Galen Low is joined by Shashwati Roy, a project manager by profession. She completed her Masters in Statistics and has worked in the IT Industry ever since. She has extensive experience in the areas of Quality, Release and Project Management. Listen to learn how to talk about risk and have everyone listen.
- Shashwati Roy has a Masters’s in Statistics and over 18 years of experience in technical project management in the public sector industry. She’s also a former president of the PMI Sacramento Valley Chapter as well as a respected teacher and mentor focusing on procurement management and risk management. [1:39]
- Outside of project management, Shash loves to cook, read books, throw parties, and workout. [1:57]
- Shash started her journey by pursuing PMP in 2005 and simultaneously getting involved with the PMI – Sacramento Valley Chapter. She held positions starting in the education branch, organizing workshops, and then became Chapter President in 2010 to 2013. That was a real test of project management for her because she had to run a chapter with voluntary participation but still be accountable to members and PMI leadership. [8:39]
- In 2009, the leadership at HP asked Shash to take on one of these two posts: setting up a PMO and QA lead. She went with the team that was setting up a PMO in HP. Tremendous test of knowledge related to all areas of project management. Besides setting up processes, one had to also devise ways in which the message will be communicated to fellow PMs and what would suit the customer. Her journey consists of project management, release management, portfolio, and program management. [11:55]
- The types of projects that Shash has worked on over the years were primarily IT projects, functionally in the welfare and healthcare industry. She enjoyed the journey from ensuring welfare-related State Laws being imbibed into the functional pieces of the project, and also had the opportunity to work in projects focusing on hardware and infrastructure. [14:27]
- Shash really enjoyed mentoring and teaching because it is a learning experience. The more you teach, the more you learn. When she teaches her UCD courses, that gives her maximum happiness. She also met a variety of students from an IT background. [17:56]
“The reason I love to teach and mentor is because the more I teach, the more I mentor, the more I learn.” — Shashwati Roy
- In September 2019, Shash had a 5k walk for UC Davis pediatric cancer. She treated it as a project. They had weekly status meetings and she would get all her volunteers on a Zoom call. And every week they used to go through a task list and told them to do some risk mitigation. [21:24]
“Risk is foreseeing a potential situation that will be encountered in the future.” — Shashwati Roy
- To Shash, awareness and foreseeing a potential situation is smartness. To be aware and understand the situation means strong control of the situation. [22:55]
- When faced with risk, Shash takes the following steps: identify the risk, communicate the risk, and ways to mitigate it. Define owners and responsibilities for risk management. Prioritize risk, which should be done with the customer and team. After you prioritize, you must be aware of the impact and severity. Discuss Risk Log in every status meeting. [28:05]
“Identify the risk, communicate about the risk, and talk about different mitigation plans.” — Shashwati Roy
- Don’t overkill a risk by constantly talking about risk. Status meetings, whether internal or external are preferred modes of discussing risks. [35:56]
“Never end a status meeting without talking about risk.” — Shashwati Roy
- When Shash was mentoring her fellow PMs, her favorite thing would be when ending a status meeting, go through all the bullet points and put an ‘R’ or an ‘I’ next to it — is it a risk or an issue? Then discuss it in the next status meeting. [37:32]
- It’s so hard for people to talk about risk because they looked at it with a negative connotation or fear. [40:32]
“We must mentor people and make them understand that risk is a very comfortable topic.” — Shashwati Roy
Shashwati (Shash Roy) is a project manager by profession. She completed her Masters in Statistics and has worked in the IT Industry ever since. She has extensive experience in the areas of Quality, Release and Project Management.
For 18 years, she worked with EDS/HP on the CalWIN Project and is currently working at PCG (Public Consulting Group) as a Senior Consultant since Feb 2018.
She also has been associated with the PMI Sacramento Valley Chapter for over a decade, serving as the chapter president from October 2010 to December 2013 and remaining an active volunteer of the chapter as well as PMI global.
Besides Project Management, Shash Loves to cook, read books and workout.
“The more you’re aware of the risk, the more confident you will be about managing risks, and you’ll be more confident about your project.”
