If people define situations as real, they are real in their consequences” – William Isaac Thomas
Besides scope, schedule, cost and people, there are two things that you must be on top of every day as project leader: issues and risks. Be grateful to have them, because it is a good indication that you are making progress.
There are a number of steps to take before you actually want to start responding to issues and risks: define what they are, define the attributes and how to document and manage them.
When you kick off a new project, you want to sit down with the team and discuss what issues and risks are and how you want to manage them together as a group. A simple definition that works well is the following: “An issue is a problem that has manifested and is right there in the present moment, whereas a risk may turn into a problem in the future when certain conditions become real. Both may need immediate action depending on the assigned severity level”.
There is value in revisiting the definition of issues and risks, as well as the importance of managing them adequately, throughout the project lifecycle. For example, at peak times people tend to forget the need to manage issues and risks, because they want to finish more important work. It is the responsibility of the project leader to observe the adherence and compliance to the process, and intervene when required. A coaching leadership style oftentimes works very well at that point. Take a real problem as a learning opportunity and respond to it as a team.
Attributes and Documentation
Make sure that you document the issue or risk properly by using a simple set of attributes. Because they both describe a problem, the attributes are fairly similar. A major difference is that for risks you want to add a time and probability factor to the calculation of the risk rating, which is equal to the product of probability x impact x time, whereas for issue you define the severity level based on impact. For risks, you want to know when it may turn into an issue, and what the likelyhood is of that. If that’s almost certain to happen next week, the overall risk rating is higher than if it’s a month away from now.
The description of an issue or risk follows a particualr wording structure. For a risk it starts with: “There is a risk that “A”, because of “B”, resulting in “C”, where A = risk, B = root cause or risk trigger, and C = impact or consequence
Example: There is a risk that flights get severely delayed, because of extreme weather, resulting in people not able to get to their destinations on-time
If this risk materializes into an issue, the description changes to: “Flights have been severely delayed, because of extreme weather, resulting in people not able to get to their destinations on-time.
The benefit of using a standard wording structure is that people who are responsible to action them, can quickly understand the issue or risk, and therefore quickly address them. The root cause and impact analysis are very important, because you want to give people who are responsible to action the issue or risk, an accurate reflection of the problem, otherwise they may not react effectively.
There are a few attributes that are very important for managing issues and risks effectively:
- Short description: Describe the issue or risk and follow the standard wording structure
- Root cause analysis: Describe clearly and concisely the determining, causal factors of the issue or risk
- Impact analysis: Describe the impact to the business and project in qualitative and quantitative statements
- Severity: Its common to use 4 severity levels, for example: 1-critical, 2-high, 3-medium, 4-low. Each level gives an indication of the impact, exposure, and response time.
- Priority: Its commong to use also 4 levels for priority setting, for example: 1-urgent, 2-high, 3-medium, 4-low
- Ownership: Assign an owner from the project and from the business who have responsibilities for the funtional or technical area that is impacted. The project and business leader are accountable
- Status: Follow a simple standard, for example: 1-new, 2-assigned, 3-analysis completed, 4-in progress, 5-completed, 6-closed
The severity level is set by the project team and is an indication of how critical or undesirable the issue or risk is from a solution perspective. The priority level is set by the business and is an indication of how urgent or fast the issue or risk needs to be actioned. At the start of the project these attributes need to be well defined and tailored to the specific needs of the initiative.
Issue – and risk management process
Once you have documented the issue or risk, the real work begins. You want to implement and consistently follow a simple 3-step issue – and risk management process:
- Document: Any project stakeholder should be allowed to identify an issue or risk, but not allowed to document it. Keep the number of people who can document them to a minimum. Think about assigning that responsibility to team leaders. The reason behind this is that the people who documents an issue or risk is able to speak about it. Those people are also attending the meetings where the issue or risk is being handled from a project management perspective
- Manage: The project leader is responsible to conduct a recurring meeting with project and business stakeholders where issues and risks are being managed. In such a meeting, each issue and risk is being reviewed, and the severity, priority, ownership and status is being set
- Escalate: The higher the severity and priority levels, the higher the chance that issues or risks needs to be escalated to limit impact. Make sure that escalation paths have been defined and agreed to by all stakeholders prior to the project kick-off. Agree to response times from decision makers. Think about how you want to involve external parties in the escalation process, for example subject matter experts, mediators or lawyers. Its best to have that all straightened out and agreed to at the front door, before you begin and not when you are right in the middle of it. At that point it is often too late
The day-to-day responsibility of the project leader is to keep the resolution of issues and risks moving forward. A key part of that is to continuously make stakeholders aware of the status and impact. The project leader needs to use his instincts to trigger the escalation process for issues or risks that are stalling. Be on top of them. Without issues and risks there is no change, and without change no achievement and success.
Bas de Baat
Program Manager Enterprise Applications, PMP©