Risk management is, in reality, not a special, separate process that is being carried out somewhere else in a company. In a normal project, risk management is so much interrelated with all the other project management processes that some of the experienced project managers we know in practice do not even want to consider it as a separate process.
Our deep belief is that risk management unites all the rest of project management tools and takes the best of all. This is quite understandable if we consider the major impact risk management may have on a project.
Tell me more …
As we have said, most of the tools for risk management come from the other project management processes, and it is therefore easy to show how risk management is related to other areas of project management.
We talked at length about time management and scheduling and particularly the idea of predicting project completion dates in case of uncertain activity durations. It is easy to see that the uncertain duration of a large number of activities in a project is an object for risk management. Indeed, when we develop the multiple duration estimate for an activity, we are looking at the activity with no risk occurring (most likely date) and negative (pessimistic) or positive (optimistic) risk occurring. In all three cases, we are calculating risk impact by given pessimistic and optimistic numbers for activity duration. As we then use these figures to develop a 95 percent probable completion date for the project, we are considering risks and putting them into an operating schedule in the form of schedule buffer. The amount of buffer we are putting into the schedule should be supported by the list of risks we developed with evaluation of its impact in terms of schedule as well as budget. Thus, we see how different parts of project management methodology fit together and support each other. Moreover, it allows us to check accuracy in each calculation by looking at how this calculation corresponds with the other—for instance, how the amount of schedule buffer we put in for a certain activity is supported by the amount and severity of risk we had identified for this task.
We have already shown how risk management correlates with cost management and building overall project budget. Indeed, in the process of budget development, we look at risks the same way we do in schedule management. If, and only if, the budget reserve we calculated on the basis of statistical evaluation of 95 percent probable budget is being supported by risk data gained on certain project tasks, more specifically on concrete project tasks, can we say that the project management processes in our project are consistent.
We can look at all the other parts of project management methodology in order to see the relations between the tools used. To conclude this part of the risk management analysis, we need only to take a look at quality management techniques. Indeed, it is quite clear that most of the techniques we use for quality management are at the same time quite applicable for looking at risks. In reality, what are the quality problems if not risks being identified and taking place in a project? This way, the cause-and-effect diagram allows us not only to look at various causes for a quality problem, but also to identify major risk occurrence areas for a significant risk impact. The control charts may allow us to identify an initially unknown risk event as an assignable cause for certain process changes to happen. A flow chart describing process may be used to identify certain risk occurring points, and so on.
It is also important to mention that many of the practicing project managers are trying to avoid using what we may call "formal risk management" practices. In some application areas, such as information technology and commercial software development, it is hard to quantify both impacts and probabilities for risks without having a chance of being 50 percent wrong. In a case like that, it does not make sense to try and make other people believe we are working with real numbers if in reality we are making quite subjective qualitative evaluations.
That does not however mean that we are NOT doing risk management in such projects. While the normal variability of the process is being considered by ranged estimates for budget and duration, we can look at risks and evaluate them qualitatively as having large or small levels of probability and impact and use it as a basis for developing our risk response strategies.