Buffering against risk – critical chain and risk management

Francis S. Patrick, Focused Performance

Critical Chain project management has received considerable attention since the publication of Eliyahu M. Goldratt’s Critical Chain in 1997. Most of this attention has been focused on the areas of schedule development. But the details of the scheduling methodology—the protected critical chain versus a volatile critical path, just-in-time starts replacing as-soon-as-possible starts, the eschewing of task due dates and use of buffers of time to protect the project’s promise and monitor its progress—are only means to an end. That end is speed and reliability of project performance unencumbered by conflicting pressures and behaviors. And reliability of project promises is as much a result of effective risk management as it is of effective planning and scheduling.

The major beneficial effects of the Critical Chain approach come from the linking of scope and time management to risk management. The intimate interactions of these processes in Critical Chain make them difficult to pigeonhole in the current taxonomy of the body of knowledge, and therefore, they can easily be overlooked. The conduits for these interactions are found primarily in the development and use of schedule buffers and in the process of Buffer Management.

Project Management is the process of turning uncertain events and efforts into certain outcomes and promises. During the Critical Chain planning and scheduling processes of network building and buffer development, awareness of risk plays a major role. Recognition of uncertainty and its associated risk is at the core of the initial stages of developing Critical Chain schedules.

Network Building—Risk Identification, Avoidance, and Mitigation

The emphasis on dependencies in the usual Critical Chain approach to developing a WBS and project network helps to avoid risks of missing interactions of different parts of the project. Clarity and completeness of prerequisites for tasks defined as dependencies helps to assure that the risk of missing necessary inputs is minimized. Definition of the deliverables of tasks from the view of the receiver and user goes a long way to make sure that the availability of those inputs is assured.

As the process enters the border between planning and scheduling; i.e., when duration estimates for tasks are solicited, various sources of risk associated with project tasks are stated directly in terms of their impact on schedule. Critical Chain-based project management is a schedule-centric approach. This is actually a benefit, as most risk categories can be considered to have impact on the schedule, either in planning or in execution. Technology, quality, and performance risks are understood in terms of the source but their impact is on the uncertainty that they force on schedule and cost. Organizational or programmatic risk is also considered in terms of source. The impact of shifting priorities or interruptions driven by organizational policies or practices is understood most clearly in terms first of schedule and then of cost promises. This is recognized in traditional project management by the common use of contingency allowances for both of these parameters.

In putting together a Critical Chain schedule, risk identification and assessment is inherent in the use of a two-point estimate. The first provides a “safe” commitment-level estimate to reasonably cover for identifiable risks and run-ins with Murphy’s Law. The second “aggressive but achievable” estimate is a “possible” target duration, but one rife with too much risk to allow comfortable commitment. Tasks with wide differences in these estimates reflect considerable potential variability in execution, related to the effects of foreseeable sources of risk. Assessing a risk associated with a potential task will influence the longer of the two estimates. Highly confident tasks would have a smaller difference between these estimates while more common “risky” tasks could easily reflect a “commitment” estimate that is two, three, or four times the duration of the shorter “possible” estimate.

This duration estimate process of Critical Chain network building also provides the opportunity to dig deeper into the assumed dependencies and either further refine or complete these critical relationships. It provides guidance for asking what additional inputs (and associated tasks) might be needed to help bring the two estimates closer or to assure the aggressive estimate. This provides the first piece of planning for risk—identification of risks at the task level and between those tasks, allowing avoidance and mitigation to be built into the plan/schedule.

Buffer Development—Risk Assessment, Mitigation, and Acceptance

A unique characteristic of Critical Chain-based project management is the use of buffers to protect the project’s promises from risk/variability associated with the individual tasks. Buffers are highly visible and widely shared components of the project schedule, unlike the sometimes hidden nature of contingency reserves or “internal targets and external promises.” Buffers are an open indication of the anticipated risk associated with the project as it relates to the promised due date. Project buffers protect external deliverables and objectives of the project, while Feeding Buffers help to keep the project manageable by helping to “keep the Critical Chain critical” through the life of the project, isolating critical chain tasks from noncritical task risks.

