www.esi-emea.

com
ESI Articles
IMPACT THROUGH INSIGHTS

Seven Steps to
Becoming a Risk Superhero
by Sean P. Lowe, PMP, CRISC
Introduction
Risk management can be a deep, cavernous and potentially career-limiting endeavour if not
properly planned. Unfortunately, project managers often approach risk in a purely one-
dimensional fashion, without considering many essential components such as the company
risk climate, the projects strategic ft, key player and stakeholder involvement and buy-in.
Ensuring risk ownership, addressing supply-chain concerns and utilising applicable lessons
learned and historical documentation from previous projects will greatly reduce project
management plan updates and the havoc of risks on your initiative.
Step 1Understand Company Risk Climate
This is somewhat akin to a writers need to understand his or her audience. There are
companies that seem to simply thrive on responding to situations as they arise as opposed
to doing anything pre-emptive. This could be because there are project managers at these
companies who have honed their reactionary skills into Ninja-like fre fghting weapons. In
these environments reactionary heroism is praised and the very mention of risks or bad
things that could happen is discouraged. Conversely, more risk evolved companies have
woven risk ownership, management and governance into their organisational fabric. Having
a complete understanding of where the company fts on this continuum is the frst step in
planning an appropriate risk management approach and to becoming a Risk Superhero.
Step 2Understand Your Projects Strategic Fit
Projects are either initiated from within silos and in reaction to specifc business needs or as
part of a planned set of projects under a programme umbrella. Regardless of which is the
case, in order to create an efective risk strategy, managers must be aware of the existence
of success criteria and constraints and those of neighbouring projects. Without this insight,
one is indeed blind as to whether the project is moving in the right direction to meet
overall business goals, or simply speeding toward a collision with a neighbouring project.
Understanding the strategic ft equips the informed project manager with insights on
potential risk events as well as their potential impact. With understanding of risk continuum
position and foresight regarding strategic ft, you dont have to rely on reactive heroics to keep
items from colliding.
Step 3Ensure the Right Players and Stakeholders Are Engaged
It is important to be aware of the broad spectrum of possible risks. Certainly, the
aforementioned investment in strategic ft will pay dividends here as knowledge of business
dependencies, predecessors and successor projects will fesh out risks. Engagement of
resources and stakeholders across multiple lines of business is benefcial as well, as multiple
varieties of project risk exist within seemingly one-dimensional projects. Your project may
seem highly technical on the surface, but many non-technical risks could adversely afect its
success. In this case, not having the right players and stakeholders at the table could mean
a very lopsided view of risks. Thoroughly review your stakeholder list to make sure youve
accounted for key individuals and groups, as well as who is counting on the project to
succeed and who might beneft from its failure.
www.esi-emea.com
Step 4Secure Buy-In From Key Players and Stakeholders
With an understanding of risk continuum position, strategic ft and with the right players in place, youll be well positioned to
articulate your strategy and secure stakeholder buy-in. Regardless of your companys position on the continuum, the following
approach is recommended:
1. Always utilise relevant fact-based risk events. This will be particularly important in reaching the risk-heroes and reactionary
managers mentioned earlier, as its difcult to argue against facts.
2. Reference historically similar risks, approaches and cost savings. Stress the importance of early action and determine the
opposing cost of waiting for the risk event to materialise. These costs could be fnancial, resource related, etc. Consider
previous strategies employed (accept, mitigate, avoid, transfer, etc.).
3. Explain how your risk approach is designed to work and exactly what it is designed to do (be agile, relevant, easy, fact based).
Step 5Consider Supply and Demand Issues
How many times have supply-chain issues derailed your well-thought-out project? The point here is to consider each of
the pain points in your supply chain when crafting your risk management plan. Supply-chain disruptions and issues can
signifcantly derail your projects, not to mention impact revenue and market share and damage the credibility of your company.
Step 6Establish Clear Risk Ownership
Its simply not enough to conduct a one-time session to identify risks, determine their probability, impact and response strategy.
Someone needs to continually monitor each risk to determine changes to its probability and overall impact. This is particularly
relevant in cases where a follow-on project requires completion of specifc deliverables to enable the successor project to initiate.
Ownership and accountability need to be distributed across the project team and not be solely the responsibility of the project
manager. Creating an atmosphere of risk ownership and accountability is a necessary step in organisational risk awareness and
evolution. Individual risk events identifed must have individual owners. Risk-evolved companies do not rely on siloed heroics,
but on more integrated, strategic and proactive measures. Communicate to the team where the project fts, where its headed
and ask them about opportunities that may be capitalised on as well.
Step 7Utilise Risk Lessons Learned and Historical Documentation
Project risk lessons learned are invaluable sources of information and should be utilised whenever possible. Make use of all
applicable risk-registers, plans and historical data as well. Change records for similar projects can be wonderful sources of
information too.
Conclusion
Following each of the aforementioned steps will demonstrate to your team and stakeholders that youve done your homework
and refuse to resort to reactionary heroics. These strategic due-diligence steps will enable an informed, educated and timely
approach to risk and position you as a company Risk Superhero.
Sean P. Lowe, PMP, CRISC is an information technology project manager and freelance writer with 15 years experience in
managing systems integration, process development and enhancement and Information Security Compliance Assessment Projects.
Find out how ESI International can help your organisation.
To learn more, please contact ESI at enquiries@esi-intl.co.uk or +44(0)20 7017 7100.