From discussions and networking with my peers and
colleagues, I don’t think there are very many that read PM
Journal. I won’t suggest that’s a
mistake because the applicability of the content varies – some articles are so
academic and esoteric they are only of interest to the author’s mother, some
are only applicable in narrow contexts, and some are a challenge to decipher.
In contrast, Hans Thamhain has written a very approachable
and relevant article that I recommend to my readers (Yes, both of you). He reports on the result of research on
managing risk in complex projects (hence the title of his article). Thamhain’s discussion of the current state of
research and knowledge of risk in enterprise projects is both enlightening and
disheartening: “Predicting and
controlling such [unknown] risks appears impossible with the existing
organizational systems and management processes in place” (21) and “there is no
framework currently available for handling risks that are either unknown or too
dynamic to fit conventional management models” (22). “…Many of the organizational tools and
techniques that support early risk detection and management … readily exist in
many organizations …. Project managers,
while actually using these project management tools and techniques extensively
… do not give much credit to these operational systems for helping to deal with
risks” (29).
The model he provides on pages 22-24 describing the
three-dimensional relationship of risk characteristics (Uncertainty, Complexity
and Impact) is easy to grasp and is probably valuable to introduce in your risk
log for classifying risks.
Thamhain covers a variety of topics beneficial to PMs and,
as the article’s title indicates, the focus is on the outsized consequences of
risk effects that are not effectively managed.
I did find that since Thamhain shifts between discussing
risks (a possible future event) and looking back after-the-fact to discuss the
consequences, his terminology is sometimes confusing. It’s like reading an article written by
someone a few years in the future about something that for them happened a few
months earlier. They’re talking about
something in their past that is still in my future. I’ll offer a bit of guidance for readers of
this article. The word “contingency”
appears throughout the article. Late in
the article he provides a couple of contextual definitions, undesirable events
(29) and risk situations (30), which don’t help clarity. However, from the article context it appears
that he uses “risk” to refer to a future event and “contingency” to refer to a
past event that was formerly a “risk.” I
would have used the term “risk event” to describe these, but I understand his
difficulty. The other confusion is the
use of “issue.” PM purists will no doubt
object to Thamhain’s use of “risk issue,” but in context it translates to “the
project issue that results from the occurrence of a risk event.” I caution newbies to have a firm grasp on the
distinctions between “risk” and “issue” before tackling this article.
One specific takeaway from the article that I want to share
is worth noting by both PMs and managers.
PMs “blame project performance problems and failures predominantly on
contingencies that originate outside their sphere of control … while senior
management points directly at [PMs] for not managing effectively” (30). Thamhain’s further commentary on this topic
in the article should be read by both PMs and executives. It probably deserves reworking for broader
distribution, such as an article in PM Network.
For reference, my previous posts on project risk management:
·
The
Project Manager’s Cycle – Review Risks & Mitigation Actions
[Published: 03/06/2011]· The Schedule – Risk Buffers [Published: 12/28/2012]
· Where to Find Risks [Published: 03/20/2013]
· Estimates, Schedules, Assumptions and Risks [Published: 04/03/2013]
© 2013 Chuck
Morton. All Rights Reserved.
Casey: Thanks for visiting the PM Best Practice blog and I appreciate your comment. You bring up a good point that really hadn't registered with me in this context. We're all familiar with "Be careful what you ask for, you might get it."
ReplyDeleteOn the other hand, I would disagree that surprises and risks are equivalent. In particular, surprises, by their nature, were not anticipated. The whole point of risk management is to identify in advance what would have been a surprise, then analyze the impact and severity, assign an owner, agree on an appropriate response to it, etc. We take it as far from surprise and as close to managed as possible.
In fact, the whole point of project management is to eliminate surprises. One of my earliest posts was about surprises (Heroes published on 23Dec2010.
I will soon be starting a series on Lessons Learned. I encourage you to think about how you would handle a project surprise in the context of Lessons Learned for future projects. In particular, how would your organization improve as a result of the surprise on a project?