The Risks of Risk Management
Computer Aid featured a thought provoking article on the risks of risk management. The article noted, for example, that people that are wearing seat belts take more risks (drive more risky) because they feel safer in their seat belt. And while they are actually safer the pedestrian, cyclist, and other drivers may be in more danger.  And
The article referred to the work of Sam . Pelzman sowed that showed:
” What Peltzman identified is that behavior can change substantially in response to risk management policies. For example in the case of seat belts, people tend to drive faster and have more collisions when they use seat belts because of the sense of security it gives them. This is not to say that seat belts are ineffective, it seems that traffic safety overall (especially in terms of road deaths) has improved as a result of them, but not as much as you would have expected, because of this behavioral offset.”
Now how can this impact IT projects you might ask…. Well, if we have risk management policies in place organizations might
Then once people have identified risks and have put a risk management plan in place they may be more inclined to take more risk. Yikes.
“So the question for the project manager is are your risk management policies changing behavior?… Are people less cautious knowing there is a more robust monitoring process in place for their projects? Are team members less focused on escalating problems knowing that someone else is watching out for them?”
Risk of Unknown Unknowns
Even more important is that risk management doesn’t usually capture unknown unknowns.. That is risks we haven’t thought of. I have heard many people identify those risks that wernt thought of as being the things that caused project failures more than those that were thought of.
10 Step Process and Risk
The 10 step process in my book includes step 6Â quantify risks and risk-analysis on dealing with risks and is worth reviewing.
Risk Process Failure
And as Douglas Hubbard points out: “The ultimate common mode failure would be a failure of risk management itself. A weak risk management approach is effectively the biggest risk in the organization” Â Hubbard, Douglas W. (2009-04-06). The Failure of Risk Management: Why It’s Broken and How to Fix It (Kindle Locations 236-237). John Wiley and Sons.
The point is if the initial risk analysis is not meaningful then the risk management methods are likely wrong and addressing the wrong problems.
“If risk assessment is a failure, then the best case is that the risk management effort is simply a waste of time and money because decisions are ultimately unimproved. In the worst case, the erroneous conclusions lead the organization down a more dangerous path that it would probably not have otherwise taken.”
Thank you for reading “Dan on Estimating”, if you would like more information about Galorath’s estimation models, please visit our contact page, call us at +1 310 414-3222 or click a button below to ask sales questions, sign up for our free library or schedule a demo.
This post was written by
Dan Galorath is the President and CEO of Galorath Incorporated and the chief architect of SEER-SEM, an algorithmic project management software application. He is a recognized expert in the fields of software estimation and sizing and the author of Software Sizing, Estimation, and Risk Management.
Comments
Project Prediction Infographic
When discussing risk it is valuable to consider the NIST Risk Management Guide for IT SYSTEMS. http://csrc.nist.gov/publications/nistpubs/800-30/sp800-30.pdf