It is my pleasure to introduce you to guest blogger, Joe Sanchez. A great member of the Twitter chat community, #kaizenblog. Joe Sanchez has served as an Army officer and business and information technology consultant in the private, public, and non-profit sectors.  His interests are making a difference in organizations, communities, business, and government via leadership, strategy, communications, marketing, performance management and the effective application of technology to solve problems.

 Risk management is discipline that should be viewed as an enterprise core competency. This means that organizations should review how they manage risk at the project level.

Gartner Group stated @ that “a ‘new normal’ business environment is emerging, and most organizations are misaligned in some way.”  The key to succeeding in this new environment is to “balance IT cost, risk and innovation to drive business growth.”

Project risk management plans are developed to mitigate risks to projects.

Usually the risks are identified, assessed on their probability and impact, and mitigation actions identified.  At this level, it’s important to recognize that risk management is not a one-time identification of project risk.  Just as a project’s business case should be a life-cycle document that is regularly updated, the risk management plan should be updated on the same schedule.

Risk management plans should receive inputs from other sources as well like the project’s change management plan.

A change management plan addresses organizational structure, communication, training, and incentive actions, to name a few – all focused on addressing an organizational culture that will enable the achievement of the project’s goals.  Numerous studies have shown that projects often fail, not because of technology issues, but because of cultural ones.  Hence, what are the risks inherent in the change management plan that should be factored into the risk management plan?

Another source of risk management input should be an organization’s lessons learned. 

Ideally, these are in an information repository.  If not there, there may be people in the organization who have had experience with similar projects.  One of the first actions for any project should be to review these lessons learned – ideally for projects that have had a similar scope and scale.  That review may identify potential risks that that project should consider.   Two excellent articles that discuss this approach are “Strategies for Learning from Failure at and “The Danger of Missed Warnings” at  A key point here is that if an organization has a knowledge management / sharing program in place, that project should support how the organization manages and mitigate project risks.

The increasing use of data and analytics is also resulting in management focusing on three categories of data projects:  Generate additional revenue, reduce costs, and mitigate risk.  As organizations develop their analytics capabilities, they should also focus on how to use data to mitigate risks at the project level.

Risk management also drives innovation. 

As Mark Johnson states in “Risk Management and Innovation” at, “How an organization conceives of risk management will in large part determine how effectively innovation is pursued. … the core competency of the most effective and successful innovators is risk management. … They approach risk management not as a safety procedure but as a learning process.”

Adaptation and learning are the new business imperatives per  – more important today that ever before.  This applies to how organizations adapt to managing risk and learning from that adaption.

What are the most frequent risks to projects in the current biz environment?

How would you describe the connection between risk management and change management?

How do you use risk management as an opportunity to learn?How does your organization manage project risk that may be different than what is in today’s post?

What is the relationship between risk management and innovation?