Exceptional Project Management – Risk Management

Risk management is an important aspect of successful project delivery. This article introduces the concepts of risk and risk management and describes how the application of risk management techniques increases the likelihood that a project will succeed in delivering its objectives.

What is Risk?

Risk is the possibility of suffering harm or loss. Risks are inherent in every project and can be considered to be anything that will adversely impact the progress or objectives of the project.

What is Risk Management?

Risk management can be defined as “the culture, processes and structures that are directed towards realising potential opportunities whilst managing possible adverse impacts”.

From a project management perspective, risk management is a continuous activity throughout the life of the project that seeks to identify potential risks to delivery, evaluate their likely impact, develop mitigation plans and monitor progress.

Identifying Risks

Finding risks is an ongoing process. Everyone involved in the project should be encouraged to think about possible problems that might arise and adding them to the “risk register”, which is a list of all known project risks.

A risk is initially placed into an “open” status when it is added to the risk register and remains in this state until it has been fully reviewed and a mitigation strategy has been put in place.

When a risk is registered, the person creating the entry also assigns an estimate of the probability of the issue occurring and the magnitude of the impact on the project if the risk does eventuate. The scale used to represent the probability and magnitude may vary between organisations and projects however I recommend you keep them simple so that anyone involved in the project can understand and utilise them.

If you are a project manager then you should strongly consider running regular risk workshops with the project team and also key stakeholders. These workshops are used to brainstorm finding additional risks and to assist with development of mitigation strategies.

Evaluating Risks

Generally it is the responsibility of the project manager to ensure that all new risks are properly evaluated once they have been added into the risk register. On larger projects there may be a dedicated risk manager who holds this responsibility.

The first step in evaluating new risks is to validate the risk. This includes ensuring that the risk is not duplicated in the register and also identifying and separating out issues, which are impacts that have actually occurred rather than those that might occur in future.

Once a risk has been determined to be a valid new item on the register, then the probability and magnitude estimates from the risk creator are also reviewed to ensure they are appropriate and consistent with other risks.

Monitoring and Control

Each risk on the register should be allocated to an owner, who has responsibility for determining the appropriate mitigation strategy and also for monitoring the risk on an ongoing basis. Make sure that the risk owner is someone who is in a position to understand and respond to the specific risk being assigned to them and also ensure they are aware of and agree ownership of the risk.

For each risk, ensure there is one or more mitigation strategies identified. This may be as simple as determining that the impact of the risk is negligible and nothing further is to be done, however in most cases an active strategy will be required to reduce the probability of the risk occurring or to address the possible impact. It is essential that clear and realistic dates are set for achieving each mitigation.

On a regular ongoing basis, preferably weekly, the risk register should be reviewed to determine whether actions have been taken and whether the probability or impact of a risk should be adjusted.


Any risk that is evaluated as having a potentially significant impact on the project or that is viewed as highly likely to occur should be escalated to the appropriate group or individuals. Similarly, any risk where the required actions are overdue should also be escalated. The escalation path will depend on your project governance structure and is likely to include a project or programme office, project sponsor and steering committee.

Improving Certainty of Delivery

Good risk management increases the likelihood or project success by decreasing the probability and impact of negative events on the project. By proactively identifying and preparing for potential issues throughout the life of your project you will be well prepared for challenges as they arise and can reduce the chance of potential threats becoming real problems.

Go Kart Accidents – Risk Management

Go karts are fun. They make you feel like you are in a Formula 1 racer. You are so close to the ground that it feels like you are going 100 mph. At that moment the farthest thing from our minds is the reality of racing, especially the history of racing, where people died.

We almost forget that a teen idol James Dean rolled his Porche Spyder and lost his life. There is a glory to racing, and there is the tragic to racing.

Back then, that was the learning curve in racing. It was a later innovation to use roll bars, roll cages and better safety equipment to prevent such catastrophes.

The reality though is most people do not want to face this: accidents do happen.

We tend to have these nerves of steel, which steal reality away from underneath us.

We need to ask the following questions:

– What contingency plans do I have that will cover an accident?

– Do I have insurance?

– What if a neighbor rides my go kart and hurts themselves?

– Do I have insurance that will cover them?

– Or how will this be handled?

– Can I get insurance for a go kart?

The grief of fretting mothers needs to be considered at the outset. Put yourself in a mother’s shoes, and you will get the idea.

Translation Trees don’t move, you will. And probably in the opposite direction like a super ball!

Go karts to a mother are equal to NRDD :

– Noise

– Recklessness

– Danger

– Death.

