of Scope Changes: Also known as scope creep, this happens when additional tasks which were not originally part of the project plan are added on to the project often resulting in schedule and cost changes. It can also result from unanticipated required tasks. Project scope, requirements and critical dependencies should be clearly defined in the project charter and signed off by the project sponsors at the start of the project. A change control process should also be established and adopted to manage changes during the lifetime of the project.
- Budget Risk: Also known as cost risk, this is the risk of changes in planned project expenditure. Cost overrun can result from the scope or schedule changes or even poor planning. Deviations from the budget can further impact the expected gain from the project. If the management no longer considers it to be a viable investment, it can lead to project closure. Dyson Limited, a vacuum manufacturer had to pull the plug on its electric vehicle project in 2019 primarily due to a lack of prior expertise in automotive and underestimating the costs of producing EVs. Detailed project planning, cost analysis and continuous monitoring of costs can help to timely highlight and control budget overspend. Earned Value Analysis or EVA is an industry-accepted method for analysing variances in schedule and budget at any given time of the project (source: WBDG) and it helps to determine the cost, schedule, and work are proceeding as planned.
- Schedule Risk: This risk is simply the uncertainty of not meeting the estimated timelines for tasks involved in a project. This can result from over or underestimating the required time and effort or even poor sequencing of linked items. Delays can lead to increased cost, impact team motivation and may also cause to lose a competitive edge in highly competitive markets. Major milestones, deliverables and dependencies should be identified after the scope of work has been finalized. This is useful for defining a Work Breakdown Structure (WBS) and recording the tasks with due dates and resources required. Project managers can use tools like project management software and Gantt charts to closely monitor the progress and ensure there are no conflicts in scheduling. Any expected schedule changes should be proactively communicated to the project teams.
- Operational Risk: Operational risk stems from four components, namely, people, processes, systems, and external events (Source: The Basel Committee). Outsourcing processes have additional risks such as the risk of failure of vendor’s processes for example staff attrition which impacts project delivery. Companies outsourcing their processes must ensure that vendors are selected after thorough due diligence of processes and policies. Audit of internal and external processes facilitates in identifying breaches and requirements of controls. Control mechanisms such as firewalls and access key cards to restricted areas reduce the likelihood of unauthorized personnel gaining access to sensitive project information.
- Project Management Office Structure Constraints: This relates to the maturity and agility of the PMO division within the organization. The likelihood of project failure increases in the absence of experienced project managers and support systems such as project management software to manage complex projects. The role of project managers extends far beyond project planning and scheduling and requires competence in communication, decision making, managing expectations, problem-solving, negotiations, leadership and business understanding t. Hiring based on competency is one method of ensuring relevant project management experience and aptitude. Another way is to augment the skills and technical capabilities of the staff in PMO function by providing behavioural and functional training on applicable project management practices and tools.
- Governance Risk: Project governance is an oversight function which provides the project manager and team with structure, process, decision-making models and tools for managing and controlling the project. The project governance framework defines roles and responsibilities, stakeholder engagement, meetings, reporting, risk and issue management and assurance. An inefficient governance framework can lead to governance risks such as inadequate stakeholder engagement or non-alignment of key decision-makers in risk management or even miscommunication. Project governance should be clear and simple and be established at the initiation phase of the project. It should include the frequency, goal and audience of meetings and communication as well as the role of each team member.
- Strategic Risk: Risks related to the failure of achieving the organisation’s objectives and meeting strategy are strategic risks. These relate to any decisions taken by top management in pursuit of those objectives such as launching a new product or adopting technology which impacts long term project or organizational goals. Starbucks, the popular coffee company, had to shut down nearly 70% of its stores in Australia after launching in 2000 as sales declined drastically. Analysts attribute this failure to a lack of research and understanding of Australia’s thriving coffee industry and failure to adapt to local tastes. Organisation’s adopt methods of market research such as surveys, and target customer feedback for project viability before project initiation. Prototyping of products and soft launches to a small section of the market are examples of risk management tools which can be deployed to reduce the risk of failure and heavy costs associated with a full launch.
- Regulatory Risk: Changes in regulations and laws can materially impact organisation’s and industries, especially in heavily regulated sectors like insurance, and infrastructure. Changes in regulations can increase the cost of implementation of projects by requiring more stringent controls, delaying the launch, or rendering the project futile. This risk is often difficult to avoid. Keeping up to date with the news and upcoming changes can help to plan for the changes. Preparing contingency plans like alternate suppliers can also significantly reduce the risk of failure due to changes in regulation or policies which impact imports from select countries.
- Market Risk: Changing market conditions can impact the demand and supply as well as the price of commodities and resources critical to project performance and completion, thereby creating a risk. Risk management practices such as price adjustment clauses allow for controlling the cost of inflation on projects such as infrastructure. To ensure the availability of resources and materials, organisations resort to multiple supplier sourcing to reduce dependency on one vendor.
- External Hazard Risk: External hazard risks also known as force majeure events are typical risks which are beyond the control of project management. Examples of such risks are terrorism, earthquakes, floods, and the covid-19 pandemic. As with regulatory risk, external hazards are difficult to predict and avoid. Risk management strategies such as insurance and preparing contingency plans help to lead successful risk management of the project as well as the organization.
Many of these risks are interrelated and can give rise to other risks. For instance, complex regulatory requirements to launch in a new market can lead to schedule and budget risks as the organization might need more legal expertise and effort to be compliant with regulations. As the project evolves, project managers also need to be able to continuously identify, monitor and adapt to the emerging risks to the project. Research and understanding of the business environment and numerous factors shaping the industry is important to be able to keep pace with the risks, timely identification, and preparation. Documentation of learnings and feedback on project risk management post completion of the project is a good practice for building a knowledge repository and reducing the likelihood of risks in future.
Sources And Further Reading For Reference
Blog Author: Tashi – Senior Manager Programs at NuVenture International Ltd