Sensitive risks – real, deadly and often not dealt with

Sensitive risks don’t get a lot of press – perhaps because (by definition) they are not easy to talk about or to manage.  Sensitive causes of risk abound – for example, when a colleague is distracted by important personal issues it is less likely that they will be effective in their work and if true, this creates risks to success.  Despite the risks created, this is likely to be ignored completely or to be handled on the quiet.  Even if it is handled well, it will almost never be entered into any form of risk report or risk register.  This is yet another reason why any risk management framework that relies heavily on risk registers is flawed.

Some might say that this kind of problem is a “management issue” rather than a source of risk, since the risk event has already happened.  Not so.  If we limit risk management to “events that might happen” we deal with only some of our sources of risk.    In any case, separating risks and issues into two different categories is “reductionist”.  It compartmentalises them for no good reason except to make them seem easier to manage.   The reality is that this leads to poorly integrated responses that are sub-optimal and that can often be shown to have perverse unintended consequences.

Risk consequences can be sensitive too.  For example, a risk of project delays can be sensitive if delays are politically unacceptable or unpalatable.  Leaving aside questions of integrity and transparency, people often avoid documenting or reporting risks if the possible consequences have flow-on implications that are hard to write down.

Internally generated risks (IGR) were mentioned in a previous post.  IGR are often sensitive, if only because they arise from within and may imply criticism of our managers, colleagues, staff or stakeholders.

Any organisation that wishes to deal well with uncertainty, whether threats or opportunities, needs to be good at finding and managing risks that are sensitive.    This is difficult precisely because of the nature of the risks.  Fortunately, there are ways of building the internal people and process capabilities necessary.  Unfortunately, those capabilities are closely linked with leadership and culture and are not easily shifted.

Show me an adaptive, flexible project or organisation that manages risks well in uncertain times and I will show you a strong, capable leader who tackles sensitive, difficult issues that others avoid.