Managing risk in projects

  • Published on

  • View

  • Download

Embed Size (px)


  • March 2010 Project Management Journal DOI: 10.1002/pmj 87

    Cover to CoverKenneth H. Rose, PMP, Book Review Editor

    Those curious about the state of projectrisk management will find Hillsonscompact treatment of the topicinformative. He reaffirms the disci-plines foundation, reviews current best prac-

    tice, and identifies new developments. Yet, he

    pulls no punches that organizations struggle

    with risk management. He describes the fac-

    tors he believes are necessary to be successful.

    Hillson notes that risk is rooted in the con-

    cept of uncertainty. His explanation gives the

    reader a way of understanding the sources and

    context of risk from an individual viewpoint,

    broadened to the global view. He expresses the

    relationship of uncertainty to risk as uncer-

    tainty that matters. Yet, he is quick to note

    that uncertainties are not equal. The challenge

    is to identify what is important to the project

    and design appropriate responses. This is

    becoming harder to do, as project managers are falling behind in

    their ability to grasp and apply knowledge timely in the new world

    order of information and change.

    Risk management has a special, if underappreciated, impor-

    tance to project management because projects are particularly

    risky. Common characteristics, such as complexity, assumptions,

    and constraints, introduce uncertainty into projects. But with no

    lack of theory for doing project management, projects continue

    to fail at significant rates. Hillson maintains that a major reason

    is unforeseen eventsrisks.

    Risks, both threat and opportunity, apply whenever there are

    objectives. In general, there are project-level risks and overall

    project risks. The latter is greater than the sum of individual risks

    on projects. Project managers represent the project view while

    sponsors must interface with the overall project risk arising from

    outside the project.

    Hillson provides a pragmatic approach to risk management

    within formal processes identified typically in standards and

    methodologies. There are good descriptions of how to go about

    preparing a risk management plan. For example, he addresses

    how to separate risks from issues and problems using a three-

    part structured risk statement to drive clarity.

    On the people side, he emphasizes being aware of the atti-

    tudes toward risk management. Not only do individuals carry their

    own biases, but collectively groups exert influ-

    ence, too. Hillson helps the reader understand

    the influence of attitudes in the risk manage-

    ment process. He notes that practice in overall

    project risk management is weak, particularly

    in risk response execution. Analysis to action is

    often the missing link; people do not follow

    through, which tends to reflect attitudes

    toward the value of risk management.

    Hillson laments the tendency to separate

    risk management and project management. He

    contends risk management needs to be built-

    in not bolt-on, and woven into the complete

    project life cycle to realize full benefits. Because

    energy for risk management tends to wane after

    identification, project managers need to sus-

    tain appropriate levels of energy end-to-end in

    order to do risk management well, especially to

    activate risk responses effectively.

    He goes on to address integration beyond the project,

    between the project and the organizations vision. This relation-

    ship creates a hierarchy of risks that require attention, or enter-

    prise risk management. It needs to be coordinated actively, not

    just done in isolated areas. From the project perspective, the

    natural interface upward is in the program structure that has its

    own Program Risk Management.

    To make risk management work, Hillson offers critical suc-

    cess factors that have two characteristics: their presence pro-

    motes effectiveness and their absence hinders it. He identifies

    factors internal and external to the project. For example, a user-

    friendly risk management process tends to support success for

    which he offers pragmatic suggestions for implementing.

    Similar treatments are there for factors external to the project,

    such as management support.

    Hillson gets at four primary motives for doing risk manage-

    ment and notes that only one really counts. Organizations do risk

    management reluctantly because of a contract or regulation. Its

    done out of a fear of failure or blame. It is done to copy someone

    else. The one motive that counts, however, is demonstrating ben-

    efits, and he describes a good approach to marshalling them.

    Whether you are developing your own competency or trying

    to jump-start better risk management in your organization, this

    book is a solid resource.

    Reviewed by Paul E. Shaltry, PMP, a partner in Catalyst ManagementConsulting LLC, Worthington, OH, USA, and member of the PMI Standards

    Program Member Advisory Group.

    Managing Risk in Projectsby David Hillson

    Gower Publishing Limited, 2009, ISBN:9780566088674, paperback, 126 pp.,$47.45 Member, $49.95 Nonmember.

    Project Management Journal, Vol. 41, No. 1, 87 2010 by the Project Management InstitutePublished online in Wiley InterScience ( 10.1002/pmj.20156


View more >