You may not think an accident can be that severe, however, counting the cost is a large part of go karting. An understanding of vehicle dynamics and the potential disasters that can occur when gokarting need to be grasped and understood.

When we watch “You-Tube” and see some Yahoo jumping off a roof and landing on his privates, we know that is dumb. If we know that is dumb then we need to put similar thinking into keeping the “dumb” in the closet.

Insurance is designed to repair the broken bones and the scrapes, but the unsaid is that it cannot repair a paraplegic or a broken neck. Even Christopher Reeve didn’t make it…don’t think that gokarting is any different.

A healthy fear of the laws of nature and their reaction towards gokart performance is a good thing.

Your job here is to minimize those risks…

Hence the next section “How am I going to Drive This Go Kart?”

Corporate Message Management Risk Avoidance Considerations

Beyond the capabilities that corporations need to have in their messaging platforms from a business usefulness perspective, they need to be thinking about implementing capabilities in their messaging infrastructures that ensure that the e-mails they send out get into the hands of the people they are sending them out to.

In addition to the importance of efficiently sending out millions of messages daily where messages need to go out quickly, without fail and they have to “Reach” recipients, outbound IP addresses have to be White Listed as far as is possible with every ISP globally. This means not just passively sending messages in the hopes that they get there, it means:

  • Taking pro-active steps to get “White Listed”, monitoring ISP’s continually to ensure that the corporation remains white listed, and knowing how and when to act when issues start to occur within an ISP so that it can pro-actively sort out an issue before becoming “Black Listed”.
  • Monitoring where ISP’s put e-mails that are sent out. For example, are they getting sent to a user’s primary e-mail address, do they get blocked or does the ISP send the corporation’s messages to junk mail? A corporation’s messaging platform also should then have the capability to correct the blocking and Junk mail scenarios with these ISP’s when they occur.
  • Keeping a corporation’s used “IP Addresses” clean, usable and recognizable globally as being OK to deliver and OK to receive by each mail service ISP.
  • Monitor ISP’s to ensure each e-mail sent to them gets delivered to an authentic account holder and if an e-mail address sent out is invalid, the corporation needs an internal system that instantly blocks us from sending out a second e-mail to a “dead-drop” to avoid being blocked by an ISP for sending messages to dead e-mail accounts.

Additional individual message management and control capabilities that should be implemented also include:

  • Ensuring message header verbiage and content pass scrutiny by ISP’s reading them for certain “Key Words” that could label them as potential spam
  • Ensuring that every e-mail sent out has an opt-out feature available to the recipient and ensuring that the corporation does not send a second e-mail after an opt-out to avoid SPAM complaints which also can get the corporation black listed.
  • Depending on the corporation’s volume considerations, it may need to have a “Revolving Set” of virtual, valid IP addresses that are used to send out messages to always try to reduce the volume of e-mails sent to individual ISP’s as they will block high volumes of e-mails coming in from one IP address.
  • The corporation will need to in an automated fashion, “cleanse e-mail send out lists against suppressed and banned email addresses
  • Automate the subscriber grievance response process to ensure each grievance is addressed quickly and consistently to a customer’s satisfaction.
  • Automatically manage bounces in a professional way as they occur to avoid getting blocked or “Black Listed” by an ISP.

In looking for your solution, remember also that higher-end solutions that are able to solve all or most of the above considerations are usually implemented on your internal servers as this gives you the most control of your messaging systems and IP addressing solutions. This is an added implementation cost that you will need to factor into your solution.

Remember also that you will need to build in certain levels of fault tolerance into your solution – this means server redundancy, automatic fail-over features in case of a crash, and automated IP address fail-over solutions in case an IP address you are using gets compromised.

If you opt for a lesser solution, you will probably be looking at some form of service bureau implementation and they will have their own concerns about the safety of their shared IP addresses that you would be using on their platforms. And it is not unheard of to have some other organization who shares your outbound physical IP address to bring you down occasionally if their message management processes are not strong enough from a risk avoidance perspective. So be prepared with a fail-over plan if you must use one of these solutions for your enterprise.

The purchase decision for the message management platform you ultimately select and implement for your corporation will naturally be predicated on the volume and types of messages you need to send out, the importance on these messages getting into the hands of the people you send the messages to, and the criticality of your enterprise that the messages get sent out and accepted. For example, what will it cost you if you are “black-listed” with ISP’s for a week or two and you can’t get your messages out to your intended recipients?

Putting in “fail-safe” or close to fail-safe solutions for your message management platforms will cost you more money to implement but be fully aware of what it could cost you if your messaging systems fail you for any length of time.