December 2010

The terms used to describe the various aspects of risk management are bewildering, even to an experienced project manager. At least I find them bewildering. I'm going to examine some of the terms used to describe risks and the way they are managed and hopefully shed some light on what they refer to and what they mean. I hope to clear some common misconceptions up at the same time.

The first misconception I'd like to address is the meaning of the word "risk". We tend to view that word, especially in the project world, as having a negative connotation. Frequently it does imply a negative consequence, but not always. Actually a risk can have a positive outcome such as when we risk money on a lottery ticket and our ticket wins. Risks that have a positive outcome are called opportunities and risks that have a negative outcome, such as when we refer to the risk of a car accident, are called threats. We take action to encourage our opportunities, such as buying lots of lottery tickets, and we discourage our threats, such as when we get inoculated against the threat of a flu virus. Both opportunities and threats are forms of risk, the key difference is our approach to managing them.

There is a great deal of confusion around the terms used for our difference approaches to managing risks. We commonly refer to our management of risk as "mitigation". The dictionary definition of this verb is "to make less severe: to mitigate a punishment", or "to lessen in force or intensity, as wrath, grief, harshness, or pain; moderate". While it is true that we mitigate some of the risks to our projects, mitigation is just one strategy used to address potential risk. Sometimes we choose to avoid a risk altogether, such as when we respond to the risk of encountering a traffic jam on an expressway by choosing an alternate route (we may still risk encountering a traffic jam, just not the traffic jam on that expressway).

Transference is another term used to describe our response to risk. The classic example is when we buy insurance on our car to deal with the risk of an accident. We aren't necessarily reducing the chance of an accident, or even reducing the impact of the accident, we are simply reducing the impact on us should the risk event (the accident) happen by sharing the financial burden with the insurance company. There are other types of transference. Outsourcing work to an organization with more skill and experience in performing the work than we have is another example. In that case, our intent is to reduce the likelihood of the event happening by having someone more skilled and experienced do the work. We may also be reducing the impact on ourselves, depending on the type of contract we choose.

Mitigation is the strategy we use when we can't avoid the risk altogether and we can't transfer the risk, or don't want to. Mitigating the risk requires us to take some action that will reduce the severity of the impact of the risk event if it should happen. Another way of looking at our traffic jam scenario is the relative likelihood of a traffic jam occurring on the expressway as opposed to the alternate route. If the alternate route has never experienced a traffic jam we could view that response as avoidance. If traffic jams happen on the alternate route less frequently, we've simply reduced the likelihood of being caught in one, or we've mitigated our risk. This is where common usage departs from the dictionary. We commonly refer to any strategy that either reduces the impact of the risk event, or the likelihood of it happening.

Contingency plans are a specific type of mitigation. The contingency plan differs from a other mitigation strategies in that no action is taken until the risk event happens, unlike other strategies that require the action to be taken before the risk event can happen. Taking the alternate route is only effective if we plan our trip that way. It isn't much use when we find ourselves in a traffic jam on the expressway. A contingency plan to deal with our expressway traffic jam might be bring along a flask of hot coffee or cold drinks to refresh ourselves while we wait for the traffic jam to clear. A term that should always be associated with a contingency is trigger. Trigger refers to the circumstances, or set of circumstances that will cause us to deploy our contingency plan. Pouring ourselves a cup of hot coffee from our flask while we're cruising down the expressway at 60 mph is not a good idea, it is likely to cause a crash and involve us in a traffic jam, the very event we seek to avoid! We shouldn't indulge in the hot coffee until our car is stopped and we can see from the traffic ahead that it isn't likely to start moving again anytime soon. This set of circumstances is referred to as the trigger.

Another common response to a risk is to simply accept it. We usually do this when the probability of a threat happening or its impact if it does happen make it impractical to spend any money or effort on a response. I've planned to walk to the bus stop to catch a bus and the weather forecast calls for a 50% chance of showers. It's summer, I'm wearing jeans and a tee shirt - do I want to buy an umbrella to avoid getting a wetting? Probably not, I'll probably be hot by the time I get to the bus stop and a rain shower may be refreshing! In this case I'm simply accepting the risk. Another term sometimes used to describe this response is "assume", as in I assume the risk. Assume means to take on or to appropriate. I'm doing neither when I walk to the bus stop without the umbrella. The risk is already there, I don't have to appropriate it. When I hire an insurance company to protect me against a collision, they assume the risk, or at least the financial impact of the risk. When I choose not to respond to a risk, I'm accepting it.

