Many risks in projects are related to one of two things
- The idea behind the project is a good one, but you have not thought about the wider impact it has on the organisation; or
- There are risks within the organisation that will impact your project because of the organisation rather than because of your project
Let me explain.
I have rolled out quite a few Access Databases and Excel Spreadsheets that have served as “tactical solutions”.
- The first problem with some of them was that they were good enough to work but were not designed to last in the long term. My plan was generally to let a future generation of IT people (or even me) come back and build the real solution later, when we were not so busy. Sadly it turned out that everyone was always busy so the tactical solution stayed in place with someont supporting it with manual work or dodgy code and process changes.
- The second problem is that some of them were “accomodations”. But this I mean that they were accomodating the real problem by making it easier for me and the team to live with it, rather than actually finding and addressing the real problem. An example of an accomodation was “Cheryl Testing”. In Cheryl testing we asked for help from a guru who knew the product and our customers really well. Cheryl would come in at the end of each project and muck around with the system for 15 minutes before revealing issues that had slipped through all our testing. This was better than rolling our bad stuff to our clients. But the real problem was that the rest of the team did not really understand some of the quirks that Cheryl knew existed. So the real solution was to bring her thinking into the project at the beginning rather than the end.
In both these cases, many organisation have gurus, governance teams and others who are there to protect the organisation from ideas that seem good in theory but will asctually have a negative, potemntially unforseen impact. I like to call these governance bodies the “organisational antibodies” that protect the organisation from the access database “epidemics” that could otherwise be unleashed by me and other dodgy project managers.
However there is another role for antibodies. They often attack transplants, food that would be good for you and, in companies, the germs of really good ideas.
Every project has risks associated with it but not all of these risks are actually associated with the project itself. For example if projects often fail in a company because of infighting between Finance and Marketing, then the odds are that the same will happen to the next project. This is not inevitable but it is quite likely to happen again (more that 24% likely according to my advanced but not very reliable analysis). So a project will be much more likely to succeed if the team have considered theses issues.
So … one approach to looking at risks is to simply list the antibodies that may attack your project (good antibodies stopping your from inflicting accidental damage and dodgy antibodies that will possibly threaten your success even if your idea is a good one). But rather than trying to sort them out, maybe just run through this list:
- Who should we really inform about this project that we often neglect?
- What usually goes wrong for projects around here?
- Who should know about this project?
- Besides the people in the room and our sponsor, who else is likely to be impacted? For example, who receives information and reports from the system we are working on, who is a vendor or support team that needs to work with it?
Once you have a list, then go through each one and ask
- How might they react when they find out about the project?
- When should they find out (and how can we actually get them involved earlier than that?
- What could happen if they misunderstand us?
- What would they say about our project – not what “they should say” but what they might say.
Based on all this talk – list the things (“events”) that might impeed your project based on the reaction of governance teams, the things that impacted previous projects and the stakeholders you might have forgotten.
You can add these add your antibodies and their concerns to a simple risk register. This can be a simple poster on the wall.
Or you can simply do an action list for addressing them all. Some might simply be “buy a coffee for Bill from the Brand team and make sure he is happy with our plans” while others might be “kidnap children of the Head of Marketing to begin ransom discussions”. It is up to you – but my preferred approach is to simply do a list of “Who” to do “what” by “when”.