— Shashwati Roy
Resources from this episode:
- Join DPM Membership
- Check out Public Consulting Group
- Connect with Shashwati on LinkedIn
- Send Shashwati an email firstname.lastname@example.org
Related articles and podcasts:
- About the podcast
- Article explaining the 12 real-life examples of project risk management strategies
- Article explaining the bad meetings can kill a good project: a survivor’s guide
- Podcast about how to manage stakeholders
We’re trying out transcribing our podcasts using a software program. Please forgive any typos as the bot isn’t correct 100% of the time.
Read the Transcript:
So you get to the part of the agenda about risks and people start leaving the call. Even the folks who stayed on seem a bit disengaged. You get a private message from your colleague saying that people think risks are a bit of a downer. I mean, it’s still early in the project, and people want to keep feeling optimistic until there’s a reason not to.
Maybe they’re right. You’ve even had moments yourself where every risk in your risk log is an insult to your abilities as a project manager. Some days you don’t want to talk about risk, either.
Why is it so hard to have conversations about risk?
If you’ve struggled to get your teams and stakeholders comfortable talking about project risks, then keep listening. We’re going to be sharing some insider tips on how to create a culture of risk management that builds confidence, strengthens project communication, and facilitates smart decision-making so that everyone plays a part in navigating the project to success.
Thanks for tuning in, my name is Galen Low with the Digital Project Manager. We are a community of digital professionals on a mission to help each other get skilled, get confident, and get connected so that we can lead our projects with purpose and impact. If you want to hear more about that, head over to thedigitalprojectmanager.com.
Hey everyone — thanks for hanging out with us on the DPM podcast. Today we’re going to be diving into a fundamental area that is not only feared by DPMs, but also misunderstood by a large number of digital teams. Yes, that’s right, we’re talking about risk.
It’s one of the most difficult and most neglected areas of project management. And yet, managing it is arguably the most proactive and transferable tool you have available to you.
So how can we acknowledge risk, embrace it, and maybe even get our teams to enjoy talking about it?
To start tackling this topic, I’ve got a very special guest with me today.
Not only does she have a Masters in Statistics and over 18 years of experience in technical project management in the public sector industry, she is also a former president of the PMI Sacramento Valley Chapter as well as a respected teacher and mentor focusing on procurement management and risk management.
Outside of project management, she loves to cook, read books, throw parties, and workout.
Folks, please welcome Shashwati Roy. Hello, Shash!
Uh, hello, everyone! Really looking forward to this session.
It’s great to have you here. You’ve got a wealth of knowledge and like I mentioned, risk is just one of those areas that everyone can learn a little bit more about.
Uh, but before we kinda dive into the topic, I just kind of wanted to see what’s going on in your life. Um, like what kind of things have been inspiring you lately?
Okay. That’s a very good question. A difficult question, Galen. Lockdown. No traveling. And that’s why exploring into the areas of audiobooks, podcasts, et cetera. I am constantly reading because I’m constantly walking. No, I’m not going to the gym.
So I can, this really makes me very happy. Listening to books, listening to podcasts, delivering podcasts, talking about project management, et cetera. So all that is inspiring me a lot.
Good for you for a keeping up with the walking and the exercise, and b) finding an opportunity to listen to audiobooks and listen to podcasts so that you can do both at the same time.
I know a lot of our listeners, you know, they would listen to the podcast on their commute to work. And when that wasn’t happening, well, then maybe they’d listen to it while walking their dog. And when that wasn’t happening, well, maybe just hopefully listening to it on their couch. Um, but good on you for really taking up the mantle of keeping on with the fitness and also keeping up with the learning. I really love that.
All right. So let’s, let’s get into it.
Uh, let’s talk about how to talk about risk in a relatable way. And I think the outcome we want to drive towards today is just getting our listeners comfortable enough to communicate effectively with stakeholders, sponsors, project team members, and leadership teams in a way that builds a culture of risk management so that everyone can play a part in managing risk proactively.
But first, I wonder if maybe you could just tell us a bit about the professional version of you. How have you arrived where you are? How did you get into project management?
