When you’re in the middle of a crisis, nothing sounds better than the ability to see into the future. While that’s normally considered impossible, you do have access to the next best thing – Risk Management. David Appleyard, principal consultant with MI-GSO | PCUBED UK, joins James Lewis and Kerry Davies to explain why risk management is an essential activity to inform more proactive decision making.
James Lewis: Good morning, everybody, and hope you’re all staying safe and feeling well. Welcome to the latest and in the Coming Out Stronger Podcast series. Today we’re going to be talking about risk assessments. Really critical topic, very relevant I think to all of our roles. And in order to carry out this conversation, we have two very strong consultants posing the questions.
Kerry Davies, who you will maybe remember from the recent Diversity and Inclusion podcast, and if you haven’t heard that, then do so, it’s well worth the listen. And then a familiar voice, also taking up the SME role as an interviewee, David Appleyard. Last heard talking to Ian Mulder about Decision Analysis Framework.
So, without further ado, I am going to hand that baton over to Kerry.
Kerry Davies: Thanks very much, James, and hi, David. Really looking forward to speaking to you today about risk management, but before we kick-off, could you please just introduce yourself to our listeners?
David Appleyard: Of course, Kerry. I’m Dave Appleyard. I’ve been with MI-GSO | PCUBED about four years now, and for the last two years I’ve been an engagement manager for a packaging company, where we support Group IT in merger and acquisition activity, and recently divestments, and also in supporting the cybersecurity initiatives.
Kerry Davies: Okay, great. So, why is it that you want to talk to us about risk management?
David Appleyard: Well, before I joined, I spent 25 years in the high risk activity of oil and gas exploration, specifically on seismic data acquisition and processing, both onshore and offshore.
In this industry, I’ve spent many years working in quality management and health, safety and environmental management, where risk assessments are critical to the commercial success of any project that we undertake.
It’s an activity I think is essential, but it’s also an activity I think that’s often given really superficial treatment and frequently poorly done. In my experience, it’s often something that I see a project manager do on their own at the start of a project in a darkened room to tick a box. And then the risk assessment is just not revisited throughout the life cycle of the project. I thought this podcast might be an opportunity to pass on a few tips to the audience.
Kerry Davies: So, you’ve got some really valuable experience in an industry where risk management is absolutely critical. So, tell us then, how should a project manager approach risk management?
David Appleyard: I suppose the starting point is that all the projects that we get involved with as MI-GSO | PCUBED consultants have a high level of uncertainty or risk in them. Otherwise, we wouldn’t be engaged. Some things we know we don’t know at the start of the projects, and other things are just completely invisible to us.
Firstly, we need to capture what we don’t know, because that simply is a risk. I do think it’s right to conduct a risk assessment at the start of a project, but it’s not a solo activity, and it needs to be done thoroughly and carefully with a wide team of project participants.
It’s a diversity of the views that’s essential, since no individual involved in a project team has all of the answers.
As an example, I was once running a risk workshop for a marine seismic acquisition survey, where multiple vessels work together to gather a very detailed picture of the subsurface of the earth; by sending sound waves down into the earth, and gathering the energy that bounces back on streamers.
Each of the vessels may tow multiple streamers, up to about 14. And these are essentially long cables that are towed behind the vessel up to 10 kilometers long, studded with microphones to receive sound signals. Now, these vessels under streamers formed the largest floating landmass on Earth, essentially.
So, having several of these operating in very, very small environments caused this awful complication and potential risk. Where the diversity of the views and the differences in views becomes important, is that the local crew that staffs the vessel may understand the tides. They may understand where fishing gear may be located that impacts and potentially entangles the streamers.
The people who manage the equipment on board the vessel, understand how deep it is underneath the vessel, which needs to be understood to assess the risks associated with shallows.
And the navigators on the vessel understand how the vessel performs and potentially the risks associated with entangling these streamers if they turn to tightly. Having multiple different views and having many people involved, just allows for a much more holistic assessment.
Secondly, risks change frequently, and they need to be reviewed frequently, and updated, and kept alive by the whole project team. They can also move in time, disappear, be triggered by specific project activities or external events. Severity, proximity, and likelihood of occurrence can all change rapidly.
