Managing risk in projects

Download Managing risk in projects

Post on 06-Jul-2016




2 download

Embed Size (px)


<ul><li><p>March 2010 Project Management Journal DOI: 10.1002/pmj 87</p><p>Cover to CoverKenneth H. Rose, PMP, Book Review Editor</p><p>Those curious about the state of projectrisk management will find Hillsonscompact treatment of the topicinformative. He reaffirms the disci-plines foundation, reviews current best prac-</p><p>tice, and identifies new developments. Yet, he</p><p>pulls no punches that organizations struggle</p><p>with risk management. He describes the fac-</p><p>tors he believes are necessary to be successful.</p><p>Hillson notes that risk is rooted in the con-</p><p>cept of uncertainty. His explanation gives the</p><p>reader a way of understanding the sources and</p><p>context of risk from an individual viewpoint,</p><p>broadened to the global view. He expresses the</p><p>relationship of uncertainty to risk as uncer-</p><p>tainty that matters. Yet, he is quick to note</p><p>that uncertainties are not equal. The challenge</p><p>is to identify what is important to the project</p><p>and design appropriate responses. This is</p><p>becoming harder to do, as project managers are falling behind in</p><p>their ability to grasp and apply knowledge timely in the new world</p><p>order of information and change.</p><p>Risk management has a special, if underappreciated, impor-</p><p>tance to project management because projects are particularly</p><p>risky. Common characteristics, such as complexity, assumptions,</p><p>and constraints, introduce uncertainty into projects. But with no</p><p>lack of theory for doing project management, projects continue</p><p>to fail at significant rates. Hillson maintains that a major reason</p><p>is unforeseen eventsrisks.</p><p>Risks, both threat and opportunity, apply whenever there are</p><p>objectives. In general, there are project-level risks and overall</p><p>project risks. The latter is greater than the sum of individual risks</p><p>on projects. Project managers represent the project view while</p><p>sponsors must interface with the overall project risk arising from</p><p>outside the project.</p><p>Hillson provides a pragmatic approach to risk management</p><p>within formal processes identified typically in standards and</p><p>methodologies. There are good descriptions of how to go about</p><p>preparing a risk management plan. For example, he addresses</p><p>how to separate risks from issues and problems using a three-</p><p>part structured risk statement to drive clarity.</p><p>On the people side, he emphasizes being aware of the atti-</p><p>tudes toward risk management. Not only do individuals carry their</p><p>own biases, but collectively groups exert influ-</p><p>ence, too. Hillson helps the reader understand</p><p>the influence of attitudes in the risk manage-</p><p>ment process. He notes that practice in overall</p><p>project risk management is weak, particularly</p><p>in risk response execution. Analysis to action is</p><p>often the missing link; people do not follow</p><p>through, which tends to reflect attitudes</p><p>toward the value of risk management.</p><p>Hillson laments the tendency to separate</p><p>risk management and project management. He</p><p>contends risk management needs to be built-</p><p>in not bolt-on, and woven into the complete</p><p>project life cycle to realize full benefits. Because</p><p>energy for risk management tends to wane after</p><p>identification, project managers need to sus-</p><p>tain appropriate levels of energy end-to-end in</p><p>order to do risk management well, especially to</p><p>activate risk responses effectively.</p><p>He goes on to address integration beyond the project,</p><p>between the project and the organizations vision. This relation-</p><p>ship creates a hierarchy of risks that require attention, or enter-</p><p>prise risk management. It needs to be coordinated actively, not</p><p>just done in isolated areas. From the project perspective, the</p><p>natural interface upward is in the program structure that has its</p><p>own Program Risk Management.</p><p>To make risk management work, Hillson offers critical suc-</p><p>cess factors that have two characteristics: their presence pro-</p><p>motes effectiveness and their absence hinders it. He identifies</p><p>factors internal and external to the project. For example, a user-</p><p>friendly risk management process tends to support success for</p><p>which he offers pragmatic suggestions for implementing.</p><p>Similar treatments are there for factors external to the project,</p><p>such as management support.</p><p>Hillson gets at four primary motives for doing risk manage-</p><p>ment and notes that only one really counts. Organizations do risk</p><p>management reluctantly because of a contract or regulation. Its</p><p>done out of a fear of failure or blame. It is done to copy someone</p><p>else. The one motive that counts, however, is demonstrating ben-</p><p>efits, and he describes a good approach to marshalling them.</p><p>Whether you are developing your own competency or trying</p><p>to jump-start better risk management in your organization, this</p><p>book is a solid resource.</p><p>Reviewed by Paul E. Shaltry, PMP, a partner in Catalyst ManagementConsulting LLC, Worthington, OH, USA, and member of the PMI Standards</p><p>Program Member Advisory Group.</p><p>Managing Risk in Projectsby David Hillson</p><p>Gower Publishing Limited, 2009, ISBN:9780566088674, paperback, 126 pp.,$47.45 Member, $49.95 Nonmember.</p><p>Project Management Journal, Vol. 41, No. 1, 87 2010 by the Project Management InstitutePublished online in Wiley InterScience ( 10.1002/pmj.20156</p></li></ul>