Risk management is one of those titles that usually makes people think of lawyers or contract specialists figuring out how to best document an issue or contract to protect the company. However, there is much more to risk management than CYA. A Six Sigma project is rife with opportunity for "unknown" issues to crop up. From an unforeseen stakeholder’s wishes to corporate changes, even things such as team member issues can derail an otherwise properly managed Six Sigma project.
Definition of Risk
First, consider a definition to put us all on the same page. The Project Management Institute’s PMBOK Guide, Fourth Edition defines project risk as "an uncertain event or condition that, if it occurs, has a positive or a negative effect on a project’s objectives." There are two things to consider here that are important to remember. First, it is uncertain. You’re trying to consider and plan for things you don’t know about yet. Second, the event can be positive or negative. You may wonder why on earth you’d worry about a positive risk, but the results can sometimes be even worse than a negative one.
As an example, let’s consider a Six Sigma project that dealt with a sales process. Certainly the team considered the impact of low sales results, lost customers, etc. But did they consider dramatically increased sales — far above what the target was? Can the company support the new sales? Is the compensation structure of the sales force able to accommodate wild success? Imagine the sales staff that just got very wealthy and retired, the customers that didn’t get served because the company couldn’t handle the increased workload, etc. Sure, today we’d all love that scenario to deal with, but it is a risk nonetheless. It is just more positive now than it may have been some years ago.
Identification
Now that we’ve agreed that we need to do something about risk in our Six Sigma projects, we have to identify what they may be.
There are three areas that should be addressed. First, on prior Six Sigma projects, what has gone significantly right and wrong that you can learn from? Why did those things happen? What was the result? This study becomes your "historical" risk analysis.
Second, consider your current situation, environment, project, team, etc. What areas can you, your team, other stakeholders see as risks — both positive and negative — to your project? Change is constant, and what happened to the last project may or may not impact you today. Think about other projects being worked. Talk to those team members or project managers. This becomes your "current" risk analysis.
Third, attempt to look into the future to identify changes that are on the horizon. In what activities is the company engaged in that might impact your project? Are management changes eminent? What market forces might impact your project or its stakeholders? These things seem far out of reach for most practitioners, but they’re actually very appropriate questions to discuss with your Six Sigma project sponsor or champion.
As you identify potential risks, describing them properly becomes a real challenge. Risks described as "market uncertainty" give you nothing to work with as you develop mitigation strategies. More specific definition helps communicate what you really mean by identifying this risk in the first place. Consider "increase in global copper demand, resulting in higher prices and scarcity" instead of "market uncertainty." The more specific the description of the potential risk, the more specific the plan can be to address the risk.
Planning
Once you’ve identified potential risks, your team needs to prioritize them to develop plans to mitigate the risks. Prioritizing is something all practitioners of Six Sigma likely understand (ranking probability and impact, etc.) so we won’t go into detail here. But the actual planning for action to take once the risk has or is becoming reality does deserve some consideration. All this effort must be applied in proportion to the value of the project. Things like loss of life, environmental damage, etc. would earn much more investment in risk planning than a loss of relatively minor amounts of money. Other risks might be project team specific such as a key subject matter expert’s impending retirement. A plan should be developed that addresses each high-priority risk, how it will be determined that it is time to act, and what will be done by whom in what timeframe. After this is developed, all that is left is to monitor the Six Sigma project for the identified risks and keep your eyes open for those you may have missed.
Monitoring
The plan you just prepared should include a monitoring system that helps you routinely check on your high-priority risks. It should also allow for addition/deletion of potential risks, which gives risk management its iterative nature. You constantly watch for signs of change that may impact your project, evaluate their probability/impact, and adjust your plan accordingly. This step in risk management is typically the one that gets forgotten. The project manager develops a solid plan with his or her Six Sigma project stakeholders, and then puts it on a shelf. You have to monitor the project continuously and be prepared to engage the resources needed to address the issues.
Action/Reaction
In your plan, you identified what would be done by whom and when once it is identified that a risk is imminent or has occurred. While the investigations are still ongoing, it is becoming clear that a good risk management plan was in place on the Horizon in the Gulf of Mexico. The problem that some are claiming is that the risks were known, the signs were there that there was trouble, there were similar issues on other platforms, but the action that was taken may not have been adequate or appropriate. The result was loss of life and environmental damage. Care must be used to not over-react, but once you develop your plan, use it!
Conclusion
In conclusion, you can look all around the world, in just about every industry, to find examples of both proper and poor risk management. Some have no plan and just react well. Others have a great plan and don’t follow it. Some are great at both, some at neither. The lessons you can pull into your Six Sigma project should help you with the identification, prioritization, planning, monitoring, and following your plan. Your individual project may not have the impact an oil-well blowout does, but your risk management effort, properly scaled and executed, can help you avoid pitfalls and take full advantage of opportunities.