This article originally appeared in PARADIGM SHIFT THE AIPM DIGITAL MAGAZINE Winter 2020.
How many organisations have you seen that do not manage risk well, especially project risk?
Consider the recent news headlines – Banking, Health, Infrastructure, Transport, Governments, Travel. They’ve all experienced failures in risk management.
Most organisations have a corporate risk management framework, but this tends to be targeted at controlling executive level risks. And where safety is involved, they can be great at handling the operational risks.
Unfortunately, when it comes to projects, people tend to be poor at evaluating Risk. Part of this is down to our brains not being good at probabilities and reacting intuitively when presented with risks.
Because of this, risk management tends to play a supporting role in Projects, which is a concern as Risk Management is why Project Management exists.
Along the way, we have lost sight of Why of project management, and the What and the How gained prominence.
Long before Project Management, the management of Risk grew and matured out of the desire to invest in new ventures.
The success (although some say failing) of the human race comes from the ability to innovate, change and do things differently. This requires investment in people, time, resources and money. But true success comes from understanding and assessing the risks of a new venture – what are the opportunities and threats?
When risk isn’t considered, we put success down to luck, and failure to lack of common sense – and the extreme consequence of this as “Darwinism in action”.
So how did Project Management get to where it is today, and what does Risk have to do with it?
Project Management started to develop as a discipline to manage certain types of risk in the late 1800s, and evolved over the next 100 years, mainly driven by passionate practitioners from the disciplined background of engineering where there was a focus on increasing precision and measurement – Gantt charts, PERT, EVM, WBS, Monte Carlo Simulations, etc.
From these, the project management standards of today came to the fore and Risk was put into a supporting role.
Consider PMI®’s PMBoK® with a focus is on the Triple Constraints of Time, Cost, and Scope. Risk is lucky to be listed at number eight in the PMBoK top 10, just above procurement.
PRINCE2® “PRojects IN Controlled Environments, 2nd edition”, another heavyweight, was released in 1996 and built on the earlier PRINCE method, which was announced and developed in 1989 by CCTA (the Central Computer and Telecommunications Agency), a UK government support agency.
The purpose of the PRINCE2 approach was to design a framework for managing projects in well-controlled environments, but people tend to focus on word “Projects”, rather than “Controlled Environments” where Risk is a key factor.
Risk does have roles in PRINCE2® as a Theme and an Aspect but it is not one of the seven Principles. But read these again and you will see they are all controls for Risk.
- Continued Business Justification
- Learn From Experience
- Defined Roles and Responsibilities
- Manage by Stages
- Manage by Exception
- Focus on Products
- Tailor to Suit Project Environment
Critics of approaches such as PMBoK and PRINCE2 also point out the Project is positioned as the be-all and end-all – a bit like the Big Bang at the start of the Universe, total chaos before and total chaos after – given the performance of many projects, they could argue there is only a marginal improvement between.
The custodians of project management standards recognised these limitations and reacted by extending products to consider Programs and Portfolios, but Projects are still at the core.
In a paper called “Existentialism, Evolution, and the matter of project management enquiry” at the 2011 AIPM Conference in Brisbane, Jon Whitty observed that these embedded standards can objectify “the Project” and constrain the industry, preventing evolution and change.
Over the past 20 years or so, these constraints have led to increasing dissatisfaction in how projects are managed. At the core is inappropriate controls being applied to manage investment risk.
Take software development as an example, the traditional waterfall approach does not provide controls for the high level of uncertainty in the design. Or the perceived excessive administrative overhead when project management is applied to incremental change in operations.
This has seen the emergence and evolution of competing ways to manage delivery of investments – Agile, Scrum, SAFe, Lean, etc. The tension between these has drawn battle-lines between the different camps.
This undermines the profession and returning the focus to Risk is a way to reunite practitioners. We need to get back to why we even consider doing projects.
At the end of the day, project management can be summarised into continually asking “Where’s the Risk?” to make sure the right controls for Risk are in place to:
- Understand why an investment is needed
- Clearly define the expected outcome from the investment (this will enable the benefits to be defined)
- Assess what could impact/enhance the outcome (Risks)
- Work out the most effective way to deliver the change (traditional, agile, lean, hybrid, etc) taking into account the Risks.
- Regularly check controls for risk and make sure other factors have not changed, which could change the risks and outcomes
For those that find this article of interest, there were a variety of topics covered when researching this recent article in AIPM’s Paradigm Shift but there wasn’t enough space to provide links, so we thought we’d share them now
Here’s the link to Paradigm Shift for those of you that are AIPM Members: https://www.aipm.com.au/resources/paradigm-shift-magazine
Against the Gods: The Remarkable Story of Risk, Peter L. Bernstein – ISBN: 978-0-471-29563-1:https://www.wiley.com/en-au/Against+the+Gods:+The+Remarkable+Story+of+Risk-p-9780471295631
Risk assessment and risk management: Review of recent advances on their foundation by Terje Aven, European Journal of Operational Research: https://www.sciencedirect.com/science/article/pii/S0377221715011479?via%3Dihub
Here’s the link to the ISO31000 Risk Management standard: https://www.iso.org/iso-31000-risk-management.html
For those that like a more multimedia experience, here’s a YouTube video on A Short History of Risk: https://www.youtube.com/watch?v=SO3PTAUP2HQ
Leading into project management, this site explores the History of Project Management: https://www.projectmanager.com/blog/history-project-management
As a leader in the evolution of project management, check out David Baccarini’s body of work on risk in project management over the past 30 Years: https://staffportal.curtin.edu.au/staff/profile/view/david-baccarini-fdad7f7f/
He also did some great work on using the Monte Carlo Method. It can be hard to get your head around, so here’s a start: https://en.wikipedia.org/wiki/Monte_Carlo_method
The article references Jon Whitty’s paper on Existentialism, Evolution, and the matter of project management enquiry, Whitty, S. J. (2011). In: Proceeding of the 25th IPMA World Congress on Project Management, Brisbane, Australia, October 2011, which can be found here: https://www.researchgate.net/publication/336055722_Existentialism_Evolution_and_the_matter_of_project_management_enquiry
Check out the AIPM website, which has a series of videos on IT Portfolio Risk Management by Gordon Dunbar: https://www.aipm.com.au/resources/pm-webinars-and-recorded-events
We also had an article on mitigating project risk recently: https://metapm.com.au/5-steps-to-mitigate-project-risk/
For those wondering why we are so bad at understanding risk, here are a few studies:
Why Our Brains Do Not Intuitively Grasp Probabilities: https://www.scientificamerican.com/article/why-our-brains-do-not-intuitively-grasp-probabilities/
Eric Horowitz asks “Why Are People Bad at Evaluating Risks?” in this article: https://www.psychologytoday.com/au/blog/the-inertia-trap/201303/why-are-people-bad-evaluating-risks