- Look at all of the overdue actions and chase up the action owners for their status
- Talk with all of the risk owners and ask for the current status of their assigned risks
- Close out all of the risks that have expired, as these risks can no longer materialize
- Finally, ask yourself why the risk register has sat in that drawer gathering dust, rather than serving as a useful aid in ensuring the success of your project or turnaround
There tend to be many reasons why the risk register ends up as a box you had to tick to get to the next phase of your project or turnaround, rather than a useful tool. Here are three of my favourite comments from event teams:
- “We don’t really understand the risks.”
In this case, the problem usually lies in the fact that the risks have been written in a vague manner and lack a true focus for action. Whenever a risk is identified, it should be structured into 3 parts:
- The Event – This should describe exactly what it is that’s worrying us. What is the event that, if it happened, would jeopardise the success of the project or turnaround?
- The Consequences – We need to describe the consequences of each risk in order to guesstimate the impact on our operation should that risk occur. This step helps us to prioritize the risk list so we can really focus on what’s important.
- The Causes – These are the reasons why the risk event might happen in the first place. This is where we should aim our mitigation efforts. All of the actions we take should be linked in order to eliminate or mitigate these causes. In cases where you can’t find any causes, instead focus your efforts on stopping the consequences from happening.
Try writing every risk statement in the form:
“As a result of (cause(s)), (risk event) may occur, which would lead to (consequences affecting event objectives).
Here’s an example:
“As a result of having many stakeholders, we may take a long time to gain alignment on the scope and execution strategy, with the result that the project experiences significant delays at each major decision gate.”
- “The register is overwhelming; with so many risks, we don’t know where to start.”
The register often contains a multitude of business-as-usual risks, ones that are already being managed with standard procedures that are used at the site or on the project.
You can strip these out. The risk register should only contain risks that require mitigating actions over and above the day job. By asking yourself, “What is different about this project or turnaround, compared to previous ones?” you should end up with a succinct risk register, one that if managed well will truly help to ensure that you meet your objectives.
Also try asking yourself, “What has gone wrong in previous projects or turnarounds?” Perhaps the existing controls don’t work well enough. How can you do better? What additional actions might be effective?
- “As a Project Manager/Turnaround Manager, I just can’t find the time to work the risks or chase the team.”
Typically, managers don’t recognise the need to delegate the risks to risk owners within their team. Instead, they end up trying to manage far too many of the risks themselves. Their failure to manage this overabundance of risks sets the tone for the rest of the team, who see risk management as a chore they can ignore.
Instead of bearing the burden of risk management by yourself, delegate each risk to a single accountable owner. In doing so, ensure that no one owner has more than 5 risks requiring action in any one period, and appoint someone to do the chasing and following up on risk status and actions (“risk energizer”). In my experience, there is a strong correlation between teams that manage risks well and those that have a risk energizer role. However, most teams can’t afford the luxury of such a role, full-time, on their team. As an alternative, the role can be part-time, or one risk energizer can be shared across multiple project and turnaround teams. In order to be truly effective, these risk energizers need some formal training.
Hopefully that risk register is now starting to take shape, and over the coming months will turn out to be the useful tool you hoped it would be the first time around. Like anything else, it will benefit from a good workout in the gym, so remember to make risk an agenda item at your regular meetings. Don’t try to go through all the risks. Instead, ask the risk energizer for the risk “hot spots” (overdue risk reviews, overdue actions, risks that may occur in the near future, etc.) After all, it’s their job!
Authored by Steve Jewell – Risk Management Practice Leader | AP-Networks
To find out when new posts go live, follow AP-Networks on LinkedIn.