The Risk Doctor at the Experts’ Forum

by Elizabeth on 12/07/2010

“The risk people are the business prevention people,” said David Hillson, at the beginning of his presentation at the Gower Experts’ Forum at the National Centre for Project Management.

He pointed out that the results from the 2009 CHAOS report aren’t that much better than those when CHAOS started out: last year the survey reported 24% of projects falling into the ‘Failed’ category, 44% as being ‘Challenged’ and only 32% being successful.  “Project Risk Management is supposed to help,” said Hillson. “Risk management gives us a clear focus on objectives.”

Hillson believes that risk management is the key driver for project success.  Of course he would, he’s the self-styled Risk Doctor.  But what he says does make a lot of sense.  Risk management:

  • makes us proactive, not reactive
  • creates the space to manage effectively
  • and ensures consensus and focus.

When it comes to getting better at risk management, Hillson presented 3 areas to improve:  Principles, Processes and People.

Principles

Hillson defines risk as “uncertainty that matters,” i.e. uncertainty that could have a risk on our project objectives.  “We don’t have every uncertainty in the world on our risk registers,” he said.  We filter out what matters by whether it will affect our objectives.  Different risks matter at different levels:  what is important to project objectives may not be important to strategic objectives.  Equally, we need to remember that risk is not always bad.  “Opportunity and threat are the two flavours of risk, but they are both risks,” Hillson explained.

The final principle Hillson touched on was the concept that overall project risk is different from risk events.  When a sponsor asks, “How risky is this project,” the answer is not, “Here is my risk register.”  Instead, there is a different judgement applied to the concept of risk as distinct from risks.  Risk is not equal to the sum of all the risks.

Processes

Two things are missing from our standard risk processes.

  1. When do we implement the risk response?
    Hillson pointed out that most standard risk processes stop with working out what the mitigating actions should be.  There is nowhere to actually do the doing of risk response.  He explained that people tend to think that this will be naturally incorporated into the project tasks but in reality it could be better managed.
  2. When do we learn?
    The risk management process is a circle – identify-assess-plan-review – so where does it stop?  There is no final step at project completion to incorporate the learnings into the post-implementation review or lessons learned exercise.

People

People do projects, and our risk attitudes frame how we respond to risk.  “If we understand and manage the way people position themselves with regard to risk, it will make our risk effectiveness better,” Hillson said.  He talked about a spectrum of risk attitude, and where you fall on it depends on the event.  For example, you may have a very cavalier approach to risk if you are gambling with matchsticks, but become much more cautious when abseiling for the first time.  Where you should be on the spectrum depends on what you are trying to achieve.

“We focus on the tools and forget about the people,” Hillson concluded.

It was a very interesting presentation.  You can by David Hillson’s book, Managing Risk in Projects, from Amazon.co.uk or Amazon.com.

Share

If you liked this, you might enjoy:

  1. Experts’ Forum at NCPM A transcript of this video is below. Elizabeth Harrin: Well I’m here in the beautiful grounds of Middlesex University at the National Centre for Project...
  2. David Cleden at the Experts’ Forum “I don’t think there are any magic bullets to deal with the uncertainty we face,” said David Cleden, when he presented at the Gower/NCPM Experts’...
  3. Book Review: A Short Guide to Facilitating Risk Management Risk meetings don’t have to be boring, although in my experience they often are.  A Short Guide to Facilitating Risk Management is out this month,...

Tagged as: hillson, risk

  • http://herdingcats.typepad.com/my_weblog/ Glen B Alleman

    In the aerospace and defense business, risk response is replaced with risk retirement.
    When the risk becomes an issue, you’ve usually spent the money and run out of time. So the project is now late and over budget, and you still haven’t solved the issue.

    The risk retirement plans are embedded in the Master Schedule, with funding and schedule assigned directly. The Active Risk Management tool (a UK company) connects the dots between the risk management processes and the Integrated Master Schedule to show where in the schedule risks move from RED to YELLOW to GREEN.

    Adopting this paradigm for the high impact risks increases the Probability of Program Success (PoPS) (another defense paradigm that would be useful in commercial IT), by measuring the reduction of risk exposure as a function of time – the increase in probability of success as the program moves from left to right, by “buying down” the risk.

  • http://www.elizabeth-harrin.com Elizabeth

    Risk retirement sounds as if you never use acceptance of risk as a strategy (have I got this right?), and accepting risk is something we do relatively frequently, depending on the estimated impact. I’ll look more into PoPS as that sounds like a useful measure, so thanks for mentioning that, Glen.

  • http://www.niwotridge.com Glen B. Alleman

    You can accept the risk, IF you also accept the consequences.

  • Pingback: pmpodcast (Cornelius Fichtner)

  • Benjamin Torres

    Have a look to pm-software.org. This site has several reviews about Free Project Management Software.

Previous post:

Next post: