Risk Management: Clairvoyance for Project Managers
To manage risk is to gaze into the future. It’s not magic, it’s good project management!
Risk management. For many project managers, the phrase alone sends shivers down the spine. Let’s face it, racking your brain for all the things that could go wrong on a project sounds like a nightmare. Who wants to spend hours thinking about failure?
With just a few days remaining before Halloween, I couldn’t help but get a bit spooky with this one. Just like a new Conjuring film, managing risk can be scary! But it doesn’t have to be. This guide will give you the tools you need to keep projects on track – no 🔮 required.
An introduction to risk
On digital projects, we consider risks to be all of the things that could go wrong. Risks can be small: e.g. “The client delivers feedback a day late.” Or they can be big: “A production deploy fails and the database is wiped with no backup.”
Risks can be likely: “An extra round of design revisions requires additional design timeline.” Or they can be unlikely: “A well-maintained third-party form plugin goes out of business.”
Read the tea leaves, then write them down
The very first step to managing risk is documentation. At Viget, we use a risk tracker to document, track, and squash risk on digital projects.
The Viget risk tracker is a spreadsheet that outlines each individual risk to a project’s success. You might already be familiar with the RAID Log or Risk Matrix frameworks, both of which inspired our risk tracker. For each risk, the following should be documented:
Description – What could go wrong?
Likelihood – How likely is it that this will happen?
Risk Window – When in the project is this risk most relevant?
Mitigation Plan – How will we prevent this risk from impacting the project?
The template below is a great starting point for any project.
Say we’re working with Client X to redesign their flagship website’s homepage, with a target release of November 15th. We know that the homepage of any site is one of the most precious assets in the minds of many stakeholders, as it’s the company’s digital front door.
Right away, the risks surrounding stakeholder feedback throw a flag for my PM spider senses. If we move from design into development without affirmative approval from the right people, we run the risk of receiving late feedback and needing to rebuild work. Here’s how I might document this risk in the risks matrix:
Description – Late-breaking feedback from executive stakeholders requires additional unplanned design revisions.
Likelihood – 50% (Medium Risk)
Risk Window – October 15 - November 15 (From design until launch)
Mitigation Plan – Pre-schedule reviews with the relevant executive team and begin each review with a clear statement of desired feedback, deadlines for that feedback, and potential impact of missing those deadlines.
This may seem like a no-brainer. Of course we’ll loop in the executive team before considering the homepage complete, Peyton! But in reviewing the risk explicitly with the client – and aligning on a mitigation plan – we establish a shared responsibility for avoiding the issue.
We cannot anticipate every single thing that could go wrong, but for the risks we can foresee, the risk tracker helps ensure that they are discussed, understood, and planned for.
Reading the future with an eye on the past
Despite our best intentions, project managers cannot actually read the future. What we can do is learn from past pitfalls and avoid them on new projects. When we put it this way, clairvoyance seems a lot less like magic and a lot like memory operationalized.
How do you operationalize memory? At Viget, we do this in a couple of ways:
Maintain a running log of project retrospectives
At the end of every Viget project, we undergo a formal retrospective process. Team members (and sometimes clients alongside us) first reflect individually on what went well and what we should change moving forward. We then meet to talk through common themes as a team. Finally, the takeaways from both individual and group reflection are documented in an easily scannable document.
Once you’ve amassed a useful body of retrospectives, you need to actually use them! At the start of new projects, dig through the log and find retrospectives on projects of similar scope, or in similar industries. Ask your team to recall similar projects as well. The lessons learned become fodder for discussion with the team as you set out, and can help fuel discussions about risk with a new client. “Let’s discuss X, because we’ve seen that go awry with clients in the non-profit sector before.”
Reflect regularly on individual performance through the lens of constant progress
Annual performance reviews are another avenue for critical reflection that can help us prepare for the future. When you make a habit of jotting down lessons learned, those lessons become a personal library of sorts; one that you can lean on when generating potential risks to discuss at the start of a new project.
Crystal balls are heavy – recruit help
You are just one person with one set of experiences. Your project team, your manager and mentors, and your client can and should be actively involved in the risk management process alongside you.
Here are a few tactics to recruit help in preempting risk:
Ask your team, “What could go wrong?”
The creatives, engineers, and account folks on your team likely bring combined decades of experience to the table. When a project runs smoothly, everyone benefits. By asking the team “What could go wrong?,” you invite them into the risk management process.
A team kickoff or task order review meeting is a great forum for this discussion. Once team members are briefed on the details of the project, their wheels can begin to turn on where the effort might go off the rails.
The key to these discussions is to leave adequate space for the team to think. One approach that has worked well for us is to set a 5-10 minute timer after posing the question. During this period, everyone works individually to jot down ideas in a shared document. Then, we review them together.
Ask your client, “What could you see going wrong?”
Wait – you want me to start a project by talking about failure with the client? Yes, yes I do.
By engaging in candid discussions about risk with our primary point of contact, we establish shared ownership over the project’s success. A project doesn’t succeed by chance; it succeeds due to meticulous planning and foresight, with a healthy dose of flexibility. Early discussions about risk help unlock insights that only someone in the trenches of an organization can provide. In discussions with your primary point of contact, you can learn from their experience working with key stakeholders, navigating bureaucracy, and balancing long-term projects with day-to-day operations.
Discussing risk with clients can be nerve-wracking. But a well-executed risk management discussion can help build trust and rapport that will come in handy when unexpected bumps inevitably occur.
Revisit project risks on a regular basis
It is not enough to talk about risk, or even to document it in a well-formatted risk tracker. You must then establish a rhythm to revisit the discussion regularly. On a 6-month project, for example, I may pull up the risk tracker monthly to discuss with the client. In this review, we’ll reevaluate the risk likelihoods, retire risks whose window has passed, and brainstorm ideas for new items we have not yet captured.
Rolling with the punches
In project management and in horror films, the only certainty is uncertainty. Unforeseen bumps are an inevitable part of working with people and with software. When things don’t go according to plan, it is up to us to respond with the same level of care and attention as when things are going swimmingly.
Reacting to unplanned issues on a project is the topic of an entire article in itself, but many of the lessons apply here as well:
Communicate the issue clearly
Propose a resolution, or lean on your team for support in formulating one
Flag the learning for the project retrospective
Share the learning with as broad a group as possible
Go forth and scry, not cry
My hope with this article is that you’ll walk away with a few new tactics for managing risk on your next project. We’ve covered how to identify, document, adjust for, and respond to risk on digital projects. More important than any specific template or tactic, however, is a commitment to doing great digital work on a foundation of trust.
When we keep our focus on clearing the road for teams to do their best work, and sharing the burden of risk management with the project owner(s), we can produce incredible results with minimal pain.
Want to share your own risk management tactics and tools? I’d love to hear about them. Drop me a line in the comments or on Twitter. 👋
P.S. – If you actually can read the future...please get in touch!
P.P.S. – Happy Halloween! 🎃