"For every action there is an equal and opposite reaction". The actions we use to respond to opportunities are just about the direct opposite of those used to respond to threats. Instead of avoiding the opportunity, we exploit it. Exploit is not the grammatical opposite of avoid, strictly speaking. Seek or confront are probably closer to opposite. Exploit is used in reference to risk management because it more accurately describes the action we take. Whenever a poker player sits down to play the game for money there is an opportunity to make money. A cheat, or card "mechanic" will exploit this opportunity by fixing the cards so they can't lose. Potential victims of the cheat can avoid falling prey to their exploitation by avoiding playing in a game with the cheat. If there is a chance that a telecommunications company can capture a large market share by being the first to market with some new technology, they will exploit that opportunity by shortening the time to market.

Rather than transfer a risk to someone else, we share an opportunity. Usually we share the opportunity with someone, or some organization, whose strengths are uniquely compatible with our own and our partnership will improve the chances of realizing the opportunity. This is corporations enter into joint ventures. Each corporation can contribute something to the venture that their partner cannot. Singly they cannot deliver what the project calls for but collectively they can. The opportunity in this case is may be a contract they bid on together, or the capture of a market share for a product they jointly produce.

Instead of mitigating a threat we enhance an opportunity. Enhancement takes a very similar approach to mitigation. We may do something that will increase the impact of the opportunity if it occurs. For example, we will prepare an ad campaign that boasts of our being first to market with our new technology. This does nothing to improve our chances of getting to market first, but will increase our market share even more if we do get there first. Alternatively, we may choose to improve our chances of getting to market first by shortening our development time, or we may do both.

The term accept has the same meaning for both threats and opportunities. In both cases acceptance of the risk means that we do nothing to avoid it, exploit it, transfer it, share it, mitigate it, or enhance it. If it happens, great, if it doesn't, that's OK too. We may be able to enhance our chances of winning the lottery by buying many tickets (although not much), but most of us are willing to accept the opportunity presented with a single ticket.

I hope this clears up any misconceptions you held about risks, threats, and opportunities. Just remember two things: risks include both opportunities and threats, and mitigation is only one response to dealing with threats.

The Toronto Star reported today (Dec. 10/2010) that Integrity Commissioner Christiane Quimet has resigned her role with 4 years left on her term. Ouimet was nominated for the job by Prime Minister Steven Harper. Her job was to protect people reporting on misconduct in the federal government ("whistleblowers") from reprisals. Ouimet actually resigned in October but the reasons for the resignation were revealed yesterday by the Auditor General, Sheila Fraser. Fraser performed an evaluation on Ouimet and concluded that she failed to do her job (protecting public servants from reprisals) and that she was abusive to her staff.

Ouimet left in the midst of Fraser's investigation; Fraser was responding to 3 complaints about Ouimet's conduct. Fraser's investigation continued despite Ouimet's absence and she reported on her findings yesterday. Among the transgressions Fraser reported:

• 170 complaints from potential whistleblowers without a single complaint being followed up before closing the file.
• files on the 170 complaints were closed without any review or serious inquiry.
• a staff turnover rate of over 50% during her 3 years on the job.
• complaints that Ouimet "yelled, swore and also berated, marginalized and intimidated certain ...employees, and that she engaged in reprisal actions."
• carrying on a vendetta against employees who left the commission.
• disclosing personal information about an employee to a previous employer, senior government officials and a private sector security consultant. The employee had left the commission 6 months previous to this and Ouimet believed he had filed a complaint about her.
• preparing and circulating information about the same employee within the commission. Information included 4 binders comprising 96 documents and more than 375 pages.
• circulating 50 e-mails with information about the same employee.
• a turnover rate of 41% (18 employees) during one 12 month period.

Ouimet defended her actions to investigators working for Fraser by characterizing the employees who complained about her as incompetent or ineffective, but could not be contacted for comment by the Toronto Star reporter. The results speak for themselves. Unless Ouimet was acting on a secret mandate to get rid of the commission, her record of staff turnover would indicate that her leadership skills need improvement. I won't pass comment on her effectiveness because I don't know if there was pressure exerted on her to bury complaints from whistleblowers.

