Managing Risk Management
There are many options to help handle risk management efforts, from consultants to software to books.
For manufacturers, there is less and less margin for error: more competition, increasing costs of materials, changing government regulations and enforcement, rapidly evolving technologies and stricter compliance standards—not to mention managing people. Risk management today should be an integral part of the design, manufacturing and production process. It should be included in the design and development phase to prevent lost time later on because of missteps; and if the design of an item changes because of production concerns, the risk management attached to the item should change as well.
The good news is that there are many options to help handle risk management efforts, from consultants to software to books. Here is some background information that will help simplify your decisions about how to manage risk in your company.
The first step is to identify the risks for the process or event. Companies with certified Project Management Professionals (PMPs) have the advantage of “Lessons Learned” reports for reference. PMPs close out every project with a report that captures reference material, successful strategies and tactics and suggestions that solve challenges in subsequent projects.
Another way to identify risk is by using a scenario workshop, which should include the project team, the project leader, a facilitator and representatives from different segments of the design and production process. Cross-functional teams with members from a variety of disciplines and corporate departments can provide a 360-degree view. Planning a scenario workshop requires a skilled facilitator to move the process along and not get stuck in war stories and gloom-and-doom scenarios—the goal is to record anything that might prevent the team members from completing their project successfully and not quibble over what is or is not a risk.
Calculating and Prioritizing Risk
After collecting the group’s notes of potential risks, eliminating duplicates and grouping similar categories together, you and your project team must assess each risk. This process has two aspects: estimating the risk itself and agreeing, as a group, how much risk to tolerate in the project.
A simple way to approach this task is with a risk matrix (see chart below). The chart maps out the likelihood of an event and the impact of the event—low, moderate, high, or extreme—on the final project’s success.
All risks are not created equal; obviously, it’s critical to spend the most time and energy on the risks that cause the biggest losses. The events that can derail a project for any reason are the number one priority. The other risks can be prioritized based on what I call GFI—gut feel index—or on an agreed upon set of criteria. The criteria most project teams use is to consider the effects of a risk and the likelihood that it will occur. Whatever the prioritization measure used, use it consistently and focus on the big risks.
The other half of this process, the risk tolerance level, specifies the amount of uncertainty the group is willing to accept in creating the project. In project agreements, risk tolerance level is determined by simply asking team members and the team sponsor, “How much risk or uncertainty is acceptable on this project? Rank the tolerance level from 1 (low) to 10 (high).” It is important to discuss how your team ranks risk tolerance and make sure that it is aligned with your corporate culture. Some cultures thrive on high risk tolerance, and innovation doesn’t always happen in environments that are always low risk.
Once your team has identified potential risks and agreed upon the tolerance level, then the group can prioritize by voting on which risks to mitigate or manage. A risk matrix (the chart below, for example) is a good starting point for this. A sample outcome for a team using the risk matrix might be that since the team decided it can tolerate very little risk for completing the project, it will develop countermeasures for any risk that has three votes or more for at least moderate probability or impact.
A risk countermeasure is a preventative action or a contingency plan. For each risk, the team determines if there should be a countermeasure based on the voting and the risk tolerance level. If the team accepts a low risk tolerance level, then risks with at least a moderate chance of occurring, with at least a moderate impact, must have a countermeasure. A countermeasure can either be a preventative measure or a contingency plan, depending on the level of likelihood and impact.
While some countermeasures are a team effort, it has also been found that when everyone is responsible, no one is accountable. In my project management philosophy, there is single-point accountability. That means one person is responsible for each deliverable, and this extends to the risk countermeasures as well. Therefore, in the project risk management meeting, the team identifies the member responsible for each countermeasure.
I also recommend that even risks that the team decides are not significant enough to warrant developing a countermeasure should be documented. The reason to document all the risks identified is that often people external to a project will identify a risk and ask a project team member what he or she is going to do about it. Having
documentation of all the identified risks allows the team member to explain that the team considered the risk, but determined that it did not warrant a countermeasure.
Risk management is one part research, one part prediction and one part caution. By involving your team, everyone benefits by exercising their problem solving skills and honing their “risk versus benefit” expertise. Rather than thinking of risk as perilous, hazardous or menacing, careful risk management can transform your planning process into an energizing and revitalizing opportunity for you and your team.
Michelle LaBrosse is the founder of Cheetah Learning, the author of the “Cheetah Success Series” and a keynote speaker and industry thought leader. E-mail her at