Risk is “uncertainty that matters”. When most people talk about risk in projects, they are thinking only about uncertain future events that would negatively impact project time, cost, and performance objectives. In reality, risk can be either negative (threats) or positive (opportunities).
Filipe Passos – Risk & Assurance Manager – shares his perspective on the role risk management plays in successful project outcomes.
What is risk management about and why is it important?
Risk management helps proactively capture opportunities and limit threats by defining the total amount and severity of risk, plus the amount of provision for mitigation needed.
Our clients already know there are risks associated with their projects but need our help answering questions like, ‘how long the project will take until completion?’ (schedule risk), ‘how much it will cost?’ (cost risk), ‘will the product perform as intended?’ (performance risk), and ‘how many resources do I allocate towards avoiding all the things that can go wrong?’ It allows our clients to make informed decisions balancing performance, whole life cost, timescale, and value for money.
It’s easy to underestimate the amount of resource and effort required to deliver successfully. Often, project teams underestimate cost and duration but overestimate benefits, partly because those working directly on a project are often too close to the work to see early warnings signs.
What are some misconceptions about risk management?
There will always be some unavoidable risk no matter what you do. Risk management is equally about instructing clients how to prepare contingency plans.
There’s no single right way to document an organisation’s risk profile. Every organisation has different needs and some types of risk are better suited to numerical diagnosis – particularly financial risk – while others like reputational risk are more subjective. That makes risk assessment more an art than a science, but you must develop some framework for documenting risks.
Not all risk is inherently detrimental. There’s ‘beneficial risk’ too, which considers how much one is prepared to actively put at risk to obtain the benefits of an opportunity. It’s about comparing the value – financial or otherwise – of potential benefits with the potential losses.
What are the biggest challenges of risk assurance?
Human bias. In a competitive world, projects need planning to succeed. Project managers and project teams are rightly encouraged to demonstrate a can-do mentality, but that can lead to underestimation of risk. Group consensus decisions often fail to reflect the average initial opinion of the constituent individuals. Instead, they often shift to extremes. In a project team with ambitious can-do individuals, risk estimates made or reviewed on a group basis will likely be biased towards the optimistic.
There’s also a large range of external, operational, and internal risk types. A project can suffer from increased costs due to exchange rates; global economic downturn can affect employment and retention of experts; obsolescence of current tech systems can lead to high costs for new systems; new laws and regulations can raise building costs.
How does Tetra Tech help our clients assess and manage risks?
We take a holistic approach to helping clients achieve a clearly structured process in which both likelihood and impact are considered for each potential risk. You can’t treat one in isolation, so we provide the tools and models allowing them to draw as much as possible on unbiased independent evidence, while considering the perspectives of the whole range of stakeholders affected by the risk.