How did I get into project manager? Well, it’s been a very long journey. Pursuing PMP in 2005 and one of my colleagues just told me, Hey, there’s something called the “Project Management Institute Sacramento Valley Chapter”. So do you want to go there?
But I, uh, with pursuing PMP, I gave PMP because I knew I wanted to go into project management world and money was very tight in those days. So what, uh, EDS HP did in those days was they said, we will pay for your exam piece. In those days, it was like $400 and the books, they said, we’ll pay for it in case if you pass it on the first goal.
And since money was tight, I had that extra pressure that I had to pass it in first go. So I really worked on a model, passed it, and, um, then became involved with the Sacramento Valley Chapter in 2005. I hadn’t yet started project management in my career world yet because I was doing a lot of quality and I come with a lot of, you know, CMM level three, level four certified, ISO certified.
So I was, uh, doing a lot of work in the quality area. So, and I held positions in the PMI Chapter, starting from the education branch, then doing a marketing strategy. So different roles I held, which helped me become a President from 2010 to 2013, because I had a very good idea about how the different branches worked.
This was a real test of project management. I had to run a chapter, a board with voluntary members, but still be accountable. We, in those days, a Sacramento Valley Chapter, we had just about like housing members. I had to be accountable, not only to the members after all there being the membership, so be accountable, and everybody cares about how the money’s getting utilized.
And you have to show them a positive ROI that look, this is where your money is going, but also be accountable to the main PMI about generating budget sheets, invoicing, and invoice sheets, uh, status reports, things like that. This was a big, uh, challenge because this was all through, uh, board members who were themselves volunteer members.
So I couldn’t like, you know, tell them, no, we have to do it. No, how can we do it? So there was a change in my tone, but, um, so that was a big challenge. I’ve been teaching actively since 2010. I cannot even tell you how much that has been. It’s actually true risk management, teaching and mentoring, because you have no idea about your clientele. Who is your clientele?
They are your student base. You have no idea from where they are coming. So all this journey started from 2005 and back now in 2009, because HP knew that I was doing quality assurance, but they gave me the offer of two quick positions. Uh, whether I could be part of a team which was, um, setting up PMO like a formal PMO and another being a QA lead. A position Vice QA lead was, uh, much better, but I still opted for setting up the PMO team because by the time I had made up my mind that this is the line, this is the carrier I want to go through.
Uh, why it was a big challenge for me, setting up a PMO? Because it, the easiest part is writing the processes. That is probably the easiest part, but to convince your stakeholders, when I say stakeholders, I really mean your internal leadership, your customers, and mostly your team members and your fellow peers.
So I guess that’s how my journey has been. And after that, uh, I’ve done, uh, good things like I’ve done what I really liked doing project management. I’ve done a lot of change and release management, handling change requests and portfolio and program management.
Love that. What, what a good investment for HP. And we’re talking to Hewlett Packard here, right?
Uh, don’t even get me started Galen there. They have changed their hands. So me time, I started with EDS became HP. Then we became HP enterprise. Then we became DXC and when I quit HP, it became Gainwell.
Oh, I’m even out of touch. I still knew them as DXC.
Yeah. They are Gainwell.
But what a good investment in terms of saying, listen, we’ll fund this, you have to pass it the first go.
And then later saying, okay, do you want to do a QA lead role or do you want to build a PMO? And then you said PMO. So that seems to have really paid off for you and for them.
Yes, I think so. I hope so.
I mean, I think so as well.
Thank you. That’s really nice.
You, um, you mentioned a couple, sort of, types of projects or, you know, um, like the nature of the projects.
I’m wondering if you could just talk a bit more about the types of projects that you’ve worked on over the years?
They have been primarily IT projects, functional projects, especially focused on a welfare and health care industry that I’m talking from a HP uh, perspective, like calculating eligibility and what is the payment going out in your food stamps, your benefits, your medical EBD card. So basically calculating, uh, eligibility, but I’ve done some, uh, software upgrades. I’ve done some hardware upgrades, so infrastructure type of projects, I’ve done a multitude of projects. And right now I’m in the consulting industry.
