Going beyond the traditional risk management practices

Uncertainty is an inevitable aspect of most projects, but even the most proficient managers have difficulty handling it. They use decision milestones to anticipate outcomes, risk management to prevent disasters and sequential iteration to make sure everyone is making the desired product.

Read article below and found out the experts insights from Vincenzo Ursino and Ulrike Grimm :


What tools does your company use to detect a potential risk occurrence and what are the most effective methods\practices to handle them?

We perform the risk detection and assessment in different runs, depending on the phase of the project life

- First run: primary risks related to the project overall and referred to the business case. Method: brainstorming. Tool: our PPM software which contains a specific section for risk management

- Second run: risks arising from preliminary planning phase. Method: brainstorming and registration on risk register. Tool: Kan-ban board with post-it notes, risk matrix chart, risk register

- Third run: risk arising after final detailed planning phase. Method: brainstorming and registration on our PPM software. Tool: our PPM software

- During project execution: risks arising from any work package. Method: internal communication and evaluation through two consecutive assessment (first WP Manager with PM; second PM with Project Team). Registration on PPM software and periodical monitoring of risk trends. Tool: PPM software.

- Last run: risk arising after project completion and possibly affecting the product/service afterwards. Method: brainstorming during project closure session. Tool: PPM Software.

In general and also according to my experience, the very first and most effective method to handle project risks is – to simply mark the risk assessment activity as mandatory and specify a precise recurrent procedure, in order to avoid any shrinking of responsibility. Perhaps, it sounds too simple, rhetorical and banal, but it is not.

  • Vincenzo Ursino
  • Director of Project Management
  • Cerbios, Switzerland

“The detection of risks does not require a sophisticated tool. A simple Excel sheet will do the job. Usually you discuss the potential risks with your team and add certain attributes like the (1) owner, (2) probability, (3) impact, (4) detectability, (5) consequences, (6) action to prevent / counter measure / plan B. Probability, impact and detectability will determine the priority of the risks.

For high-priority risks the team may want to work on counter measures or a plan B. Other risks will just be accepted.

It is a good governance practice to present the most important risks to the steering committee so that the company is aware of these risks on the one hand, and can jointly agree on the investments to deal with the risks on the other hand.

The challenge in risk management is often the company culture. People do not like to think of risks, which are perceived negatively – they rather like to think of success. However, it is a good investment of the team’s time to prepare for contingencies and to share the most important ones with senior management. The project leaders can contribute a lot to make this process as lean as possible and to prioritise the risks - so that risk management becomes a value-generating activity - which will be highly appreciated by the steering committee and senior management.”

  • Ulrike Grimm
  • Head Global Project and R&D Alliance Management
  • Vifor Pharma, Switzerland