Applying PRINCE2’s risk theme to projects

Why is having a method such as PRINCE2 – with dedicated guidance for risk management – valuable when running projects?

PRINCE2 tells you to define the risk management approach as one of the first actions to take during project initiation. This is fundamental as risk identification precedes the project plan definition.

It also recommends maintaining some form of risk register, depending on the complexity of the project. Having a simple risk register sends a very powerful message: it doesn’t need to be an endless series of columns and ratings; in some cases a simple, short list of risks and actions is enough.

And, as the project progresses, you and the team learn from experience and adjust the mitigations as needed, which works really well for risk management.

In smaller projects, your scarce resources are really precious. So, I recommend the project manager is the sole owner of the risk management process while the rest of the team focuses on executing work packages, which should contain risk management measures. The exercise of identifying risks can be done just once at the start of the project, before the project plan is finalized and work on products starts.

For example, in my organization, we had to re-design a process for invoicing in a particular country. To mitigate a specific risk the project manager decided to train part of the team on a new tool. Here, the cause and the risk were invisible to the team, who just focused on learning about the new tool and process. Similarly, when planning a new office project, the risks around having internet access and furniture delivered on time were solely for the project manager’s risk register.

However, with larger projects, the number of risks is greater, complexity is higher and visibility for the project manager is more difficult, so this needs to involve the team directly in risk reviews. For example, construction projects in our company have visible risk registers, include risk reviews and risks are reported as a key project control.

If you understand the key events that will change the risk profile of your project, for example placing a large order or obtaining an investment authorization, use these moments to engage the team in risk management conversations; then you are making risk real for the organization and can manage it better.

By engaging with the project team and board in these key moments, you understand their view of risk and what you capture should go straight into the project plan. Consequently, what the team sees day to day mitigation actions. This takes them towards an approach of carrying out tasks rather than involving them in the process of risk management.

This is especially important to gain credibility with the project board. Though its members may not be involved with a project day-to-day, they have a high awareness of the potential impact of risk on a business case.

Seeing that it’s being managed effectively gives them confidence and trust in the project manager and team.