So you do any and everything in the consulting industry. You’ll have a blanket role called the senior consultant and you consult in all the areas. But on that note, running a chapter that was like doing a full pledged, I would say, um, it was running like a program because executing the different departments.
And remember every department they had their own uh, hierarchy like a VP, a director, and some liaison lead. Each one ran up, ran as a sub project as a sub project and when you comprise all of them, uh, I like to call that as a program, although an even in, uh, yeah, there’s one example I do want to share, going back to HP was when I was a program manager for, uh, business intelligence area.
Uh, so I did a lot of, uh, BI type of gender reporting projects. What is it the customer wants? And a final, of course, one example is I ran a lot of charity events and I’ve just run them like, uh, uh, projects. Primarily because I do a lot of charity work, but I try to stay focused in the area of pediatric cancer.
Not for any particular personal reason, thank God, I thanked lot for that, but a running charity even. So I stay focused on, uh, primarily pediatric cancer. So I do a lot of work with St Jude’s and UC Davis, uh, uh, pediatric cancer unit. So running a charity, even just, just like a project in fact, isn’t running a household so a typical project.
Well, you must run a tight ship.
No. I love that. I love this notion of the fact that, you know, volunteering with, uh, PMI, a local chapter at PMI is some of the best exposure you can get to a lot of different, um, types of managements, managing different teams, managing different types of, uh, projects. And like you mentioned, like it’s all run like a program.
So you’ve got a lot of experience there. You’ve got a lot of experience with HP. You got a lot of experience running charity events and, and to your point, running, running a household. I really do like that. You mentioned, you mentioned you made the decision between QA lead and building a PMO. Uh, like do you ever regret that decision or what do you love about project management and what you do today?
I would say if I try to, uh, sum up about the multitude of things I do, I feel I enjoy mentoring, uh, teaching. The reason I love to teach and mentor is because the more I teach, the more I mentor, the more I learn.
And one thing I do want to share a quick example is before ending this question is that since I do charity events, I like to always treat them as projects. So in September 2019, because September is the pediatric cancer month. In September 2019, I had a 5k walk for UC Davis pediatric cancer.
I treated it as a project. We had weekly status meetings. I would get all my volunteers on a call on a zoom call. And every week we used to have, and we used to go through a task list and I told them, uh, let’s do some risk mitigation. What if it rains that day in September in Sacramento, chances are zero, but I still made them do a risk mitigation.
And you will be surprised at the number of different types of mitigation, uh, they came up with, we buy umbrellas for everyone. We have the walk in-doors. Are we could reschedule it? Incidentally, these volunteers were all high school students. So that’s why, again, I come back to my initial sentence of mentoring, teaching.
That’s what I, uh, like the most. Passion, I would say.
I love that. And actually that’s a really good segue with your risk example. Cause I think it’s probably about time that we sort of give folks their bearing. So really just to level set for our listeners, let’s, let’s just define risks. So tell me, what does risk mean to you?
What is, what is your definition of risk?
Risk is foreseeing a potential situation, a situation that will be encountered in future. In my mentoring, I always tell people it’s very easy. Risk is something which you foresee, which you perceive you think it might happen. And issue is something that has already happened, both required mitigation, but one is a pre and one is opposed. Simple.
That’s the simplest reason to be aware of a situation and to understand, and, uh, think off it as a potential situation, I call that a smartness and I also call it as confidence. I should be confident about a fact that something good happen in future. I should be super confident about, um, this, uh, do you think I can squeeze in a quick personal example?
Sure. Yeah. Go for it.
So a couple of weeks back. I want to quickly share it. I had my grandson’s uh, rice ceremony. That’s a typical, uh, Indian ritual and we were deciding it to be an outdoor event in the afternoons and with very close friends, obviously in the COVID era. And we were making all arrangements in our backyard, outside tables and chairs.
The program was on Saturday, June 19th. On Tuesday I checked the weather and I saw that the heat is going to be 104 degrees. I immediately changed my food menu because now people are going to sit inside. So obviously any deep frying, which is so typical of Indian culture, all that had to be eliminated. And also I had to make internal arrangements to ensure that 25 people will sit inside because I don’t expect anyone to go out in 104.
