When is Project Risk Too Risky?

An organization’s risk tolerance influences decision-making, resource allocation, and stakeholder alignment, so you need a clear understanding of how much uncertainty the organization is willing to accept.

How you plan and communicate a project will differ depending on whether the project risk fits within the organization’s risk tolerance. As risk increases, discussions about risk are more important and more frequent. Plus, you will track risks more carefully and communicate more. Maybe you ask for more contingency funds. Dare I suggest, you might ask whether the key stakeholders really want to do the project. If risk level can’t be compromised, you need to lower the project risk level before moving forward.

With so much riding on risk, here are approaches for assessing an organization’s risk tolerance.

• Review past project decisions and outcomes. Review how the organization handled past uncertainty, including whether risks were avoided, mitigated, or accepted. This indicates how leadership responds to project setbacks. Note: Don’t trust risk plans that don’t describe how risks were addressed, which means the plan wasn’t revised as the project was executed. As a result, the risk impacts or lack thereof were likely not documented.
• Engage key stakeholders. Use structured interviews to identify risk perceptions, priorities, and thresholds. Note the differences between senior leaders, sponsors, finance representatives, and operational teams. These stakeholder groups often have differing perspectives, but you need to explore conflicting impressions in more detail. For example, senior leaders might consider a risk category as low, while operational personnel identify significant issues in the details they manage. Conduct a process review to resolve these conflicting opinions.
• Analyze financial indicators. Examine the management reserves allocated for past projects. Organizations that operate on tighter margins or under strict cost controls tend to have lower risk tolerance. Look for the areas of greatest concern, such as raw material costs, manufacturing, or distribution. In a software development environment, you can assess risk tolerance by looking at the willingness (or resistance) to contract highly skilled personnel or the thoroughness of testing prior to software release.
• Evaluate governance structures and approval processes. The more reviews or signatures required to approve a document, the lower the risk tolerance. Highly regulated organizations or those with a strong hierarchical philosophy typically have lower tolerance for ambiguity and require lower risk approaches to approve a project launch.
• Use a formal risk assessment framework. A good framework will rank risk on a scale of 1-5 and have a pre-determined cut level for acceptable risk. For example, acceptable projects have a risk rating of 2 or lower. Any projects above that level must be restructured to reduce risk before approval. This framework provides a direct measure of the organization’s risk tolerance. Once you quantify risk impacts and probabilities, compare the resulting risk level to the organization’s framework. Note: If more risk is required to achieve strategic outcomes, discuss the situation with project sponsors to see what they want to do.  

For more about risk, check out Bob McGannon’s Project Management Foundations: Risk course.

_______________________________________

This article belongs to the Bonnie’s Project Pointers newsletter series, which has more than 105,000 subscribers. This newsletter is 100% written by a human (no aliens or AIs involved). If you like this article, you can subscribe to receive notifications when a new article posts.

Want to learn more about the topics I talk about in these newsletters? Watch my courses in the LinkedIn Learning Library and tune into my LinkedIn Office Hours live broadcasts.

_______________________________________