Christiane's may be an extreme case but it should serve as an object lesson to the rest of us of what can go wrong when we give free reign to our emotions when dealing with our employees. Let's look at her dealings with her employees, while they were still her employees, first. Yelling, swearing, berating, marginalizing, and intimidating employees are all behaviours that are guaranteed to result in increased staff turnover. A certain amount of staff turnover is to be expected. In some circumstances you may even want to encourage it. Let's take, for example the employee who through hard work on the job and increasing his or her skill set becomes attractive to other employers. You don't have the opportunity to place this employee in the position they have prepared themselves for so losing them to another employee who can offer what you can't is inevitable. Your only option is to make certain that employee feels appreciated by you and your organization and would return given the right opportunity. Coaches of minor professional sports teams do this all the time, in fact they take pride in having one of their players promoted to the "show". There are other circumstances when employees should leave: retirement, downsizing, etc. You may also want to replace the employee in which case having them leave will simplify your job.

Managers should seek to retain employees in all other circumstances. The reason is simple: your organization invested money in the employees entrusted to your care. Someone (possibly yourself) invested time and effort to ensure the right person was hired for the job. Money was spent in training, coaching, and mentoring the employee. Your organization doesn't want to see this investment squandered by having these valuable assets walk out the door. This is especially so in organizations who have invested money in employee retention programs.

Remember that you are dealing with employees, not machines, computers, or friends. They have a job to do and your job is to make certain that they are as effective at that job as it is possible to make them. Your behaviour should mirror this. Remember also that what you perceive as constructive criticism may be perceived as berating, or even intimidation by your employee. If your employee complains to you to you, or someone else, that they feel berated or intimidated, correct that feeling. Once you get past their feelings you can begin communicating with them about how to improve their performance. You won't achieve any performance improvements until they are past those feelings. This is not to say that poor performance or bad behaviour must be tolerated. It is not to say that a certain amount of intimidation is not appropriate in some cases. For example, when you have caught the employee intimidating another employee it is appropriate to describe the negative consequences of continuing the behaviour and the description might well leave that person feeling intimidated. Where intimidation is inappropriate is where you are trying to get the person to perform a task differently, or prioritize their work differently, or achieve some other form of improvement.

Managers are only human and we can feel frustrated at times. Nothing can be more frustrating than being disappointed by an employee's performance or behaviour. The trick is to not let that frustration stand in the way of improving the performance or behaviour. There is an old trick to use when dealing with frustration: "count to 10 then....." Even better, don't deal with the employee until your frustration has abated, then think about what it is you need to say to them. Envision the result. Your approach should focus on the goals and objectives you want the employee to achieve, taking for granted that the employee is desirous of improving their effectiveness. Speak in a normal tone of voice and choose language that you would feel comfortable with if the shoe were on the other foot. Check for understanding when you have finished communicating. Don't say "Do you understand?" or "Do you hear me?", try "Let's talk a little more about the actions/remedies/solutions I've just mentioned, how would you implement them?" instead. Your purpose here is to ensure understanding.

Your Human Resources department may already have implemented 360 performance reviews in which case your employees will have a chance to evaluate your performance. Your HR group may also provide you with guidance on how to use this input to improve your own performance. If not, or if there is no 360 performance review in place, implement your own version. The key to this process is to make the reviews anonymous so as to get the most objective feedback possible. Allow anyone who wishes to, to identify themselves. This will help you come to grips with the specifics of any complaints or suggestions for improvement. You may want to review the results of the feedback in aggregate with your team to ensure that any actions you define as a result will be effective in improving your performance. There are concerns about 360 performance reviews, one of the foremost being that the review comes at the end of a cycle rather than during it. To rectify this shortcoming, encourage feedback at all times. Establish a culture that encourages honesty and openness so that you will be the first to know if there are any problems that you can correct. Foster this culture by responding to any criticism in a thoughtful manner. This doesn't mean you must act on every criticism, but provide your reasons when action would be inappropriate. You should also inform your team when a criticism or suggestion results in a change.

It is very likely that you will be aware of problems on your team long before those problems result in a high staff turnover rate. In case you aren't and you are alerted to an unacceptably high rate by your HR organization or your boss, here are some tips on reducing turnover:

1. Realize that your influence over pay is limited. Fortunately, so is the positive effect of a pay increase. Employees need opportunities to grow in order to remain happy. Each member of your team should have a career path established which encourages growth in the direction they have chosen.
2. Define each employee's path specifically. This means identifying their next job and a reasonable schedule for promotion/change. Also define the milestones and objectives that will see them to that next job.
3. Make certain that each of your employees feels that they are a valued member of the team.
4. Provide training opportunities for your employees. You may not always be able to approve the expense of an external course (see item 1), but there are other ways of providing the training such as coaching and mentoring. You may even be able to provide some coaching. Receiving training will increase the employee's feeling of security which will improve their morale.

The employees of a company are some of its most valuable assets. Treat them accordingly or you may find yourself keeping company with Christiane.