Project Management Institute

Risking Less


The article is based on material in the white paper, “The Challenge of Fixed-End Projects—New Risk Management Strategies,” presented by Chris Felstead, PMP, at PMI Global Congress 2005—Asia Pacific.

To help mitigate risks in fixed-end projects, spend more time planning contingencies up front.



Some deadlines are engraved in stone, others written on a chalkboard, easily erased and refigured. Planning for contingencies and managing the risk around contingencies to meet fixed-end, or mandated end-date, projects is troublesome at best. Enterprises that adopt a more measured or standardized approach to establishing contingency plans and those that adequately prepare plans for “just in case” will do a better job of successfully meeting deadlines that won't budge, says Chris Felstead, PMP, project manager and IT practitioner based in Melbourne, Victoria, Australia.

Mr. Felstead drew on his significant experience in managing IT projects with fixed-end dates to develop his graduate thesis, earning his masters in project management at the Royal Melbourne Institute of Technology University in 2002. The thesis project—on which his PMI Global Congress paper is based—examined an amalgam of popular risk models applied to the concept of fixed-end date projects. His work expanded on the risk management models found in A Guide to the Project Management Body of Knowledge (PMBOK® Guide), Project Risk Analysis and Management (PRAM) Guide by the U.K.-based Association for Project Management, and Australian Standard for Risk Management AS4360.

All too often, Mr. Felstead says, projects tied to events such as Y2K, legislative or government-imposed regulations such as Sarbanes-Oxley compliance, or the requirement in Australia to implement the Goods and Services Tax have little to no tolerance for delays. “In the business world, you don't necessarily get the luxury of working through the requirements of a project and setting a reasonable end date,” he says. “Often, those decisions are based on commercial reasons rather than time, but time becomes an important factor.”

Time is a critical factor in identifying, evaluating and monitoring risks for fixed-end projects.

Established risk management processes can act as a “first pass” in risk identification and evaluation. As a “second pass,” a six-step approach helps examine particular project risks and adequately prepare contingencies.

The enterprise and its stakeholders bear the brunt of risks. Their involvement in risk decisions and planning fosters greater stakeholder commitment to a project.

To combat this pressure, Mr. Felstead developed his own strategy to augment commonly accepted risk management models. “The strategy isn't meant to be controversial but to help people who are making contingency plans and investing in risk management,” he says. “It's about an enhanced method of risk management to mitigate risk to the end date. When you can't push the date back, you have to think about contingency planning and preparations for contingencies. That often involves money and it might involve something that won't ever happen.”

Mr. Felstead's work resulted in a six-step model to mitigate risk:

  • Context: Determine fixed-end category and penalty
  • Identify: Recognize which risks must be addressed and require preparation time prior to implementation. Emphasize that if and when those risks occur, they would push the project past the fixed end date.
  • Evaluate Risks: Consider who owns the contingency plan and the ability to fund it
  • Treat Risk: Determine the date preparation should begin and whether the contingency plans are cost effective
  • Monitor and Review: Even though the risk has not yet been realized, determine if and when preparation for contingency plans should begin
  • Communicate and Consult: Obtain stakeholder signoff to start preparation.

Mr. Felstead characterizes these additional measures as a “second pass.” The collective activities of his six-step model provide a template to assess and manage project risks at hand. “At many organizations today, risk management isn't aggressive enough in planning for contingency or for making big decisions necessary for investing in preparation for those contingencies,” he says.

Mr. Felstead says companies, governments and other organizations routinely fail to meet fixed-end project dates, especially with IT projects. Of course, failure to meet the 31 December 1999 deadline involving many Y2K projects didn't stop the world, but Mr. Felstead believes Y2K holds many lessons when it comes to contingency planning. More rigorous contingency planning and preparation for software testing could have been more effective—the same holds true today.

“If we are to improve the image of IT projects in meeting schedules, we as project managers need to accept that specific strategies have to be applied if the date cannot be moved,” Mr. Felstead says. “These strategies focus on having the stakeholders commit to invest in risk management which protects the date as sacrosanct. This investment potentially allows the project manager to prepare contingency plans prior to the risk being realized. Clearly setting out that investment to protect the date allows all stakeholders to weigh in on the importance of the date commitment, presenting an opportunity to meet project dates, which isn't evident in most IT projects today.”

“Should Haves”

Events having low probability but high consequence require thorough contingency planning, says Stephen Grey, Ph.D., associate director of Broadleaf Capital International, a Melbourne, Australia-based risk management consultancy, and director for Region IV (Pacific region) of PMI‘s Risk Management Specific Interest Group (SIG).

