Risk exists in all things. It is how we manage that risk that decides if we succeed or not. Just because we can, does not mean we should. We can drive down the freeway at 100 mph without a seat belt - but I think we agree it would be risky, and the outcome might well be disastrous.
Risk management is the identification, assessment, and prioritization of risks followed by coordinated and economical application of resources to minimize, monitor, and control the probability and/or impact of unfortunate events or to maximize the realization of opportunities (Wikipedia).
How does risk management apply to services? Many do a 'pray and hope process' regarding possible risks. Some do a 'how did we do it last time' methodology. Some negotiate a fee and then work to fit the service within that fee. All of these options do little to mitigate risk. In fact, I believe they increase risk, by inducing a false sense of security or safety.
To mitigate risk, information/communication is the best approach. Both receiving and delivering information is critical. Two key parts (though not the complete answer) to risk mitigation are:
- Setting Expectations
This is an easy process to by-pass. We have already had discussions with the customer, we don't want to seem un-knowledgeable, etc. However, scoping is a very important part of risk mitigation and management.
Scoping, or project scope statement, is the process of defining the who, what, where, how of the project. In Project Management Professional (PMP) terms this process is the developing of a Baseline Scope.
Here are my best practices in developing Scope:
- Always complete the scope in a document that is reviewed by the client.
- For best results, have the scoping conversation directly with the customer (face to face is better than phone). Never do it via email. Have the discussion with the decision maker, if other people are in the meeting (stakeholders, team members, etc.) that is good too, but sometimes hard to achieve. Contract Manager, etc. are not good candidates - you need parties with domain expertise to provide input.
- Have an agenda - what items do you need to have input and confirmation upon. It is your meeting - own it.
- Items on the agenda will vary, but some main items might include:
- What definable outcomes will make the project a success?
- What items will not be covered in this process - what will be provided by others.
- What are time, people, material constraints that are known?
- Ask precise, information gathering questions - reconfirm all you knew and now know.
- Get the draft document reviewed and approved by all prior to proceeding.
- This should all be done PRIOR to establishing the fee or budget.
This part of the process is rarely done enough. Why bother to set expectations? Won't the customer get upset if we set an expectation? Risk mitigation is all about reducing risk, therefore, isn't there a reasonable risk the customer is expecting something different than you are proposing.
What is included in 'setting expectations'? It is a discussion that outlines what makes a successful project for the customer.
- What do they want to understand better
- What process will need to be implemented
- What workflow needs to be improved
- What are the possible blockages to success (corporate culture, etc.)
By discussing, and documenting, and getting agreement on what the customer expects in a definable way, many headaches that occur at the end of the service delivery are avoided.
There are many aspects to Risk Mitigation, however, Scoping and Setting Expectations is a good starting point, and where many service providers stumble.
David Haynes, PMP, is Director of Consulting at Ideate, Inc. (www.ideateinc.com). David's experience is in providing companies with business process analysis and change implementation. @dhaynestech.