and all the trades needed to be a project risk specialist.
The question then is, "What are the skills required to become a project risk specialist?" and "How does one become a project risk specialist?". This article is about the journey I had, as well as the skills needed to do the job. I started out without much technical and risk management experience and had to learn and build the above skills over time, but I was lucky in that I had people willing to help me become a risk manager.
I worked for Transnet Capital Projects from 2007 to 2014 first as a Senior Project Manager. During this time I had a discussion with my boss Neville Eve (https://www.linkedin.com/in/neville-eve-6725a7a0/) during which I asked him some career advice. He said that "Young man, you have lots of common sense, but one cannot write that on a CV. You need a transferable skill". This is some of the best career advice I ever received and I have given the same advice to others. Skills are the ability to do something well and with expertise.
At the same time, TCP had all the project risk management services outsourced and I had to attend a project feedback session where Dave Edwards (https://www.linkedin.com/in/davidoe/) presented the outcomes of a some risk work, which included the outcome of a Monte Carlo Simulation. I thought it was interesting and started to pester Neville and his boss Moira Moses (https://www.linkedin.com/in/moira-moses-a2a84664/) to give me the opportunity to become a project risk manager.
TCP had an agreement with Turner and Townsend and their risk manager provided me with training over an 8 month period. I worked as a risk manager at Transnet for 3 years and then started Kwanto Risk Management in May 2014.
Based on my experience, and the sometimes painful lessons I learned, the following skills are important in being a successful project risk manager:
You need to know how projects work.
A background in Engineering helps with this, especially when one deals with large, civil construction projects. I was trained as a mechanical engineer and over the years, gathered enough understanding to speak "civil engineering". This applies to any project: if you can’t relate to the industry or the relevant technical disciplines, you’ll may have a credibility problem. On the other hand, I have accepted to do work where I wasn't familiar with the project, but I had enough time to do research to enable an understanding of the project.
I worked as a senior project manager in Transnet where I was responsible for ad-hoc projects and reporting. I attended some in-house training on project management.
You need to understand how the project management life cycle, and the progressive project definition development in the interlinked technical disciples works and how different risks may realize in different project phases.
Having experience in various types of project ownership is very helpful. There is a big difference in focus on managing risks as a construction contractor and a project owner. You need to truly understand how, when and where risk management should integrate into the project management disciplines to be effective and timely.
You need to know how risk management integrates into the project management disciplines.
There is nothing which beats learning on how projects and project risk management work than working on a multi-year, mega project. This is another chicken/egg situation.
Experience in both the public and private sectors are important, as the project specific and systemic risks involved with each of these are different and require different treatment strategies.
Industry specific knowledge, (mining, petrochemical, power generation, large construction, software development etc.) is crucial in understanding context specific risks and business processes. Although there are general principles which can be transferred between industries, there is specific aspects which differ. An example of this is that the project life cycle phases and construction approach in renewable energy projects differ from typical large construction projects and is totally different from software development projects. Each has it’s own context and hence needs a context informed approach.
It is also useful to be a member of organisations like AACE and the PMI to stay abreast of new trends and developments.
You need to know how to get information out of project stakeholders. The skills here include the following:
You cannot be a project risk management specialist if you accept the status quo and don't have an inquisitive and questioning mind.
Analysis and problem solving. An inquisitive and questioning mind is essential. If you hated word sums at school, you are going to HATE being a project risk specialist.
Conceptual thinking, with practical problem solving. If you don't have a curious mind, you will not be able to delve into the meaning behind the words in the risk workshops and risk registers.
You need to be able, ant not afraid, to ask your clients the difficult questions.
Facilitation skills - your workshop is not going to facilitate it by itself. It is a skill which I built over time. The more workshops you facilitate, the better one becomes with this.
Leave your ego at home. It is about what is best for the project, not best for how you feel about yourself.
You need to know how to write professional reports. This does not only include reports, but also risk management plans, presentations and so forth.
Your internal or external clients are going to rely on concise, well written reports. You therefor need to know how to write, which includes a healthy dose of technical writing.
A good technical writing course can help a lot, whilst the research methods and reporting style learnt during Masters studies is also very helpful.
Listen to your client and structure your report to their needs and expertise level.
Structure your reports in a logical sequence, especially if its complicated and technical.
You also need to be comfortable presenting your results to senior managements, and in some cases, the boards of companies.
You need to understand risk management, both in terms of enterprise and project risk, as the one feeds into the other. For this, I had the following training:
You will note that risk management knowledge is not on top of the list. I believe that the ultimate purpose of risk management is to use the ISO31000 risk management process to convert data into information, which can be used to make better decisions. If the technical skills are not there, knowledge about how the risk management process is supposed to operate is moot, since the technical parts need to be in place to enable better decision making.
ISO31000: It was a good basic introduction to risk management frameworks and the risk management process. I still use the training material which was provided during the training, as it was copies of the relevant ISO31000 and ISO31010 standards.
Enterprise Risk Management: I got most of my training on how this works by reading books and attending risk committee meetings.
You need to understand the ISO31000 risk management process and the various nuances when dealing with enterprises, portfolio, programmes and projects, as they all differ.
You need to know which risk identification techniques are available and which ones work best in which context.
You need to be able to understand, build and explain risk modeling, which includes the following training and skills:
You need to know what MS Excel can do for you, and be able to train others.
@Risk Training: One needs to know how Monte Carlo software works, and be able to explain it to others. The various software companies provide excellent training.
MS Project or other project scheduling software.
Schedule simulation software. I use Vose Software's Tamara. It is good value for money and much, much less expensive than Primavera Risk Analysis.
You need to be able to identify and provide value adding services. This is especially true of self-employed project risk managers. These services may include the following:
HAZOP studies: To conduct HAZOP studies gives a greater understanding of technical risks in projects.
Project Governance Audits: Use your project management and the "what goes wrong in projects" experience to provide this service. As much of this work I do involve the procurement process, knowledge regarding procurement laws and regulations are important.
Forensic Audits. This, together with the above governance audits, go forensic audits just a step further, to determine who did what, when and how.
Business Continuity Management: BCM is another type of risk management - I got some training in this while being the BCM champion at one of my previous jobs.
You need to be able to be confident enough to be able to train people.
You need to be able to train and educate people, as some (or many) which you will encounter during risk workshops, may not be familiar with risk management and risk management processes. One can only do this, if one understands all the vocabulary, principles and processes involved in risk management, and is able to supply practical examples to support and enhance the training.
Starting out without having experience
The list above creates the impression that a project risk specialist has to be a Jack of All Trades - which is true. But it is easy to create the above list like if one has experience, as gathering the experience takes time. One might take some of the contents out if one would do risk management work for a specific company, only doing risk work related to a specific type of project, i.e. road building projects. I believe that the above list is required should the risk specialist plan to do consultant type work over a broad range of industries.
If I missed anything, please let me know.
PS: I wrote the original article and asked my colleagues Martin Snyman (https://www.linkedin.com/in/martin-snyman-472b3123/) and Quinton van Eeden (https://www.linkedin.com/in/quintonvaneeden/) to contribute.
Copyright 2020 Dr. Francois Joubert