The psychological effects of risk can deter project managers and business stakeholders from adequately preparing for events that threaten a project outcome or deadline. “None of this is particularly complicated, and yet people get it wrong because they aren't comfortable with uncertainty and complexity,” Dr. Grey says. “There's a failure of process to look at risk properly. Quite a lot of companies espouse risk management as a vital tool and say they'll look at the risks. Some may look at them, but fail to do anything about them.” Or, even when enterprises do plan for contingencies and adjust the way the work is done to minimize risk, few go on to really develop the resources that will be needed in case things go wrong. By effectively managing risk, an enterprise can be confident it will deliver its goals, despite possible issues, and can demonstrate this capability to shareholders.




Chris Felstead, PMP,
Project Manager and IT Practitioner,
Melbourne, Victoria, Australia

Anyone faced with a formidable end-date project must first determine if there's any flexibility in the end date, advises Mark Ives, consultant with Terra Firma, a Melbourne, Australia, project management consultancy. “If you can't get more time, make sure everyone's on board with it and assess what risks would kill the project,” he says. Then, in assessing the likelihood and consequence of each risk, the company will benefit in dealing with those that are of high probability and high consequence through a cost-benefit analysis. “It's important to make a clear decision as to whether the business can accept the consequence or not.”

“What Ifs”

Indeed, ownership over decisions by all interested parties in the project and in particular, continued input from business stakeholders, is integral to good risk management practices, Mr. Ives says. He says many organizations view risk and contingency planning as merely a process that the project management team must go through, rather than a valuable part of the organization's total risk management framework.

“It's the project team's responsibility to identify, assess, treat and manage risk and to communicate these risks to the organization,” Mr. Ives says. “By not stepping up fully to this responsibility, project managers take on greater responsibility for risks occurring than they should by allowing project sponsors and stakeholders to step back and assume the project team has the risks under control.” Such actions, Mr. Ives says, are tantamount to nullifying the risk management role of the project manager.

Mr. Ives says the six-step model as presented by Mr. Felstead does well to steer an organization to focus on the true business impact of risks being realized and to address risk management in this context. “I‘ve had experience in projects with fixed-end dates that were initiated by an industry association's requirement to be compliant at a certain date. However, a subsequent risk assessment found the cost of noncompliance, such as an industry fine, was potentially less than the assessed costs of the project and remediation efforts that would be needed to meet the fixed-end date.”

The best solution, he says, may represent a compromise between competing requirements: proceeding with a project that incorporates a contingency plan focused on delivering the project according to the timeline and organizational agenda. “That is, you provision for a financial penalty but work to avoid it, if at all possible,” Mr. Ives says.

Mr. Felstead is quick to add that virtually any industry can benefit from adopting detailed risk management processes for fixed-end projects. Once contingencies are identified, determine whether or not investment in preparation for them is warranted, given the implications of missing the project's fixed-end date. Every project varies, but often, significant contingency preparation is required long before a risk poses imminent threat to a project.

If a contingency plan is made, Mr. Felstead recommends determining a date to signal when a contingency plan may need to be executed, then determining the trigger date when the preparation is required. The decision to start the preparation— before the risk is ever realized—is based on monitoring the probability of the risk event occurring. “That's the critical juncture where the wheels fall off. You may have to make a decision and invest preparation time and money into a contingency plan that may never be used. It's all part and parcel of risk management at its best to avoid the worst.” PM

Marcia Jedd is a Minneapolis, Minn., USA-based supply chain and business writer.

This material has been reproduced with the permission of the copyright owner. Unauthorized reproduction of this material is strictly prohibited. For permission to reproduce this material, please contact PMI.




Related Content

  • PM Network

    Trees of Life

    By Hendershot, Steve The world needs more trees—and a lot of them—to stem the damage wrought by mass deforestation. Brazil alone is destroying the equivalent of three football pitches per minute in the Amazon rainforest…

  • PM Network

    Rising Risks

    By Nilsson, Ryan For as long as humans have been building cities, they have migrated toward the coasts -- for food, ease of transportation and any number of ecological benefits. Today, it's estimated that more than…

  • PM Network

    Playing with Fire

    By Jones, Tegan With the coastline of an entire continent burning, a scorched-earth urgency had teams across Australia racing to control the damage. Between September 2019 and January 2020, bushfires ravaged…

  • PM Network

    From the Rubble

    By Thomas, Jennifer Puerto Rico's infrastructure woes began long ago. But a series of earthquakes this year coupled with hurricanes Irma and Maria in 2017—which racked upUS$139 billion in damage—exacerbated the U.S.…

  • PM Network

    Trading Transformed?

    Blockchain—the technology that made cryptocurrency mainstream—is now entering the U.S. stock market. In November, the U.S. Securities and Exchange Commission approved a pilot project to use…