Let's face it, you'll never completely remove risks from the project...that's like saying you will undoubtedly live till you are 100 years old. It may happen, but you can't guarantee it. We are all probably bad at managing risk. I can't think of a time when I ever over-planned for risk, but I could cite many times when I definitely under-planned or failed to plan for risks.
The upfront formal planning documents that we put together will differ from project to project, sometimes even the way we formalize and document requirements will differ if we are entering from the outside as a consulting project manager. But one thing that should remain constant – albeit sometimes in a less formalized manner on smaller projects vs. larger projects, etc., – is the act of risk identification and risk management.
Risk identification. Even if it’s an informal project that happens to be a one on one engagement with the CIO of the organization, it’s still critical that you run through a risk identification process. It is critical that you plan risk identification and management activities into your project management software schedule. Remember, you’re coming in cold – this is not your organization so you don’t have some of the intrinsic knowledge of internal process and potential risks that a direct hire employee would already have. There are certain assumptions you may want to make that would actually only be adding even more risk because you’re not familiar with the organizational infrastructure and procedures. Or even the personnel for that matter.
Sit down with the CIO/sponsor and have a detailed risk planning session. He knows the organization so he’s your best initial source of information, but the onus is on you to ask good questions because you understand how a consulting engagement like this works and the common potential pitfalls that may be encountered. And based on what comes out of this meeting, you will likely need to update your project management software schedule with some new tasks, assignments and dates.
The next step is to meet with others in the organization – subject matter experts (SMEs) and end users (if these are different people) and other personnel who will be interacting with the solution to some significant degree. These individuals can be good sources of information when trying to identify potential risks.
Risk strategies. Next, work with the sponsor and these same individuals to document the best strategy to mitigate or even avoid these risks should they arise. Even if you can’t formulate a detailed risk response to each item, identifying some strategy to keep in mind as you continue to track these risks will be helpful just in case.
Risk management. Finally, I’m a proponent of managing the consulting engagement on an ongoing basis much the same as you would a formal long-term project. Conduct weekly status meetings with the client, deliver a revised task schedule from your project management software tool every week, and create and deliver a status report that will drive your weekly meeting with the client. And, in order to keep risk management at the forefront – make your risk list part of this weekly status report and revisit it – at least to some degree – on every weekly call with the client.
Summary / call for input
Leading projects as a direct employee project manager vs. a consulting project manager really isn't that different...other than you are often restricted from certain things while given extra freedom in other areas. We may not always conduct smaller consulting engagements with the same formality as we would $2 million dollar projects for Fortune 500 companies, but the need to identify and manage risks is still there. It doesn’t take that much time and it’s so often overlooked, but mitigating even one risk that arises could mean the difference between success and utter failure as well as future business with this same consulting client.
What about our readers? What do are your risk strategies? For those of you consulting as project managers – what differs from engagement to engagement for you in your risk practices?