I was listening to a news program last night about current events. One of the commentators said something that caught my attention and I thought that it is a perfect way of describing the challenges that project management practitioners have with risk planning. While the actual content of the news program is irrelevant to the topic, I want to reword the what was said in a question to highlight how we are professionals can start thinking about risks.

“When conducting project planning activities are you likely to take potential risks literally but not seriously or are you more likely to take potential risks seriously but not literally?”

Having reflected on the above statement a bit I realize that in risk planning we often focus too much on the details of potential risks to the point of taking the risk too literally. Ultimately we are blinded to the potential consequences so our plans are too specific to cover vague and obscure risks. We plan for a potential reality when in fact we need to plan for the theoretical. Let me explain with an example.

Imagine you are leading a software development project and one of the potential adverse risk events that you are trying to address is the possibility of a key developer being arrested and out in jail. The potential of this risk materializing might seem ridiculous so in the process of quantifying it we might be tempted to either ignore it (i.e. accepting it) because we might feel that the likelihood is so low that it is not worth planning for, or we might decide that the best mitigation path is to hold some contingency reserves to be used for bail money so the programmer can get back to work. This type of thinking, although a bit extreme to simply explain the point, is what causes us to think of risks in literal terms as a result we are likely to not take them seriously.

The same is true of potential risk events that might lead to an opportunity or a positive reaction. Consider another situation where your project team is working on a consulting engagement with a client and you are doing a fantastic job. Your client is so pleased that they request your support on a new project that requires twice the number of staff members. Your challenge in this scenario is that you don’t have the additional resources and bandwidth to provide the client. As a result the client is forced to go to a competitor thus making this potential risk an opportunity lost for you. So when you are planning a mechanism to address this risk you might decide to go out and hire additional staff members with skills similar to those individuals working on the current project. You might think at the time that you’ve done a good job mitigating such a risk event. However, as it turns out that while the client needs consulting help, the type of technical skills needed are completely different from those on your current team or within the consulting bench that you currently have. Again here you will have developed a risk plan that is too literal as opposed to looking at the broader picture that provides a more global view.

These are challenges that most project management practitioners end up struggling with. Through our career we learn how to become better at risk planning and perhaps intuitively we learn how to become more comfortable with ambiguity and uncertainty. This goes back to the bottom line of the unknown unknowns. How can we plan for an unknown unknown in a specific way? We can’t we have to plan in a general way and allowing this type of ambiguity to filter into the risk plan enables us to cast a wider net that addressed risk in general terms. So in the previous examples, when it comes to the possibility of losing a team member we learn that there are succession plans, backup strategies, and staff augmentation scenarios that we could leverage as opposed to making specific plans related to an event that is most likely not going to occur.

It is important to note also that when it comes to risk planning what makes your risk mitigation strategies more effective is the participation of different skill sets and stakeholders to ensure that diverse opinions and expertise is taken into account when planning risks.

If I had my choice I would rather be both literal and serious about risk. However, in the absence of full information I’d rather take it seriously rather than literally.