Hans Læssøe, founder of AKTUS and former risk manager at The Lego Group, examines some of the common reasons that projects fail and how risk managers can change the way they operate to add value to decision making and project delivery
When you look at or analyse a portfolio of projects, this often shows that many projects fail to meet deadlines as well as other targets.
One industry I was in contact with, have just had a good and prosperous year as “only” 53 per cent of their projects were more than 10 per cent over time and budget.
I could not help wondering how much value would be created for the involved companies if that figure was eg. 20 per cent or just 5 per cent.
Working with a range of different projects over several years, I have found five common reasons projects fail.
The bad news is that these are not new, yet they prevail to this day.
The good news is, that organisations can opt to leverage their risk management teams and rectify/improve on these without having to “bend over backwards” to improve performance.
1) The desired achievement is not defined
In many projects, the target is defined based on “do something”, rather than achieve something. A classic example is: “to install IT system X by Y within a budget of Z”.
Now, this may be a perfectly good idea, but unless you are an IT systems company, this is not a target in its own right.
There is a reason you want the IT system… and that reason may be the achievement, so your target will be something like: “we wish to reduce costs of process P by Qper cent by installing system X by Y at the cost of Z”.
How to fix it:
Targets drive decisions, and hence project managers should push back and ask questions until they are certain they know and understand the “real” target – and how to measure this.
2) Risk management is risk focused
Whatever actions are taken on managing risks are focused on managing risks – without any considerations as to how that may impact the overall project or business performance.
When that happens, some risks may appear very important, and a lot of effort and resources are spent on minimising these – despite the fact, that even if they materialise, they will not have any significant impact on project/business performance.
I have seen numerous times, that project deadlines were set and rigorously adhered to, in some cases by reducing scope/value of the project – and where the business impact of a delayed implementation was miniscule.
That said, I have also witnessed projects, where delivery on time was absolutely pivotal, and even 100 per cent budget overruns was accepted to avoid 10 weeks of delay.
How to fix it:
Risks should be addressed based on their impact on meeting objectives/targets and based on intelligent risk taking.
Organisations cannot realistically avoid taking risks – do take risks, but take these intelligently, leveraging the value decision of risk management.
3) Risks are not adequately identified
This goes for risks irrespective of whether their impact on project/ business performance is negative or positive – you may say it covers uncertainties, risks and opportunities alike.
The identification tends to be based on tunnel vision, not considering the “business system” of whatever the project addresses.
Some of these may be truly irrelevant to any one project – yet, use this as a check-list and be open-minded.
How to fix it:
Ensure risks (positive as well as negative) are holistically identified by liaising with those affected by whatever the project is working with.
Leverage the insights of specialists around the company.
Some may not have anything, leading to a 10-minute touch-base, others may have something and the discussion will be longer, but it will add to the quality of project planning and management.
4) Distributions are skewed
When analysing/assessing each risk – qualitative assessments such as high/medium/low or minor/significant/catastrophic are often used. These are essentially useless as they do not help any decision making or handling.
Furthermore, most risks are traditionally quantified using a single point estimate. “If risk A materialises, it will have an impact of B” – well, yes or something less – or more likely, something more.
Single point estimates do have a ring of authenticity around them, but they are not much more valuable than a qualitative assessment.
The problem is, that if you assume a risk has an impact of 100, you inherently assume the distribution around this is bell-shaped whereby the average outcome will be 100, and also assume the likelihood of 50 is as high as that of 150.
Unfortunately, this is not true in real life, where impact distributions are skewed, and more look like this curve, where:
- The most likely value is smaller than the median (50/50 case).
- The average impact is higher than than the median
- The 10% worst case, which does happen from time to time, is much larger – often more than twice the most likely value
If you are in charge of managing a project, and just one risk materialises with an impact more than twice what you expected – you are suddenly unlikely to meet your target.
How to fix it:
Systematically analyse risks using data and facts to avoid the optimism and other biases people exercise, when assessing risks.
If you cannot – challenge the quantitative assessments you get from subject matter experts.
Then – insist that all assessments are based on three-point estimates enabling long tails when needed.
5) Performance exposure is not calculated
Traditional, and alas still common, risk management is showing/reporting their outcomes in terms of risk matrices or heatmaps which “count” the number of red/amber/green risks.
These are useless on a good day, and have been demonstrated to be dangerous on a bad day.
Even the best derived risk matric/heatmap will not tell you or management anything about whether or not you will meet your targets – which is probably the reason so few managers are truly interested in risk management. It does not help them in their decision making and management.
Risk management is NOT about managing risks, but ALL about enhancing performance and thereby meeting (or exceeding) targets.
This means, that we do need to take risks, but also, that this must be done intelligently. Please note, that this means we take mitigating actions as deliberate means to enhance expected project/business performance, not as a means to manage risks.
How to fix it:
Model your project using Monte Carlo simulation. Apply ranges to project assumptions and add risks (negative as well as positive) to the modelling.
Simulate e.g. 10.000 times and address the outcome. You will be able to show:
- What is the likelihood targets will be met?
- What is 10 per cent worst case / the average / 10 per cent best case outcome?
- Which are the key drivers of uncertainty to these results?
This insight will help management manage. They can address whether or not they are “happy” with the calculated likelihood of meeting targets.
In fact, this is their application of the concept of risk tolerance, but you do not have to tell them that. They are also helped to address key uncertainties, and ask for/drive further actions to enhance expected performance to an acceptable level.
Focus your risk management efforts on intelligent risk taking and help project managers to develop and work with plans which are adequately likely to deliver on realistic targets.
Be proactive and collaborative… liaise with those involved in projects, offer your insights and support – and add true value to your organisation.