For example, in the risk review I mentioned earlier, if the survey were in the Amazon Delta, for instance, the particular times of the year where weeds can appear overnight, which can be disastrous if you’re towing a hundred million pounds worth of equipment. The streamers can very, very quickly become a very, very expensive pile of spaghetti. I think if you watch the last series of Amazon Prime, The Grand Tour, it was an example in that, or just this sort of weeds occurring.
Thirdly, risks need to be assessed not only qualitatively, using the standard five by five risk matrix we see in Project Online. But also quantitatively, for both the costs estimated if the risk occurs, but also for the impact on the benefits case if it does occur. This is important to communicate with senior stakeholders and secure finances for any mitigation or contingency planning you need to undertake.
If you’re asking for £10,000 for a mitigation plan, you need to be able to show to your stakeholders the potential impact on your project if you don’t do it.
Kerry Davies: That’s great, David. Some really useful insights. Now, given the current global situation with COVID-19, do you think this is important now more than at other times?
David Appleyard: In my opinion, it’s always important, Kerry. But what we have seen in the COVID-19 outbreak is that the risk to our projects can change by the minute. What we may have been able to deliver today may be impossible tomorrow, as factories and businesses close and reopen and reduce workforces. We’re really in a position where risks of projects need to be reviewed almost every day to see if mitigation or contingency plans remain valid.
In my current client, we conduct team reviews on critical projects on a weekly basis to understand where we can continue to persevere and deliver results. And what we’re seeing is that the status of these risk reviews changes each week.
Kerry Davies: Okay. Now, you mentioned some mitigation plans and contingency plans, so I assume these are different.
David Appleyard: Yes, they are. Similar, but different. The differences are really, that in mitigation plans, these are actioned immediately to mitigate either the probability for risk occurring or the severity.
For instance, if you’re driving a car, you can wear a seat belt. This will only have an impact on the potential severity should you be involved in a crash. Alternatively, if you restrict the amount you drive, that would reduce the probability. So, mitigation plans are activated immediately.
Contingency plans are a subset of this, really, because they’re only activated if and when an event occurs based on the specific trigger event.
The thinking behind this is that if an organization makes the decisions on how an event will be managed in advance, when the event actually occurs, plans can be activated quickly without the need for extensive decision making.
Kerry Davies: So, to summarize, and let’s see if I’ve got this right. You build risk assessments as a team, revisit them frequently, and keep them up to date. You also assess them both quantitatively and qualitatively to measure the potential impacts. Is there anything else we need to consider?
David Appleyard: Yeah, just a couple of things I’d say, Kerry. The main one to say, is that we also need to add in communication and the sharing of the risks.
Quite often, I’ll see slides of the whole risk register being presented to executives, to tick a box and to show to your steering committee that risks have been considered. This is essentially just presenting them with data because you have it. In my opinion, it needs to be much more focused.
Which are the biggest risks to the project? How close are they? Are they likely to strike tomorrow? What’s the financial impact? If they do occur, are my benefits going to be delivered?
Really, they need to focus on giving the executives the information to enable them to make the decisions they need to take to support you in your delivery.
Focusing on fewer and higher impact risks in more detail and with the data to support you in an appendix, allows for a much richer and more valuable dialogue and far stronger decision making in your project.
Kerry Davies: So importantly, answering that, “So what?” question. Excellent. And finally, what would be your takeaway message for the audience?
David Appleyard: I’d say don’t rush it. Don’t treat it as a tick box exercise. And don’t forget that not all uncertainties have negative consequences. Look for opportunities to accelerate your projects, such as taking advantage of technology changes or faster than anticipated delivery of suppliers to put you on the front foot and deliver your benefits earlier.
Kerry Davies: David Appleyard, some really interesting insights and advice on risk management. Thank you for sharing.
David Appleyard: And thank you for interviewing me, Kerry.
James Lewis: Thank you, David, thank you, Kerry. That was a fascinating exposition of some of the key things we need to consider when doing risk assessment and management.
I hope you enjoyed it out there in the MI-GSO | PCUBED family and community. Thank you again to our indefatigable sound engineer and editor, Charles Wilman, and a very good and safe afternoon to you all. Thank you.
A monthly digest of our best articles on all things Project Management.