The COVID-19 pandemic is forcing organizations to take a relook at their business strategies, including how they manage projects. It is now apparent that the absence of an effective risk management framework and potential mitigation plans can upend businesses, and result in not just financial loss but also loss in brand equity. In such a scenario, an integrated approach toward risk management is critical to identify potential risks, and tackle the uncertainties associated with projects and the business at all levels.
Earlier, the risks that arose were common and predictable, mostly related to cost, performance, and schedule, or they were external risks such as changing market conditions or political uncertainty. However, the pandemic has brought to the fore an entirely new set of challenges for project managers. It has compelled many organizations to undergo a rigorous reality check, and learn fresh ways to adapt to the new reality and ensure business continuity.
Project managers now need to be more flexible and adaptive, and do away with some of the traditional approaches to risk management. They need to be aware of the latest business developments and equip themselves with new skills. PMI’s Risk Management Professional (PMI-RMP)® certification helps project managers develop market-ready risk management capabilities that are high in demand.
Manage South Asia brings to you insights and recommendations from senior risk management practitioners on how to prepare for the new normal.
5 Burning Risk Issues Facing Project Management Practitioners
Risk management in projects has more or less been straightforward. If project management professionals master the risk management process, there is a high chance of them meeting project needs. The approach has been rather siloed of limiting risk management to project scope without integrating it at the organizational level. But such a practice has so far not materially impacted project outcomes.
With the pandemic, that is however no longer a wise approach. Here are some issues that project professionals must deal with in a post-COVID-19 world:
1) Integrated and aligned risk management - Decisions taken at the enterprise level often impact projects. If the project needs and risks are not factored in the enterprise risk decisions, the project may be adversely impacted. Therefore, integration and close alignment with an enterprise risk management framework is critical.
2) Supply chain support - External and internal supply chain support issues are rising. Organizations that are part of the external supply chain must adopt robust risk management framework, and only then can they guarantee service predictability. Equally important is the capability of the internal supply chain to extend its support to the top management and leverage the external supply chain to meet the project objectives.
3) Changing government policies - Projects have to factor in the dynamic nature of government policies to tackle fast-evolving situations. This dynamic nature is due to the lack of historical data to back decisions, unpredictability over how the situation on the ground could evolve, and the potential impact on human life. This is further aggravated when the risk remains for an extended period of time and uncertainty prevails.
4) Identification of opportunities - Project practitioners need to identify opportunities created by these risks, and alter the project meaningfully to ensure thatit adds value to the stakeholders. This may include completely changing the scope, incorporating additional scope, reducing the scope, and improving the capability and/or capacity of the project. The value proposition the project can bring to the client in the current environment needs to be seen through a different lens of opportunities.
5) Human factors - Following a sensitive approach to the human needs in a project is a big challenge that project practitioners have been managing as project risk. Appreciating human factors at the project level is necessary. That responsibility does not lie at the enterprise level alone, but it must also be practiced at the project level. The results will then be seen at the organizational level, and will lead to the protection of values that the project delivers to its stakeholders.
It is a norm now to design and adopt an effective and efficient principle-based risk management framework at the organizational level that factors in the needs at the project level. Projects also need to ensure alignment and integration with the enterprise risk management framework to meet the project objectives and the needs of its internal and external stakeholders.
The ISO 31000 standard is a good starting point for organizations. It outlines the principles of risk management and the components of an enterprise risk management framework on the basis of which an organization can design its own framework. It also explains the risk management process to follow. It gives an organization an opportunity to customize risk management activities to its own context. Its implementation can help the project risk management process align and integrate with the enterprise risk management framework as well as benefit from the principles the organization adopts to guide its risk management activities.
Expectations from project management practitioners have increased in the area of risk management. So it is time to introspect if your project risk management is creating and protecting the value expected of a project.
Rajeev Thykatt is a risk management professional handling risk, standards, contractual, regulatory, compliance, business continuity, resilience, supplier/vendor/partner risk and information security issues. He is the convenor of the Task Group 3 for User Survey of Technical Committee 262 of ISO for Risk Management as well as the convenor of the Working Group 6 for developing a governance maturity model standard in Technical Committee 309 of ISO.