8 Types of risk
In order to examine risk exposure and uncertainty in greater detail, let's look at the different types of risks --uncertain events and conditions -- that may impact project objectives.
Common types of project risk
Here is a list of risks that may be associated with projects.
Technical RiskFor example are not confident that a particular requirement is achievable given the constraint of existing technology.
Supply ChainFor example, we may have a problem easily procuring high-quality materials and parts for our prototype and/or production units.
Manufacturability risksCan we produce prototype components and assemblies quickly and reliably enough to meet the schedule and project expense objectives? Can we produce production units even more reliably?
Unit costCan we produce our product at or below the budgeted cost of goods? Is our customer’s Total Cost of Ownership going to fit within their budget?
Product fit/MarketWill our potential customers like what we are producing and pay us enough for it?
Will we get enough resources to meet the schedule target? What if a key person leaves the company or gets hit by the proverbial beer truck?
Program-managementMajor scope-change during the project.
InterpersonalFor example, if there is a lack of effective communication between members of the development team, or between the team and management.
RegulatoryWhat are the regulations we’ll need to meet, and how will we gain our regulatory approvals with a minimum delay of our launch?
These are just a few common hot-spots in the sea of things that could impact our ability to achieve our project objectives. The list of potential or near-certain risks and issues is certainly long, and, if we include even the very low risks, it could easily overwhelm us with too many problems to solve.
Even with the best planning and intentions, it’s impossible to think of everything. Try as we might to avoid it, there will always be at least a few unknown-unknowns that we won’t see early enough to keep them from impacting the project objectives.
Interested in understanding more Lean-Agile Principles? Check out our free Lean-Agile training on Playbook Academy such as Rolling-Wave Planning, Applying Agile to Hardware and Critical Chain.
Why do projects lack risk management?
Why do projects lack risk management? I think it has a lot to do with a lack of agreement about how much risk management is too much and how much time and money should be invested in risk management in the planning phase and throughout the lifetime of the project.
So how much effort should we invest in Risk management?
To help establish some agreement about the importance of risk management and the level of effort required, we developed an analogy as depicted below. These images show our project on a horizontal time-axis like we see in a project timeline or Gantt chart.
We are currently on ‘today’ (the green bar in the top picture) and we need to run to the completion of the project, which is represented by the ‘finish line’ at the end of all of our tasks. We run a constant rate of one day per day.
While we run at a constant rate toward it, the finish line isn’t really in a fixed location. By our actions, or in-actions, the finish line can move on its own in either direction, left or right, and we can purposely move it in either direction. Our challenge is to keep it from going too far to the right or even pull it to the left some
Project Risks are represented by the mine along the path. When a risk goes unmitigated, it often blows up which has the impact of moving our finish line further away.
Say, for example, the bomb in this image represents the risk that a mom-n-pop shop supplier won’t be able to meet our needs for ramping-up production. It won’t extend our schedule yet, but there is a good chance it will in the future. If it does, it will move the launch date out a few weeks while we find and qualify a new supplier.
What companies often imagine is that the mine will be a dud - the risk will not materialize, and the project will move along the path to the finish line like it was never even there. Of course hope is not an effective risk mitigation, so these companies suffer the inevitable consequences of their blown-up schedules.
Really, the risk appeared on the path as soon as we chose to use a component that would be difficult to procure elsewhere. That choice moved where we should expect our finish line to be. Our next decision – conscious or not - is whether to recognize the new finish line location and try to do something to diffuse the bomb, or hope it’s a dud.
Extending this analogy to something more representative of a real project, where there are multiple risks and multiple parallel paths we must traverse to get to the finish line, the image looks something like this:
The pink and red lines in the middle represent the critical path (critical chain) of the project. The dark-red lines are the risks materializing on the critical chain. The orange lines are risks materializing on the other parallel paths.
Some of the mines will be duds. The other active mines, if we don’t diffuse them them, will extend part of the path a little or a lot. These combine to establish a range of possible finish dates, with a probable completion date somewhere in the middle, and further out than we may have hoped for.
However, we can diffuse many of those bombs if we put in a little extra time and money to do so. This mitigation cost is depicted by the green lines in the picture below. By putting in some short green lines, we can remove a lot of the long orange lines.
While we can’t mitigate all of the risks (remove all of the orange lines), by removing a lot of them, we avoid many of the project-extensions. The result is an overall (probably) shorter project path, with more certainty about when we’ll reach the finish line.
The analogy shows that the minimum possible completion date is later in the lower scenario, where we commit some time to risk mitigation. But the probable completion date is earlier (and often it is much earlier).
With as many risks as there are in a project, the law of averages will rule, and the probable finish date is a far more accurate estimate of when it’s really going to be finished.
In conclusion, the result of good risk management is shorter projects with more certain completion dates, as long as we don’t go overboard and put in green lines (mitigations) which don’t effectively remove a longer orange line downstream. Stay tuned for Part 4 where we discuss the return on investment of project risk management!