Monday, June 10, 2013

PM Journal – Risk in Complex Projects

Thamhain, Hans.  "Managing Risks in Complex Projects," Project ManagementJournal, April 2013 (Vol 44 #2), pp 20-35.

From discussions and networking with my peers and colleagues, I don’t think there are very many that read PM Journal.  I won’t suggest that’s a mistake because the applicability of the content varies – some articles are so academic and esoteric they are only of interest to the author’s mother, some are only applicable in narrow contexts, and some are a challenge to decipher.
In contrast, Hans Thamhain has written a very approachable and relevant article that I recommend to my readers (Yes, both of you).  He reports on the result of research on managing risk in complex projects (hence the title of his article).  Thamhain’s discussion of the current state of research and knowledge of risk in enterprise projects is both enlightening and disheartening:  “Predicting and controlling such [unknown] risks appears impossible with the existing organizational systems and management processes in place” (21) and “there is no framework currently available for handling risks that are either unknown or too dynamic to fit conventional management models” (22).  “…Many of the organizational tools and techniques that support early risk detection and management … readily exist in many organizations ….  Project managers, while actually using these project management tools and techniques extensively … do not give much credit to these operational systems for helping to deal with risks” (29).

The model he provides on pages 22-24 describing the three-dimensional relationship of risk characteristics (Uncertainty, Complexity and Impact) is easy to grasp and is probably valuable to introduce in your risk log for classifying risks.
Thamhain covers a variety of topics beneficial to PMs and, as the article’s title indicates, the focus is on the outsized consequences of risk effects that are not effectively managed.

I did find that since Thamhain shifts between discussing risks (a possible future event) and looking back after-the-fact to discuss the consequences, his terminology is sometimes confusing.  It’s like reading an article written by someone a few years in the future about something that for them happened a few months earlier.  They’re talking about something in their past that is still in my future.  I’ll offer a bit of guidance for readers of this article.  The word “contingency” appears throughout the article.  Late in the article he provides a couple of contextual definitions, undesirable events (29) and risk situations (30), which don’t help clarity.  However, from the article context it appears that he uses “risk” to refer to a future event and “contingency” to refer to a past event that was formerly a “risk.”  I would have used the term “risk event” to describe these, but I understand his difficulty.  The other confusion is the use of “issue.”  PM purists will no doubt object to Thamhain’s use of “risk issue,” but in context it translates to “the project issue that results from the occurrence of a risk event.”  I caution newbies to have a firm grasp on the distinctions between “risk” and “issue” before tackling this article.
One specific takeaway from the article that I want to share is worth noting by both PMs and managers.  PMs “blame project performance problems and failures predominantly on contingencies that originate outside their sphere of control … while senior management points directly at [PMs] for not managing effectively” (30).  Thamhain’s further commentary on this topic in the article should be read by both PMs and executives.  It probably deserves reworking for broader distribution, such as an article in PM Network.

For reference, my previous posts on project risk management:
·         The Project Manager’s Cycle – Review Risks & Mitigation Actions [Published:  03/06/2011]
·         The Schedule – Risk Buffers [Published:  12/28/2012]
·         Where to Find Risks  [Published:  03/20/2013]
·         Estimates, Schedules, Assumptions and Risks  [Published:  04/03/2013]

© 2013 Chuck Morton.  All Rights Reserved.


  1. Risk management attempts to plan for and handle events that are uncertain in that they may or may actually occur. These are surprises. Some surprises are pleasant. We may plan an event for the public and it is so successful that twice as many people attend as we expected. A good turn-out is positive. However, if we have not planned for this possibility, we will not have resources available to meet the needs of these additional people in a timely manner and the positive can quickly turn into a negative.

  2. Casey: Thanks for visiting the PM Best Practice blog and I appreciate your comment. You bring up a good point that really hadn't registered with me in this context. We're all familiar with "Be careful what you ask for, you might get it."

    On the other hand, I would disagree that surprises and risks are equivalent. In particular, surprises, by their nature, were not anticipated. The whole point of risk management is to identify in advance what would have been a surprise, then analyze the impact and severity, assign an owner, agree on an appropriate response to it, etc. We take it as far from surprise and as close to managed as possible.

    In fact, the whole point of project management is to eliminate surprises. One of my earliest posts was about surprises (Heroes published on 23Dec2010.

    I will soon be starting a series on Lessons Learned. I encourage you to think about how you would handle a project surprise in the context of Lessons Learned for future projects. In particular, how would your organization improve as a result of the surprise on a project?