Day 73 — Creative PM series 7/7: ”Risk Management”
When taking on a new project, we can’t predict what’s really going to happen. With new teammates, new stakeholders, new technology, and new target audience, there are many variables and it could be full of surprises, whether we like it or not. How can we minimize the project risk? What are the proactive approach we can take to understand and tackle these risk head on?
“Life is like a box of chocolates, you never know what you’re gonna get.”
In today’s article, I’m sharing my knowledge and experience around project risk management, in the following structure:
- What is Risk Management
- Why Assess & Manage Project Risk
- How to Adopt Risk Management in Our Process
What is Risk Management
Risk management is a set of activities to identify, assess, monitor, and control project risk, so that the project can achieve the intended outcome without substantial failure. The larger the project, more potential risks are involved. Therefore, in order to take a proactive role as a Creative PM, certain level of knowledge and experiences of risk assessment is required.
In order to understand what Risk Management is about, first, we’ll need to understand what kind of project risks we’re facing in the digital age:
- Performance risk: If the product quality/ performance is sub-optimal, even if the team meet the deadline with the existing resource, the output might not be hitting the goal as we expected, and therefore wasted the time & resource.
- Schedule risk: the If we don’t manage project timeline carefully, the quality product might miss the market opportunity and become less competitive or even obsolete.
- Cost risk: By putting excessive resource to hit the timeline & quality target, we’re facing the risk of an unsustainable outcome which might lead to bigger failure.
- Safety/Security risk: Whether it’s team members work safety or product cybersecurity concern, this type of risk is often omitted, but it’s gradually getting attention from the senior management level, given the recent events in the world.
- Reputational risk: This type of risk is link to organizational risk management. The source of reputational risk could be individual’s speech & behavior, product quality & characteristic, or organizational performance/ direction.
Why Assess Project Risk
Let’s look some of the things happen in the recent years to understand what damages have been done due to lack of proper risk management:
Nike: offended Muslim group
In January 2019, “Saiqa Noreen, who created the Change.org petition demanding that the footwear and apparel brand remove the Nike Air Max 270 from store shelves…As of Thursday (Jan. 31), the petition had garnered more than 19,000 of the 25,000 signatures it seeks.”
In fact, this is not the first time Nike faced this type of issues. According to INDEPENDENT News, In 1997, “A row broke out after the company (Nike) used a logo meant to look like flames on a line of basketball shoes… Some Muslims claimed that the logo resembled the word “Allah” written in Arabic script…Now Nike has withdrawn 38,000 pairs of the shoes worldwide.”
IHO”b” rebranding catastrophe
Although later it’s clarified that it was an intentional practical joke to bring awareness to both 1) IHOp is proud of their burger, and 2) IHOp is creative & bold, imagine that wasn’t a joke, imagine it was a permanent change? Internet went crazy about IHOb!
GAP’s logo redesign
Some of us might still remember this rebranded logo that only last for merely 6 days. The rebranding mistake that Gap made is estimated of 100 million dollar loss.
As most of the Creative PMs are not aware of the value and importance of risk assessment, above are just some quick examples to prove that it could be a disaster if we don’t do our homework.
How to Adopt Risk Management
Now that we learned the importance of risk management, what are some practical tips so we can start practicing it? Here’s a simple 3 steps breakdown:
1. Identify Risks
Except for those common project level risks, there are also some other product risk worth mentioning:
- Legal & Compliance: any type of legal and regulatory obligations, especially when entering new market in different regions/ countries, or a highly regulated industry.
- Social and Cultural: understanding if the product is social/ cultural fit, or it might offend certain types of groups or religions.
- Strategy and Operational: the proposed solution might rely on some technology or resource that’s not always stable, or create extra burden/ damage in the process of usage.
2. Assess Risk
Once we identify a list of project risk, we need to assess the level of severity of risk. In order to do so, we need to create a Risk Matrix to assess these two factors:
- Probability
- Impact
By adopting the Risk Matrix, we can categorize each identified risk into High, Medium, and Low (see figure below), so that we can have a better understanding how to monitor and respond to these risks.
3. Create Response Plan
Now we know the severity of each risk, we can start developing a plan of how to respond to them. Below is a list of typical risk response:
- Avoid: The best possible outcome is the risky scenario never happens. Therefore, if we can plan carefully to avoid the risk, that is something we should take into serious consideration.
- Transfer: If we assess that a specific risk a likely to happen, hard to avoid, we’ll then figure out if there’s anyway to transfer the risk to some other places to have a lower impact. For example, if it’s a new project that the team/ organization haven’t dealt with before, performance risk and the associated reputational risk could be relevantly higher and hard to avoid; one way to transfer the risk is to hire contractors to perform the job for two reasons: 1) the team/ organization can hire experienced contractors in this new field; 2) if the performance is not as high as expected, the reputation risk is lower than doing it all without contractors, some of them can be transferred to contractors.
- Mitigate: If the risky issue is likely to happen and there’s not much way we can avoid or transfer the risk, then we’ll need a mitigation plan. Depending on the risk type, the mitigation method will vary. A general approach is to know who we should contact before it happens. For example, consult with legal & compliance team to create a plan, talk to PR and marketing team to understand guideline and how they dealt with branding and other similar situations in the past, etc.
- Accept: An important thing that some teams failed to do is, accept the risky issue when it happens. Sometimes it could be hard to face the harsh truth, but the faster we can pick ourselves, up, the easier we can continue and drive for success.
Conclusion
- Risk Management is about both Prevention and Remediation. The earlier we can identify potential risks, the better chance we can prepare ourselves;
- Risk assessment is about understanding the probability of risk and also the impact level, so that we can understand the potential severity of the risk;
- If we can’t avoid the risk, we need to think about how to transfer the risk to other place, and prepare for the mitigation plan as soon as possible.
How do you manage project risk? Any framework/ tools you use, or any tips you want to share? I’m eager to learn from you.
ABC. Always be clappin’.
To see more
The opinions expressed in this article are those of the author. They do not represent current or previous client or employer views.
