Think about whether, while preparing for a new venture, you have taken a moment to consider if you or your company are adequately prepared to fully undertake its implementation? Have you ever impulsively taken initiative without careful analysis, only to unexpectedly encounter difficulties? Did impulsive action work out for you? Probably not... Why does it happen that we take on tasks that we may not be able to accomplish? Many people, including my acquaintances, get palpitations just from the word "risk", but is it justified? Every day, each of us takes risks; this process lasts throughout our lives. After all, none of us knows our future, we don't know what will happen just around the corner. The fast-paced lifestyle has accustomed us to not noticing the risks that accompany us, despite the fact that every decision or course of action we take may cause fear and stress. Let's remember what Mark Twain said, "Courage is resistance to fear, mastery of fear, not absence of fear."
Podcast for reading
Imagine that right now you are facing an important decision. As you think about the solution, you may analyze every possible outcome, considering all the gains and losses. But is this way of thinking really appropriate? Notice that in case of failure, you always receive a valuable lesson for the future, and in case of success, satisfaction and knowledge that you have gained to accomplish the task at hand. You never walk away empty-handed. One could say that by taking risks, you always gain something! That's why the true losers are only those who have never tried.
The truth is that even if you have the best plan, vast knowledge, and a team of experts from around the world, you never have a hundred percent guarantee of success. In fact, by taking calculated risks, you also learn more about yourself. After all, it's hard to change anything in your life when you stay in the same state for a long period of time. Yes, I'm talking about your comfort zone, which you have created to feel safe in. Every attempt at change carries risks, leading to different outcomes... damaged health, bankruptcy, or even a better life. Don't let potential downsides overshadow your inner voice when making decisions. That's why you shouldn't be afraid of risks, but rather tame them and turn them into an actionable process!
However, before I present to you the process from which I started building my self-confidence, I would like to draw your attention to one more important element, which I will illustrate with a few examples:
- Daily cooking can be compared to an "almost" completed set of activities that we need to perform to prepare our meal. Of course, with each dish, we develop new habits and routines, but the foundation remains unchanged. Therefore, these activities can be classified as repetitive.
- Classical construction projects also have a vast database of best practices, standards, and ready-made solutions, which I will also classify as repetitive activities, where most of the critical factors can be predicted.
- IT projects are an example of activities where we perceive uniqueness every time participants face new challenges, the occurrence and impact of which were difficult to predict. For example, the project depends on many different third-party libraries that may currently work, but in six months, they may disable some functionalities, ultimately affecting the end product of the project.
Note that in these three examples, certain degrees of risk can be observed. So, how can we define risk? Risk can be defined as an uncertain event or condition that, if it occurs, can positively or negatively impact the project or its achievement. Each risk factor has a specific source and causes that can be classified. Therefore, we distinguish:
- External causes — including publicly available political and legal conditions imposed by the State. Additionally, we can include market conditions and requirements of financial institutions and rating agencies. In short, external causes are not dependent on our decisions.
- Internal causes — encompass the ways in which the project (i.e., the undertaking) is planned, along with the human factors involved. In short, these are all the factors that can threaten the implementation of the project, such as licensing disputes, communication problems, employee leaves, or the technology chosen for use.
So, how can we effectively build a process of controlling our own risk? We distinguish the following methods of risk management. Some of them are obvious, and most of us use them even unconsciously.
- Risk avoidance — a conscious refusal to accept momentary risk. This method is considered irresponsible, of course, depending on the situation in which we find ourselves. Taking on a new assignment when already heavily burdened is certainly a responsible decision.
- Risk retention — can be divided into active and passive. Active risk retention is a conscious decision to retain risk in part or in whole, for example, not paying taxes on time. Passive risk retention occurs when a person or company decides to retain a certain risk.
- Risk minimization — for example, conducting additional analysis to better assess the ongoing project or adjusting the developing system.
- Insurance — the most common method, involving risk transfer, distribution, and control, understood as the preventive impact of insurance on the attitude of the insured.
- Information purchase, such as documentation for open-source libraries, which is an element of the software being developed, or purchasing ready-made templates that can be modified to meet the goals of our project.
