Monday, November 25, 2013

What Percentage of Total Project Cost should be Spent on Managing Project Risk

The risk management cost allocation needs to be in proportion to the risk inherent in the works. 

Due to the rapidly change business environment with emerging VUCA (Volatile, Uncertainty, Complexity and Ambiguity) factors, Risk is one of the core areas and Risk Management is getting more visibility nowadays, even to an extent that projects are driven on the risk basis. So is there a percentage amount that is considered optimum for a project risk management, what percentage of total project cost should be spent on managing project risks?

Risk calculation is part of the cost estimate-ROI equation, or put another way, the cost-benefit analysis. There is no hard and fast rule. One should consider costs of various aspects before guesstimating potential risk management cost (vendor, resource turnover, backup plans, etc.), but then at some point, the value of the project itself should define the boundary condition. That is why it is so important to not only clearly know the drivers and return on the project investment, but also as early as possible.

Project driver and return on investment should play the major role in risk management. Usually, the risk budget is not set aside but agreed to by project sponsors to be made available if needed and for that they have options of delaying/canceling/ reducing other initiatives. Given that it is often difficult to calculate the value of the project precisely, it quickly becomes a debate on how much should be allocated for project risk buffer and whether just in terms of money, time or resource as well.

The risk management cost allocation needs to be in proportion to the risk inherent in the works. In construction risk is often represented by the contingency sum, but this is rarely used in IT. Instead, the estimate tends to include higher margins of error as the complexity grows. A bespoke design, for example, would tend to have more risk than a simpler off the shelf implementation. There is no standard, but common sense dictates it should be less than 50%! And generally, 5 - 15/20% is an acceptable range in most cases unless there is severe recognition of known unknowns or unknown unknowns. Setting aside an arbitrary budget for project risk can be counter-productive as it can set false expectations.

Risk management requires good support structures such as governance and escalation channels. If not already set up then they become an additional cost that needs to be considered. The risk analyst/coordinator for the project will also have the chance to identify operational risks associated with the project and stakeholders and will enforce its registration and mitigation through the Risk management process within the organization which will be a value add.

Follow up with a series of risk identification/management planning sessions, to identify all risk, develop mitigation plans and to associate risk funding. And the risk allocation is also related to project status -already in progress or one that is yet to start, deciding when to close the project due to risk cost incurred, or, just allocating risk budget for an upcoming project. For large size project in the enterprise, just as you have workforce /human resources (in IT projects) from all related areas to accomplish a project, a dedicated person from Risk division/department/area should also be part of the team and of course budgeted. Further, the project is based on a 'freedom of choice' - this is not always the case. Constraints such as compliance and fixed completion dates can alter the cost-benefit equation from a measure of positive benefits realization to a negative outcome reduction.

So there’s no magic formula or one size fit all golden ratio in allocating project risk budget, but an organization with risk intelligence should follow key risk management principles or ‘borrow certain industry best practices’ in order to manage risk accordingly and improve project management maturity. 


Post a Comment