And also the risk mitigation. I also did not only of taking care of the heat, I also had to inform the attendees. Ultimately, they are my stakeholders. They are the ones who are coming to my house. So I had to inform them that, uh, because of the heat, there is a change in plans. We will still have the event, but we’ll have it in inside in case you’re not people had to.
In the COVID era, you have to declare to people that you are going to have the event inside and remembering June, we were still, uh, people that are getting vaccinated and things were happening so that I would say those were the mitigation steps I took because I could foresee that it would be very hot and the risk was people will fall ill if they have to sit outside.
There’s one more thing I want to talk about risks quickly is that to me, risk is more like a procrastination. You take it with the strangely not strangely in today’s world are always it’s happening. Risk is always taken with a negative connotation. Having a risk is perceived as bad. It’s your failure because, but I always teach that the more you’re aware of risk, the more confident you will be about managing risks. And you’ll be more confident about your project. I hope I answered that question.
Yeah, no, I think you really did. I actually know somebody who got fired because she was too vocal about talking about risks and they said, you’re rubbing people the wrong way. You’re not, you’re not a good fit.
And she’s like, I’m identifying risk, actually have someone else who, uh, in that same conversation we were talking about how risk management is actually just being prepared. Like the example you gave, right? It’s just being prepared. And when it’s framed that way, there’s not a lot of people who don’t want to be prepared, but you’re right that identifying risks, managing risks is a negative. It has a negative connotation.
People think of it as a negative thing. Like you mentioned, project managers think that if there are risks on their risk register, then they’re doing something wrong, but that’s not at all the case. Um, it’s just about being prepared.
It’s about being proactive. It’s about forseeing what might happen.
And I wonder if we could just dive into, like, what does one do? Like in a project? I know you, you, you, you, you treat everything like a project. I can tell. Uh, I know I I’m, I’m getting hungry, uh, because you’re talking about food, but yes, having a party, planning a marathon, uh, running a project, um, you know, in an IT space and infrastructure project, all of these things, you know, need risks management.
So what do you do when you face risk? Like what are, what are the steps?
Yes. So, uh, identify the risk. We always see in all project management books, in any webinars, you always say first sentences, identify the risk, but how do you identify a risk? I always feel, and this is my, uh, motto, and this is what I tell people when I’m mentoring is risk management and communication management go hand in hand. You should always involve. So then there is an inclusivity. So I feel, uh, as a good project manager, I won’t use the word successful because that has many gone rotations. I would say, as a smart project managers, you’ll identify few risks and then you start communicating risks and you include your stakeholders and you communicate and you identify the risks.
Great. Let’s keep that on a parking lot for a minute, the identify risk, but you go to any project management, a world book, webinar, anything. Identifying risk is the first and foremost step you will see. Identify risk. Then you’ll communicate about the risk and you’ll talk about different mitigation plans.
And we’ll be talking gradually about the forums, how you want to communicate and how to handle mitigation plans. You define owners and responsibilities for risk management that we remember. And you prioritize risks. I feel, I feel prioritizing risks, and this is something I’ve always used at HP. Privatizing risks along with the team and the customer.
It is very, very important and it’s very good because the customer might feel, oh, this risk might be it’s toppest priority, but I’m just going to talk from a coding world. And my developer lead developer says that no Shash, I think that will take like a 200 hours of work and that will have a ramification on this schedule, but then you are able to communicate that this could take a long time.
So I’m just going over the basic steps, identify the risk. Then you start communicating about the risks, define owners and responsibilities of risk management. Remember project manager is always the main owner of the risk log, but the individual each risks, you could have different owners. You prioritize the risks and after you prioritize the risks, that which should be the top priority, which should be the, uh, you know, can be done a little bit later.
It is very important for us to be aware of what kind of impact it has and you’ll find out what kind of does it have a low impact? Does it have a medium impact? Does it have a high impact? And one thing very important is discuss risk log in every status meeting, every status meeting, you go to each and every risks.
