Plan for project success with risk management

Sword GRC Blog

Plan for project success with risk management

Why do so many projects fail to deliver? Delays in schedules, overruns in budgets, creep in project scope, failure to meet business requirements… they’re by no means unusual, but why do they keep happening? Could it be that despite increasing awareness of the need to identify and manage risks effectively, in too many instances, organizations are resorting to traditional or legacy risk management approaches (aka spreadsheets)? 

“Uncertainty in projects has always been a constant, but the Covid situation has added whole new nuances to risks and further ‘unknowns’,” says Sword GRC’s Marketing Manager Jenny Ritson-Smith. “Add HR and resource, process, technology and geographical risks into the risk management mix – with their knock-on financial and reputational costs – and the challenges for risk professionals are only heightened.”

In a ‘Perspectives’* piece considering the reasons behind project failure and associated risks, Gabriel Rodriguez, partner in Deloitte Canada’s Risk Advisory practice, commented: “Organizations typically think they have risks covered. Traditional project management methodologies include a risk management stream. Project managers will almost universally tell you they have a risk log for recording risks. People who pull together business cases will say they included risks and assumptions. But what often happens is that the risks aren’t actually addressed in a substantive way and frequently are not accounted for in the project budget.”

Rodriguez considers that a shift in mindset is called for. “There’s been a sort of ‘conspiracy of optimism’ about project risk – the tendency to say everything will be fine, or simply using benchmarks and outdated data to explain deviations from original plan and budgets. Risks get minimised, put in a risk log, and forgotten (until something goes wrong). Even then, organizations have come to accept project challenges and failures as a normal part of doing business. They’ll look backwards to see what went wrong in a project, but go ahead and use the same project methodology in the future.”

The new mindset, he suggests, is that success is the only acceptable outcome and that in order to attain this, “we need to plan for success, control our performance and manage risk. There’s a direct correlation between success and controls as well as project complexity and execution; however not all controls that work in one environment will work in others. As we become risk intelligent, we need to be control efficient.”

Technology is an enabler and reliance upon traditional project risk management systems – mostly involving spreadsheets – will no longer support a new way of thinking about risk and project success.

Ritson-Smith says, “Informed decision-making calls for real-time risk data collection, not out-of-date information collated within spreadsheets that are difficult to manage and time consuming to work with, making the data obtained from them so hard to manipulate and analyze. Using spreadsheets may enable risk management boxes to be ticked, but it doesn’t support the proactive approach and risk management best practice that is so critical to project success.

“The right tools can bring real value to project risk management,” she continues, “and the ability to access timely, quality data enables risk professionals and leadership to make the appropriate decisions, keeping project objectives in mind.”

Available on premises or via the cloud, Sword GRC’s fully integrated software platform enables a clear, consolidated view of risk, project and enterprise wide.

Learn how our market-leading risk management software supports project success and drives business success for organizations across all sectors.

*Project risk | Deloitte | Risk Angles | Governance, Risk and Compliance services | Article | Perspectives