- Risk control — actions taken to reduce the frequency of losses and their potential consequences, as well as the reduction of losses after the occurrence of an event that could not be prevented.
- Risk transfer — transferring risk to another entity using legal mechanisms (insurance contract, storage contract, object supervision contract) and organizational or protective actions.
- Risk distribution - a method involving the division of the financial consequences of a given risk among a group of people or entities.
- Integration with the risk plan, involving the integration of action plans for individual risk factors with the overall project plan.
How to approach risk analysis?
Risk analysis should start with an interview to better understand the nature and scope of the project being undertaken. During the interview, all the necessary information should be collected to define the framework of the project that will be implemented. The collected materials may also be useful for later opinions from business practitioners or key employees who have more experience in the chosen area.
„If you do not actively attack the risk, it will actively attack you." - Tom Gilb
Next, using the previously gathered materials such as the project brief, information from the team, company reports, databases, and other reports, we can proceed to perform the analysis, which will involve analyzing our current condition to determine if we are truly ready to start this project at the moment.
Remember that good practice is also to continuously observe your environment, both directly and indirectly. Once you have completed X projects and gained valuable experiences, you can start modeling your processes using computer simulations, such as Gantt charts, which will facilitate the presentation of the actual state of a specific project.
How to deal with risk?
When dealing with risk, we can identify two main elements:
- the probability of an event occurring that may impact the success of your project,
- the extent to which the occurrence of a particular risk factor will disrupt the planned course of your project.
“Never avoid risk! Always try to investigate the ground on which you intend to stand." - Tom Gilb”
Tom Gilb, considered the founder or main inspiration of many technical disciplines such as "software metrics" and "evolutionary project management methods," proposed dividing risk factors into the following groups:
- Known risks, which are risks that we know exist. We only do not know the timing of their occurrence or the impact they will have on the execution of project tasks (e.g., organizational changes in a company, continuous technological development requiring periodic adjustments of IT systems).
- Predictable risks, for which we do not have certainty about when they will occur, but the probability is high enough to consider them in the planning of our project (e.g., dealing with subcontractors based on fluctuations in currency exchange rates).
- Unpredictable risks, which are risk factors that were not previously foreseeable. Examples of unpredictable risks are natural disasters, accidents, or the departure of a key employee from our company.
So how do we proceed with risk assessment in our project? Below are some typical techniques for identification:
- Using checklists that contain groups of typical and/or most common risk factors that we may encounter in our project.
- Decision analysis, which involves considering the factors that will influence decision-making during project planning and implementation.
- Assumption analysis, which involves comparing the conditions assumed for the current project with previous experiences from previous projects.
- Breaking down potential risks and problems into individual factors to identify the risk factor.
Next, we conduct a risk analysis, including assessing the probability and potential impact of potential losses. We can do this based on:
- Cost models based on financial analysis that clearly indicate potential threats.
- Performance models that examine the impact of risk factors on project progress.
- Decision analysis, which aims to determine the potential outcomes of a given event.
- Qualitative analysis, which aims to verify the impact of events on the quality of the product being developed.
The collected information will be an ideal tool for monitoring and more effective control. These actions should also lead to the development of a Risk Management Plan, which will provide solid protection for your life, company, or project in crisis situations.
Please note that risk is the most significant enemy of the success of our venture. Risk management is therefore crucial to achieving our goals, and the application of appropriate techniques allows us to harness and minimize its negative impact. Only cyclical process management and regular task execution guarantee proper effectiveness and results.
I hope that the knowledge I have shared with you today will transform your daily life. Also, remember to subscribe to my podcast on your favorite podcast platform. Take care and see you in the next episode.
Support my work
I am happy to say that I have the best job in the world, and I truly believe in it. However, I cannot deny that despite providing me and others with a lot of inspiration, my job as an independent content creator is not the most stable job in the world. As a freelancer, I invest most of my earned money in equipment and development to continue creating valuable content and sharing it with others.
You can support my creativity through the BuyCoffee platform, which allows for financial support to creators from their audience. Thanks to this platform, you can actively contribute to the development of our productive community :)
Thank you very much for any support!
Leszek W. Król
On a daily basis, I accompany companies and institutions in designing strategies and developing new products and services.