Part 1 of 2: Individual Task Risk Tolerance (Part 2 of 2 is on Overall Project Risk Limits)!
I believe that almost any Project Plan can be “balanced” if you ignore the Risks. Think about it – you can balance almost any Project’s Quality, Scope, Schedule, Resources and Costs if you absorb an unlimited amount of Project Risk. But most high-risk plans would not make sense if team performance was highly scrutinized, right? So, what is the answer? Risk must obviously be limited by the organization’s (and Project Sponsor’s) risk appetite – a combination of risk attitude, tolerance, and tolerance-threshold guidelines. “Appetite” seems so subjective – for it is largely driven by perceptions, degree of scrutiny and biases. We intuitively know this, so how do we conceive-of, clearly communicate and control these “individual task risk” guidelines? The accompanying graphic shows us how.
Individual risks (i.e., Technical [Quality-related], Schedule, and/or Cost) are best communicated via a Risk Matrix. The matrix is typically “X by X” and it’s two axes correspond to the “Probability” and “Impact” parameters of risk. When you multiply these two parameters you get the “Risk Severity” score. And the intersection of those two parameters indicates the level of risk (Low, Medium, or High).
The Risk Severity level should be based on organizational Risk Appetite. Further, the organizational Risk Appetite should be driven by how Risk-Taking or Risk-Avoiding the organization is (e.g., Start-ups are typically Risk-Taking, and well-established enterprises are typically more Risk-Avoiding). In addition, the Risk Matrix might be designed differently for different types of Projects (e.g., strategically important product development projects versus process improvement projects). And these matrices should be governed by the enterprise, as established and consistent applied guidelines.
So here is the Key – Red should mean “Stop” (just like a traffic light indicator). Thus, if any individual project risks are in the Red Zone (like item A in the graphic), the Project leaders and key stakeholders (e.g., Functional Managers, Sponsor, etc.) should be required to “re-Balance” the Project Plan to get back on track within some established guidelines or expectations, like within the next 2 weeks.
This covers the quantitative Individual Project Risk limitations. Part 2 will discuss the quantitative Overall Project Risk limitations. Both should be appropriately managed, with specific Organizational Governance Guidelines.
If you like this post, please consider my book on “Achieving Epic Business Results with Strategic Project Management” – a link is in the rtconfidence.com website.