On February 12, 2002, Donald Rumsfeld held a DoD news briefing where he said the following:
“Reports that say that something hasn't happened are always interesting to me, because as we know, there are known knowns; there are things we know we know. We also know there are known unknowns; that is to say we know there are some things we do not know. But there are also unknown unknowns — the ones we don't know we don't know. And if one looks throughout the history of our country and other free countries, it is the latter category that tend to be the difficult ones.”
This is classic risk management!
And of course he was lampooned in the press for speaking in such an educated way about risk management. Untrained people with strong opinions are generally a problem for the Project Manager (PM)!
The entire purpose of risk identification is moving risks into the known category so you can assess them and develop appropriate response strategies. I’ll discuss these in a later article.
Risks can be known unknowns, and the PM should investigate these. Most research is based on this as a hypothesis is developed and then tested. In context of Project Management, the testing/research/experimentation identifies or disqualifies a risk.
Remember that uncertainty or lack of information do not themselves constitute a risk, rather they point to a known unknown that needs to be explored.
The most dangerous risk category (as indicated above) are unknown unknowns! If you don’t know about it, how can you assess and logically plan for it? One of the most important jobs that the PM has is to put in place processes to identify risk!
How does the PM do this?
With structure!
Remember, the PM can’t possibly identify technical risk, financial risk, regulatory risk, etc., as well as the subject matter experts. It’s not their job to! It’s their job to put in place the processes to make sure that the risk gets identified.
At the onset of the project the PM gets concurrence from key stakeholders (including the managers of the experts they will need) on how risk identification will be conducted, frequency of meetings, governance board membership and links to other parts of the Project Plan. Links to other parts of the Project Plan are crucial. Risks will be identified in all phases of the Project Life Cycle, and there must be codified processes to make sure the risks move quickly into the assessment process and are tracked to disposal.
We will discuss the tracking of risks in more detail during risk analysis and response strategies.
With the structure in place, the PM needs to make sure that the risk assessment occurs holistically by ensuring that no areas are overlooked. But how?
Have you ever looked through a prism or a crystal into a light? Every time you turn it in your hand it reveals a slightly different light pattern. That crystal/prism is your project!
It is your responsibility to make sure that the experts are looking at the project from a variety of different “angles” to identify potential risk. All of the techniques and tools described in the Project Management Body of Knowledge are nothing more than different ways of looking at the project for risk identification purposes!
It is the Project Managers responsibility to ensure that the chosen tools and techniques are appropriate, that the experts know how to use them and that they are following the processes as agreed upon during project planning.
Proper planning, use of appropriate tools and techniques, and good governance will ensure that the project is moving risks from the unknown unknown category into the know category.
Next – Risk Assessment