Risk management has killed project delivery

How many different points of risk management does it take before a project is properly risk managed?

I recently wanted to acquire expert services for a project. I have completed similar projects before and these projects take about 3 months from the time you get requirements, and with full cooperation of the necessary teams. These I had already established.

Despite the fact that I am a veteran, certified Project Management Professional (in two disciplines) I was forced to undergo the rigid "risk management" processes of the procurement department under the guise that it was "required."

Six weeks later, (now 5 and half months after my project start), the evaluation team selected a vendor through the rigourous process and I was prepared to make an agreement. Since this vendor had little experience with the organisation, I mitigated the risk by awarding the work in two sections: three weeks, and then the remainder to be re-quoted at the end of the first period.

This vendor has a head agreement, so a contract with terms and conditions is already in place. With a firm agreement on what was to be delivered in the first three weeks, I sent the work order back to the vendor, expecting a one day turnaround.

The risk management team from the vendor clearly re-vamped the entire work order, adding resources that I did not want, and deleting resources that I required.

They mistakenly thought that volume was a replacement for quality.

In the end, I stopped negotiations with the vendor (by this time, half of the three weeks had passed) and signed up another vendor who could provide me with the quality resource I needed right away.

Sadly, had I been able to trust my own risk managment experience, I would have been able to engage the second vendor two and a half months ago, and the project would be well underway.

These days, risk management is in every aspect of a project. Or rather risk avoidance, which is only one of the risk strategies.

Should we do the project? If so, what things could go wrong if we undertake it? What if an earthquake hits the east coast of Australia?

News flash: If an earthquake hits Sydney, there's a much bigger problem than whether or not a $300K website is up!

Ok you want a vendor? Well you have to manage the risk that the vendor won't deliver. And guess what? The vendor is trying to manage the fact that you, the project manager, don't know what you are doing and will not give the vendor what they need in order to deliver.

The blame game starts before there is even an agreement to do work.

Wasn't the purpose of getting certified to prove that I was capable of making these types of decisions? How can I be a true professional when I am constantly being second-guessed by over-cautious lawyers?

Ok, I agree it may be necessary sometimes. Ten million dollar projects are often executed and fail to deliver their required results. But maybe it's not anyone's fault. Maybe it's just that the market or the business or the rules changed in the 5 years it took to execute the project. You can mitigate every risk and still not win.

I know one thing, with a 3 month delay on a 3 month project, this is how I lose credibility for delivering.

I guess that is a risk I should have mitigated instead of accepted.

Question: How do you mitigate the risk of being risk over-managed?

Welcome to Project Mom!

Greetings,

As a full-fledged, dyed in the wool, dual-certified (Prince2 and PMP) Project Manager, I welcome you to my world.

With over 15 years as Project Manager, and over 20 in Information Technology, there is not a single case study that's been presented that I have not seen.

History repeats itself. Continuously. With certainty.

The role has changed from being able to deliver scope on time and on budget, to one that concentrates on setting expectations, coddling stakeholders and reducing the impact of impending failure.

Enjoy my musings. And take away what you will.

Follow me on Twitter @projectmom