The use of two-point estimates to assess and address schedule risk associated with task uncertainty sets the tone up front for the appreciation of risk in the real world. In addition to task uncertainty, iteration uncertainty can also be taken into account in the sizing of Feeding and Project Buffers. The cumulative effect of task and iteration risk is established in the scheduling process, through the use of the two-point estimates to appropriately size project and feeding buffers. The shorter estimate is used to build the dependency network and identify the critical path/chain of the work involved, while a portion of the sum of the differences between the estimates of tasks in a particular chain is used to design a buffer. Those buffers, added to the network and supported by appropriate resource behaviors, will provide a rational promise for the project. In this way, the project—not the task—owns the “safety” associated with the risk, and if not used for a task that “gets lucky,” remains available for use to protect the promise from other risks (or to offer an accelerated completion opportunity).

To the extent that a resulting project schedule does not meet the needs of the organization, there are two places to look for opportunity—the reduction of risk, characterized primarily by the project buffer, and the assumptions regarding the content of the work, embodied in the network of tasks. Understanding the dependency assumptions and the contributions of certain tasks to the required buffers is the key prerequisite for either reducing risk or otherwise modifying the schedule to come closer to schedule objectives.

An additional source of risk mitigation by the use of a Critical Chain schedule is that of integration risk. The statistical nature of project networks includes inherent risks in the ability to start critical tasks in a timely manner when they depend on inputs of multiple tasks and chains of tasks. Even if individual tasks have a 90% chance of finishing “on time,” only six integrations will take the chance of their common successor’s “on time” start to close to that of a coin flip. The purpose of feeding buffers in a Critical Chain schedule is to isolate those integrations, protecting the project’s ability to keep the critical critical.

This resulting system of buffers becomes a highly visible and direct assessment of the accepted schedule risk (and opportunities) associated with the project as a whole.

Multiproject Synchronization—Risk Avoidance

Critical Chain Scheduling and Buffer Management are processes that can support the speed and reliability of single, stand-alone projects. They come from applying the Theory of Constraints (TOC) problem-solving methodology to the domain of project management. One additional problem, however, is that very few projects exist as single stand-alone projects. Most projects undertaken by organizations are part of a larger program or portfolio of work performed by shared resources.

This fact is a significant source of what is sometimes categorized as organizational or programmatic risk, consisting of risks generated external to the project and related to shifting priorities and interruptions, often associated with other projects in the organization. Without clear priorities, a common result is the sharing of time and attention through multitasking or assignment of fractional headcounts to more than one task across projects. Unless individual project planning takes the resulting potential interference into consideration, the impact on project progress against its baseline can be significant. Failure to proceed apace minimizes the ability to use available time to protect a project from even its own risks, much less the interfering risks of other projects.

When planning, scheduling, and promising a particular project, it would seem there is enough risk to consider within the context of that project without worrying about other things going on in the organization or in other projects that may or may not actually be launched. Other than by padding estimates for that project to account for otherwise unaccountable expectations of interruptions of resource attention, it would seem there is little that can be done to proactively deal with cross-project risk.

The Critical Chain-related TOC solution for multi-project organizations provides a direct assault on the questions of priority and interruption. Based on the idea that progress in a project comes only at the handoffs between tasks, where the work of one resource allows another resource to move the project forward, TOC multiproject management provides a method for synchronizing project launches to minimize the pressure on resources to multitask between tasks of different projects. Combined with the existence of buffers to absorb delays in starting otherwise ready tasks, project synchronization helps to avoid the duration-multiplying effect of bouncing back and forth between tasks before handing off deliverables.

The result is a protective isolation from and avoidance of risks associated with other projects. When that isolation occasionally breaks down, the buffers provide a mechanism for comparing the relative health of the competing projects’ promises, and therefore a control reference to guide the resource to the single best use of his or her time and attention.

Monitoring and Controlling Risk

Once a schedule is developed and commitments are made, we enter the real world of project execution. A plan and schedule is only a model of expectations associated with the project. Reality will create deviations from those expectations as early as day one of the project. These deviations are the both the result and precursors of changing risks and opportunities.

Buffer Management—Risk Identification, Assessment, and Mitigation

As reality deviates from the model of expectations, tasks will take longer or shorter than accounted for in the project network. As tasks are actually worked, there is better understanding of the risks than during the planning process. As the project progresses, it is possible that more becomes known about later tasks as a result of findings in earlier tasks. These variations in performance, new knowledge, and refined expectations need to find their way into the understanding of the project through the risks they imply for the project’s promises. In a Critical Chain-based project, buffers will be consumed or replenished accordingly, acting like shock absorbers that are designed to protect promises from the unavoidable variation in task performance.

