The Influence of Risk Tolerance on Risk Response Strategies

In a prior post on selecting means of communication, I quoted Master Kan, from the pilot to the early 1970’s television series, Kung Fu:

Avoid, rather than check. Check, rather than hurt. Hurt, rather than maim. Maim, rather than kill. For all life is precious, nor can any be replaced.

We should adopt a similar rubric for selecting risk response strategies:

Avoid, rather than transfer. Transfer, rather than mitigate. Mitigate, rather than accept. For all risk response strategies have both a cost and a residual risk.

Selecting Risk Response Strategies

I bring this up because I see so many organizations and managers choose to mitigate or accept risks that they could otherwise avoid or transfer. Avoiding a risk usually results in an opportunity cost, or at least deferring the benefit, but it tends to result in the least residual risk. For example: responding to a schedule risk by removing some element from scope avoids the risk, at the opportunity cost of not having the capability provided by that element. Transfer and Mitigate responses usually have at least somewhat predictable direct costs while retaining some residual risk. Accepting a risk means it’s all residual, and acceptance can have a complex mix of direct and opportunity costs.

In some cases, it’s about the perceived cost of the safer responses. But I see it happen most often in organizations following a merger or acquisition, where they haven’t reached an end state in their evolving culture. Perhaps one of the predecessor firms had a greater appetite for risk; perhaps middle management has internalized the acquisition itself as a willingness to take on significant risk. Or maybe their appetite for certain types of risks is higher than that of their new colleagues.

A few years ago, I worked with a customer that was being acquired by a much larger firm. They had initiated a project for the express purpose of reducing the chance of being found in non-compliance with a legal requirement, although they had relatively little exposure. The cost of the project far outweighed the potential cost of being found in non-compliance, or of making improvements to their existing manual process. But the decision-maker felt that the non-compliance risk absolutely had to be mitigated. That said, the project itself was very risky, in terms of schedule and quality. It was kicked off late, the vendor provided a relatively inexperienced team member in a key role, and there was no internal consensus on what business rules should be embedded in the process. In the end, a senior manager in the acquiring firm killed the project. Their view of the bundle of risks was quite different, and they decided to accept what they viewed as a relatively low-cost, low-impact risk, rather than take on all of that residual risk.

Gauging Appetite for Risk

It is extremely difficult to measure risk tolerance, or even to describe it in meaningful terms. In an interview, I once asked a PMO director about their organizational risk tolerance. He admitted that the question had never been asked before, and struggled to answer in a way that would be actionable for a contract project manager. Plainly, no organization is willing to admit that they have little appetite for risk, although few can express what level of risk they find acceptable. But in order to suggest risk response strategies, the team will benefit from an understanding of how the organization views their choices. So, let me propose a few interview questions that might start the process of gauging appetite for risk:

  • Are you willing to replace an established vendor with an acceptable level of performance in order to reduce costs? While the new vendor might have a lower price, any transition will have a learning curve and lower quality. If this is an acceptable trade-off, then they should be seen as having a somewhat higher appetite for risk.
  • Are you willing to accept higher retention risk after an implementation project is completed, in order to avoid the costs of augmenting your staff with temporary workers? Most projects that replace a legacy system provide a platform for team members to gain new skills and experience, and it is common for some folks to seek out greener pastures. If cost avoidance matters more than staff retention,  then that tells you a bit about what risks they are willing to accept.
  • Are you willing to accept higher quality risk, in order to finish on schedule? If the project does not have an immovable finish-by date, follow up with questions on what drives this response.
  • Are you willing to defer some deliverables in order to reduce schedule risk? The answer can lead to some interesting discussions on perceived benefits of the project deliverables.
  • Are you willing to add administrative complexity, in order to reduce implementation risk? Again, this speaks to the trade-off between quality and cost.

While this list is not particularly comprehensive, I think it will provide some insight into the organization’s appetite for risk. Or at the very least, their tolerance as it applies to the proposed project. If you have some additional interview questions you’d like to add to this short list, please leave a comment.

New PM Articles for the Week of January 6 – 12

New project management articles published on the web during the week of January 6 – 12. And this week’s video: Mike Clayton shares several witty quotes on nature of projects and the challenges of managing them. Irony, insight, and a couple of laugh-out-loud moments. 6 minutes, safe for work.

Ethics, Business Acumen and Strategy

  • Rich Mironov wants to promote industry discussions about a product code of ethics, to prevent unintended consequences and product misuse. 7 minutes to read.
  • Sharlyn Lauby suggests a half-dozen ways to improve your business acumen. Strategies that work for an HR manager also work for a project manager. 3 minutes to read.
  • Greg Satell on Amazon’s new quantum computing service: “In an ecosystem driven world, power doesn’t lie at the top of value chains, but at the center of networks.” 5 minutes to read.

