n abn 85119749370 n office: 121 barringo road, new gisborne, vic 3438 n ph: 61 3 5428 2571 n fax: 61 3 5428 1435 n www.thomsettinternational.com
Risk in Projects The Total Tool Set
Rob Thomsett 2004
Risk In Projects – The Total Tool Set
Eyes Wide Shut (without Nicole and Tom to help)
Many project mangers, when first introduced to risk management, feel that there is something “macho” about undertaking high risk projects “without a net” and that formal risk management is a sign of weakness. Secretly, I guess that we all identify somewhat with Indiana Jones as he plunges from disaster to disaster just surviving by good luck and sheer guts. The good news is that if you run into another high risk project with your eyes shut at least you won’t see the risk until it hits you. Then, it is over suddenly.
Organisations have been practicing formal risk management for many years. For example, in the financial sector, there is a highly formalized process of risk assessment and risk control in lending. Upon receiving an application for a loan, the Loans Manager would undertake a risk assessment based on the applicant's current financial position, length and stability of employment, credit rating, amount of money requested, proposed term, proposed security and so on. Risk control would then be applied to the loan including offloading the loan, insurance, monitoring of payments, late payment patterns, etc. The popularity of Peter Berstein’s Against the Gods: The Remarkable Story of Risk  indicates that many Organisations are beginning to see risk management as a major issue for 21st Century management1. However, studies by Accenture2 and Cutter Information 3 show that in the general area of projects and software/technology projects, in particular, the understanding and implementation of formal risk management is extremely inconsistent. A few years ago, our group observed this situation in a client which was acquiring another organisation for $400,000,000. The normal Business Risk management practices of due diligence, forensic accounting reviews and so on were undertaken by external experts and took over 3 months. In addition, given that both companies were in the financial sector, another group of external risk reviews were undertaken by a number of governmental financial sector “watch-dogs”. The resultant risk reports were then submitted to the Board of the acquiring company. The same Board had just signed off on a $100,000,000 software project with no formal risk assessment report! The project cost over $400,000,000 in the end.
The Risk Management process
The management of risk, in the project environment 4, involves four related processes (note: some experts such as Robert Charette  treat risk management as a separate component to risk assessment though most experts see risk management as the overall process). Figure 1 summarises the various elements of risk management. The first is generally termed Risk Assessment. This process involves the identification of risk factors that are intrinsic in the activity being undertaken. For example, in the activity of commuting from home to work, we face a number of risks: • • • 1
is the family car working? are the trains, buses or public transport on time? do we have to drop the kids off at school?
This growing awareness has been helped by the Enron, World Com, dot-com bubble collapses and unfortunately by 9/11. 2 Internal client presentation by Accenture in 1996. 3 www.cutter.com 4 In the broader risk arena, there are as many risk models as there are businesses. For example, political risk, future trading risk, capital risk, war risk and so on. Page 1
Risk In Projects – The Total Tool Set
• • how long is the commute? what is the weather like?
Risk Reduction Risk Management Risk Tracking