But sometimes those deviations are greater than anticipated. Sometimes corrective actions are needed to mitigate the accumulation of anticipated and unanticipated variation. How does one assess the current risk and whether to act?

Critical Chain-based risk management does not end with building the schedule and making the promises. The full name of the TOC solution for project management is Critical Chain Scheduling and Buffer Management. As might be surmised from preceding emphasis on buffers, Buffer Management is the key Critical Chain process for monitoring and controlling projects. It provides the basis for ongoing awareness of changing risk and guidance for when that risk suggests a need for action.

The use of Buffer Management is not unlike the use of statistical process control (SPC) in production environments, helping differentiate the impact of common cause variation (anticipated, accepted risk in the project world) from special cause variation (unanticipated or unplanned risks). It is based on straightforward methods of assessing both the consumption of buffers relative to project completion or the trending of that consumption, and requires minimal data gathering to facilitate its calculation. As a result, buffer reporting becomes a tool that is usable not only by the project management elite, but also by resources and resource managers to assess and appropriately act on risks as they raise their head.

Like Risk Management, Buffer Management is a future-facing process. At its core is an approach to updating tasks that eschews emphasis on what has been done or “percent complete” in favor of what matters in terms of the promise—what remains to be done. Just as risks are potential events yet to be encountered, task updating based on estimates of the duration to the completion of active tasks reflect any remaining risks for that task. Similarly other traditional methods of soliciting concerns of risks for future tasks can also be translated to changes in expected durations of those tasks or to insertions of new tasks into the original chain. Combining the cumulative previous buffer consumption with the current task’s remaining duration (or new understanding of future work) provides a new, current view of the state of the buffer. Comparing how much buffer remains to the amount of buffer required to protect the project’s promises from the variation expected in the remaining work allows an assessment of the health of those promises.

Risk assessment during project execution can be assisted by determining if buffer remaining is less than buffer needed, or if buffer consumption exhibits a troubling trend. Risk response planning can be based on thresholds of buffer consumption or comparisons of the rate of buffer consumption to the rate of related task chain completion. These thresholds are used to determine whether it is appropriate to act to mitigate the impact of these risks or accept the remaining risk as within the ability of remaining buffer to deal with it. Sometimes it can be even more important to avoid developing and implementing unnecessary corrective actions, especially when those actions require significant time and attention to develop. In that case, awareness of a healthy buffer allows the comfortable decision to do nothing.

In the development of risk responses, Buffer Management also provides input to how much response is necessary. The implicit understanding of risk inherent in the use of buffers carries through the project by allowing project teams to assess how much buffer is required to protect the due date promise from the remaining work. This allows them to determine how much buffer, if any, has to be recovered when faced with a previously unanticipated risk event.


Management of uncertainty and risk in an effort to deliver project promises with certainty is what it is all about. Critical Chain Scheduling and Buffer Management is not only a technique for the development and tracking of project schedules. It is a coherent and comprehensive approach to project management that encompasses and effects other processes and practices associated with project management as well. Most importantly, its implications for identifying, assessing, accepting, avoiding, and mitigating risk can be significant and beneficial.


Goldratt, Eliyahu M. 1997. Critical Chain. Great Barrington, MA: North River Press.

Jacob, Dee. 1998. Introduction to Project Management the TOC Way— A Workshop. New Haven, CT: The A.Y. Goldratt Institute.

Patrick, Francis S. 1999. Getting Out From Between Parkinson’s Rock and Murphy’s Hard Place. PM Network 13 (April): 57–62.

Patrick, Francis S. 1999. Program Management—Turning Many Projects into Few Priorities with TOC. Proceedings, 1999 PMI Symposium. The Project Management Institute.

Project Management Institute. 2000. A Guide to the Project Management Body of Knowledge. Newtown Square, PA: Project Management Institute.

Pritchard, Carl L., Ed. 1997. Risk Management—Concepts and Guidance. Arlington, VA: ESI International.

More complete information, including additional details on buffer management and commentary on applying other non-Critical Chain tools from the world of the Theory of Constraints to risk management, will be found on the web after November, 2001 at www.focused-performance.com/articles/ccrisk.html.)

This material has been reproduced with the permission of the copyright owner. Unauthorized reproduction of this material is strictly prohibited. For permission to reproduce this material, please contact PMI or any listed author.

Proceedings of the Project Management Institute Annual Seminars & Symposium
November 1–10, 2001 • Nashville, Tenn., USA



Related Content