Managing Projects

  • PMI will make the exposure draft of the seventh edition of the PMBOK available for public comment and review on January 15. Just a minute to read.
  • Cornelius Fichtner talks with Rich Maltzman and Jim Stewart about their new book, How to Facilitate Productive Project Planning Meetings. Podcast, 37 minutes, safe for work.
  • Praveen Malik demonstrates five ways to customize the Gantt chart view in MS Project, a great tool for communicating the schedule. 4 minutes to read.
  • John Goodpasture describes the role of the system integrator in really big projects and programs. 2 minutes to read.
  • Kiron Bondale reflects on how we might handle unresponsive key project stakeholders. 2 minutes to read.
  • Doc Norton expounds on Goodhart’s Law and why guidelines are better than targets. 2 minutes to read.
  • Esther Derby distinguishes between training and education, and why they are better together. 2 minutes to read.

Managing Software Development

  • Stefan Wolpers curates his weekly list of agile content, from the Descaling Manifesto (not about coffee makers) to team rule-breaking to Scrum Masters on a CEO path. 7 outbound links, 3 minutes to read.
  • Gábor Zöld curates his monthly engineering management resource roundup, from scaling a distributed team (also not about coffee makers) to managing managers to deliberate appreciation. 10 outbound links, 4 minutes to read.
  • Simran Pandey explains how a proof of concept can be used to test an assumption or product idea. 5 minutes to read.
  • Gilad David Maayan describes five metrics that should be useful for teams using agile methods. 4 minutes to read.
  • Tom Cagely begins a series on the issues we commonly encounter when developing a value stream map. About 3 minutes to read. Part 2 is also about 3 minutes.

Applied Leadership

  • Happy IPM DayRuchika Tulshyan gives us permission to ask people how to pronounce their name correctly. Roo-CHEEK-Ah. 7 minutes to read.
  • Gina Abudi asks, have you considered the impact of the change you are leading on you? 2 minutes to read.
  • Adam Grant, an organizational psychologist at the Wharton School, shares his recommended reading list for leaders. 5 minutes to read.

Cybersecurity and Data Protection

  • Michael Grothaus reports that both Mozilla and the US Department of Homeland Security want you to update your Firefox browser. Like, right now. 1 minute to read.
  • Dorit Dor asserts five trends will be prevalent in cybersecurity in 2020. 4 minutes to read.

Pot Pourri

  • Dana Kozubska reports on several trends related to the Internet of Things that should influence business decisions in 2020. 5 minutes to read.
  • Roland Flemm begins a series on systems thinking with an examination of wicked problems. If you are going to intervene, choose wisely. 7 minutes to read.
  • Anne Quito and Dan Kopf illustrate the dispute between designers and statisticians on what makes a good information graphic. 8 minutes to read.

Enjoy!

New PM Articles for the Week of December 23 – 29

New project management articles published on the web during the week of December 23 – 29. And this week’s video: ER doctor Darria Long explains key lessons from hospital emergency rooms on handling stress and chaos. Great examples from a great storyteller. 14 minutes, safe for work.

Ethics, Business Acumen and Strategy

  • Karen Hao calls for the ethical development and application of AI and related technologies. 3 minutes to read.
  • Emily Daniel pinpoints the trends in AI development and application that will command real investment in 2020. 4 minutes to read.
  • Peter Diamandis gives his take on how 3D printing will completely change retail. 4 minutes to read or 7 minutes to the podcast, safe for work.
  • Anna Prist predicts the trends for voice technology in the coming year. 5 minutes to read.

Managing Projects

  • Mike Clayton presents a capstone essay on how to be the best project manger you can be. 14 minutes, plus a couple of linked videos.
  • Anna Balyuk and Anna Bashyrova analyzed over 50 job requisitions at Amazon, Apple, and Google to determine what they are looking for in project managers. 7 minutes to read.
  • Roger Swannell shares his thoughts on how Microsoft Teams might be used by actual teams, as well as how it might be improved. 6 minutes to read.
  • Glen Alleman recommends Brent Flyvbjerg’s new book, The Oxford Handbook of Megaproject Management. 2 minutes to read.
  • John Goodpasture shares his short course on risk management. About 3 minutes to read through the 23-slide deck.

Managing Software Development

  • Kiron Bondale gets to the essence of a recent Dilbert strip on shipping a product quickly, for the wrong reasons. 2 minutes to read.
  • Christiaan Verwijs helps us determine whether someone is an actual stakeholder or just an audience member. 4 minutes to read.

Applied Leadership

  • Charles Richard explains seven keys to leading effective team meetings. 4 minutes to read.
  • Liane Davey recommends that we let our team have that heated conversation. Conflict debt is a thing. 6 minutes to read.

Cybersecurity and Data Protection

  • David Balaban describes several social engineering tricks that are often used in targeted attacks. I’ve recently seen two of these in the wild—be aware! 6 minutes to read.
  • Trevor Daughney makes six cybersecurity predictions for 2020. 5 minutes to read.
  • Terry Sweeney explains SIM-swapping attacks, from what they are to how they are achieved (access to the device isn’t required) to potential consequences. 4 minutes to read.

Pot Pourri

  • Sharlyn Lauby states that employee retention will continue to be one of the top priorities for 2020 and provides links to relevant articles on turnover. 2 minutes to read.
  • Suzanne Lucas quotes from a new study that found a partial explanation for the pay gap: men who report to other men get promoted faster. Be aware, be fair. 3 minutes to read.

Enjoy!