Tips for Managing Risks in Program Management

If you're in the business of leading projects, then at least 10% of your time should be spent on identifying and planning around risks. At least, this is what I was taught in my first PMI project management course years ago. And while reasonable people can disagree on the specific amount of time needed, the point is solid - one of the major roles anyone in production or program management type roles is assigned to take on is risk assessment and mitigation. Unfortunately, for a lot of producers in the game industry, this isn't something they were formally trained on, particularly if you came into the role from another discipline in games (such as QA or Design) or if your only formal training came from a two day Scrum course. I saw the subject come up in the Building Better Games Q&A call and I was actually excited when Aaron Smith brought up the same techniques I was trained on years ago and have adopted (and adapted) ever since. It's the way I teach my own teams and while it requires dilligence and consistency, it's not hard to pick up (it's easier than the rules for the board game "Risk"). 1 - Identify risks On a regular basis, you should be asking your team what are the risks they see. Every time a decision needs to be made, a story is written, or a feature is spec'd, you should think about what could go wrong. Those are your risks. 2 - Document Keep the risks written down in a doc everyone has access to (Gdocs, Confluence, etc). The way I prefer (and what I saw Aaron advocating) is a spreadsheet. Each risk gets a line item and a category (if the risk happens, what would be impacted - costs? security? people? players?). 3 - Impact You should also track the potential impact - how bad is this risk if it happens? Is it a trivial risk or a catastrophic one? Would it involve some work to reboot a service or would it potentially take down your entire data center? Assign these risks a score. I prefer 1 to 5, Trivial to Catastrophic. 4 - Probability You should score out how likely each risk is to occur. Is it highly unlikely or nearly certain? Score these out also on the same scale, typically 1 to 5. 5 - Prioritize Multiply the Impact and Probability to come up with your score, somewhere between 1 (something trivial that is highly unlikely) to 25 (a nearly certain, catastrophic event) and then sort or at least color range your spreadsheet accordingly to show your risks in a way that prioritizes your attention. 6 - Action Plans The last column I make sure to include is what type of plan is in place to address the risk. Something with a minor impact may be something we just accept where something more serious may require a full mitigation plan. The value here is that you've documented these risks and can communicate them out (as well as what needs doing). You're addressing risks before they become real problems in this way. #production #risks #gamedev #bettergames

The Risk Management Process Step one of the risk management processes is to have each person involved in the planning process individually list at least ten potential risk items. Often with this step, team members will assume that certain project risks are already known, and therefore do not need to be listed. For example, scope creep is a typical problem on most projects. Yet it still must be listed because even with the best practice management processes in place, it could still occur and cause problems on a project over time. Therefore it should be addressed rather than ignored. Step two of the risk management process is to collect the lists of project risks and compile them into a single list with the duplicates removed. Step three of the risk management process is to assess the probability (or likelihood), the impact (or consequence) and the detect ability of each item on the master list. This can be done by assigning each item on the list a numerical rating such as on a scale from 1 to 4 or a subjective term such as high, medium, or low. Detect ability is optional, but it can be simple to assess - if a risk is harder to see, such as with scope creep, then it's a riskier item. If it's easier to catch early, such as loss of management support or loss of a key resource, then it's lower risk. Step four of the risk management process is to break the planning team into subgroups and to give a portion of the master list to each subgroup. Each subgroup can then identify the triggers (warning signs) for its assigned list of project risks. All triggers should be noted, even minor ones. Normally there will be at least three triggers for each risk. Step five of the risk management process is for those same subgroups to identify possible preventive actions for the threats and enhancement actions for the opportunities. Step six of the risk management process is for the subgroups to then create a contingency plan for most but not all project risks - a plan that includes the actions one would take if a trigger or a risk were to occur. This plan will be created for those risks scoring above a certain cut-off point, which is determined after looking at the total scores for all risks. This keeps the risk management process manageable. The risk management process is not effective if it is so time-consuming that it is never done. Step seven, the final step in planning the risk management process, is to determine the owner of each risk on the list. The owner is the person who is responsible for watching out for triggers and then for responding appropriately if the triggers do in fact occur by implementing the pre-approved and now established contingency plan. Often, the owner of the risk is the project manager, but it is always in the best interest of the project for all team members to watch for triggers while working on the project.

Some risks are worth taking, but many are not.   Without proper risk management, unnecessary risks can derail your project's success.   I've learned this the hard way over my years leading complex projects. Here are a few tips from my experience:   Identify all potential risks upfront through brainstorming, risk interviews with stakeholders, and risk analysis techniques.   Don't let risks sneak up on you.   Evaluate each risk for probability and impact.   Prioritize the biggest threats to your project objectives.   Mitigate high-priority risks by avoiding them, controlling them, transferring them, or accepting them with a contingency plan.   Don't ignore them and hope for the best.   Implement your risk response plans. Continuously monitor risks and watch for new ones.   Adjust responses accordingly. Manage risks proactively.   Proper risk management takes time and effort but pays off tremendously in avoiding surprises.   It enables you to deliver projects successfully in a structured way.   Don't gamble with your project's outcome.   Let me know if you need any risk management advice!