Project risk managers discussed thought-provoking topics at a recent Risk Agenda 2025 event held in London. Here is a summary of some of the views expressed
A lot of people do not appreciate the value that risk managers add to their projects. It can be difficult to see where £10 million has been saved, for example, because the project manager may have saved the money anyway by finding a smarter way of working. It is better for risk management to be embedded in the project rather than being seen as an add-on.
Risk managers could focus more on building a culture of risk management both within the project and beyond. Risk culture can be influenced by changing the metrics by which people are rewarded. But some at the meeting felt that culture is too diffuse a term to work with. Instead, they argued, risk managers could help ensure that business values are clear.
Clashes of values are common. For example, there can be a misalignment between the goals and objectives of project managers and others in the business. At a deeper level, some risk managers felt that a key problem for risk management and internal audit is balancing the objectives of the board, which can tend to lean towards short-term profit, with the long-term view which is more suited to managing risk. Clear communication is key.
They need to engage with leadership in a way that is quick, sharp and efficient. Key questions to ask those involved in a project include, what would help you do your job better? The question can be posed equally at the top and the bottom of the business.
Infrastructure risk management is changing rapidly and is likely to affect the role of risk management in the future.
Vinay Shrivastava, the recent chair of IRM’s infrastructure SIG posed some provocative statements for the attendees to debate.
Risk data does not lead to better decision-making reference.
While people talk about using big data, an empirical study in Thinking fast and slow by Daniel Kahneman showed that senior leaders are more likely to be influenced by culture than by data. That shows that risk culture influences decision-making more than risk data.
In a chaotic environment, the best way to manage emerging risks is to not try to identify them.
The fundamental flaw of a conventional risk management approach is its overdependence on predicting risks. Risk managers can only predict a known unknown. The alternative is to focus on controlling areas of uncertainty from which risk emerges. That approach acknowledges the fact that risk managers can never to predict all risks. Instead of being obsessed with known, and known unknowns, the idea is to control areas of uncertainty and manage those.
Risk managers need to be able to predict what will occur in all likelihood and understand that prediction is a spectrum know when to draw a line and stop.
Risk management approaches should be tailored to situational complexity
A knowledge-based approach to risk management doesn’t always work in chaotic environments because the situations are too complex. For such environments, managing uncertainty may prove more helpful as compared to a traditional, linear approach to managing risk.
Agency theory suggests that the interests and habits of people on your team can be informed and therefore influenced by the company’s values and its culture. This approach is not easy to implement as the differences in views of the attendees had already indicated. The issue is further compounded when dealing with other cultures where it can be difficult to define and align values. Attendees agreed that In risk management people needed a pragmatic approach that operated on a project level in the way that brought those different cultures together.
Current trends that the group identified included
The meeting was chaired by Clive Thompson, Risk Agenda 2025 chair and senior projects director at Willis Towers Watson and Vinay Shrivastava, the recent chair of IRM’s infrastructure SIG and director, UK Infrastructure Risk Management Turner & Townsend