Categorizing Project Risks

It sometimes seems that the opportunities for something to go wrong are endless! One way for you to make sense of these endless possibilities is to organize them into easy-to-understand categories.

One of the inputs to risk identification is risk categories. Risk categories should be well defined. They should also reflect common sources of risk for the industry or application area. The industry could be anything from construction to software development. The application area is the customer. There are numerous types of customers depending on who the company is selling the project to. The customers could range from government agencies to an independent real estate developer.

Project risks fall into one of four categories:

• technical, quality, and performance risks
• project management risks
• organizational risks
• external risks

The first category consists of three factors: technical, quality, and performance risks. Throughout the project, project managers should think about whether or not any part of the project relies on new, unproven or complex technology, unrealistic performance goals, or changes to the industry standards or the technology used.

• Technical - Tabitha is in charge of a grocery store development project in Montana. She identifies the new software being developed for the cash registers and security systems as a definite risk. This software has never been used, and a few malfunctions have already had to be addressed.
• Quality - Tabitha reviews the initial blueprints and examines the three-tiered parking garage that will make parking easier for customers. She quickly realizes, however, that the costs of building such a parking garage are not practical and that they will be too costly for this project.
• Performance - Tabitha realizes that it is important to estimate the store completion date as accurately as possible to please the client. A risk that could seriously affect this date is unrealistic performance goals of the construction workers hired for the project. Tabitha takes note of this risk.

The next risk category is project management risks. Some examples of project management risks are:

• poor allocation of time and resources
• inadequate quality of the project plan
• poor use of project management disciplines.

Meril is a project manager in charge of a grain hybrid research project for Flax Technologies. He has a staff of 23 people that assist him with the various tasks involved with this project. Meril struggled a bit with the last project assigned to him. This was, in large part, because many of the project's identified risks became reality. This time, he is very careful to avoid losing valuable time and resources because of a lack of a comprehensive project plan. He also develops a clear and well-organized schedule outlining duties and deadlines.

Meril monitors the costs of this project very closely and catches discrepancies early. He takes a proactive approach and it pays off. The grain hybrid research project is completed under budget and ahead of schedule.

Another type of risk category is organizational risks. Examples of organizational risks are: cost, time, and scope objectives that are inconsistent, projects that are improperly prioritized, funding that is inadequate or interrupted, or resources that are inadequate or unavailable. Organizational risks are most often controllable. Dealing with organizational risks effectively can increase your organization's overall success exponentially.

In 2001, Quarry Properties had to complete a large redevelopment project in Asia. A project manager saw that the money allocated for this project and the completion date looked unrealistic in the project plan. The plan was modified and the risks were minimized.

Lavender Pharmaceuticals had three important projects underway last year. The project managers in charge of each project were aware of which project was most important to complete first. Resources were reallocated when prudent.

Dahl Insurance developed a new flood insurance program last year. When Pete, the project manager, examined the budget for this project, he noticed that funds were cut off half-way through completion. Funding allocation was reevaluated.

Travel Temptations wanted to develop a European cruise travel package exclusive to Temptations' customers. It was quickly discovered that the company couldn't find a cruise ship company for a partner. Therefore, the project was put on hold.

Another risk category is external risks. External risks are changes that are outside the control of the company and are therefore unpredictable. Some examples of external risks are:

• a changing legal or regulatory environment
• labor issues
• weather risks
• changing customer priorities.

Jeff, a PM at Flax Technologies, is in charge of the urban grain storage project taking place in Hong Kong. The project entails the development and maintenance of grain storage facilities in Hong Kong that will allow local customers easier access to the grain. Jeff makes careful note of the potential external risks.

Jeff realizes he must comply with Hong Kong's labor regulations. He also needs to work with Hong Kong construction bylaws and update procedures when needed.

Jeff knows that there is a monsoon season in Hong Kong that could pose great risks to construction. He organizes building dates to avoid this external risk.

There are some risks that are considered force majeure. A force majeure is an unexpected or uncontrollable external force. Earthquakes, floods, and severe civil unrest are examples of force majeure. These risks generally require disaster recovery rather than risk management.

Why categorize risks? A project may be subjected to many risks, both big and small. Understanding the different types of risks can help you stay organized. There are some risks that are more controllable than others. If you can stay ahead of the controllable risks, you will have the time and energy to deal with uncontrollable risks.

Categorizing risks can help you make sense of the vast array of risks that are part of any project. If you know the risk categories, you will be better equipped to manage your projects' risks.