Many a times as a team, when I talk about communication management, that’s what I’m saying. Many a times it happens that you implement with a known risk than being unknown to a risk. When we were buying a condo in Folsom, we had a, the condos were right next to the Folsom dam and our insurance company told us to take a flood insurance and it meant quite some money per month.
We did talk, me and my husband we talked that, should we go in for that? We must have, but I did put in my project management hat and I thought, okay, this could be a risk. One could foresee that there could be a potential, uh, danger. So, we did take flood insurance. So, so, but we still bought the condo with the known risk.
We still went ahead and bought the condo and we took a known risk, but we did have a back pocket risk mitigation plan. We had the risk insurance. Worst case scenario, dam broke. Floods came in our house, got this thing. I still had a flood insurance too. Uh, bear, uh, I think so. So I would say, what do you do when you face risk is you do all these steps. Identify risks, communicate risks, prioritize risk, find out its impact.
In fact, it’s very important. What does it mean to me? You will have taken out a risk. Immediately, if I’m a customer, what does it mean to me? If I’m internal leadership, what does it mean to me? Does it mean I’ll get paid later because your schedule becomes longer? Project manager, project manager directly is not impacted if the schedule gets elongated.
He or she just has to manage for a longer time. But my leadership, the leadership, whichever organization one is working in a directly impacted, what is it? That means that the payment milestone gets delayed. They don’t like it. So I would say, uh, that is we do when we face risk.
If you face risk, your first step is communicate, communicate, communicate, you’ll face risk. Uh, the immediately you start communicating right from whatever meetings, whatever way of communication it is.
I like what you said about the fact that risk management and communication management are really closely intertwined.
They go hand in hand.
It’s true because like, I mean, A – once you’ve identified it, you need to talk about it. But then what strikes me is that in all of those steps, you need to talk about it. And when you’re assessing, when you’re prioritizing, when you’re assessing impact and severity, you get the vocabulary and the rationale for describing it to people.
Like you said, if we do this, you might have a delayed payment milestone. If we do this, then you know, you might have your apartment damaged by flooding. And the other thing is risk doesn’t necessarily go away. Hey, it’s not a showstopper. It’s not like, oh, there’s a risk. Stop the train. It’s okay. How can we proceed in an intelligent way?
What’s the smartest path forward? And like you said, with your apartment, the risk didn’t go away. You had a mitigation strategy. So, you know, the dam breaks and there is flooding, well, you have insurance. It doesn’t stop the flood. Just means that you will, you know, I still have a house, um, after the repairs have been done covered by insurance policy.
And so I think that sort of, I like that example, cause it helps normalize risk. Right? It makes it less scary and it makes it something that’s not necessarily a burden on the shoulders of a project manager. Yes. You have to plan for it. You have to manage it. Um, but do you control whether or not the dam is going to give away? Not really. I really liked that.
Um, I wonder if we could talk a little bit about, um, like how often we should be talking about risk? How often we should be identifying risks? You know, I know we’ve got these steps, but I, you know, some people read those textbooks and they’re like, okay, I did it once. We’re good.
We did our risk management. Let’s keep going with the project. How, how often do you, uh, like review and identify risks in the project?
Um, very good point because this is where a little bit of the human angle comes in picture. I want to go back to you, remember, you told a couple of minutes back that you were talking to a person because she got fired, because she was rubbing people on the wrong side.
That’s what your boss felt. So I feel, don’t overkill a risk by constantly talking about risk. So I always tell my peer, uh, fellow PMs and my team and any, and everyone I encounter that, uh, risks I feel, uh, good to frequency. And this is just Shasha speaking from, uh, her experience of mentoring, teaching and practicing project and program management is that that risk should be absolutely discussed in status meetings. Only.
Don’t try to, as I say, as I’m saying, don’t try to overkill it by talking constantly about it. Never end a status meeting without talking about risk. That is like the Shash’s quote of the day thing, but never in status meeting without talking about risks. Every drop counts, and then that forms the ocean. In fact, there’s one thing I always tell my fellow PM’s in fact, they have done it and they really see a lot of benefit.
You attend a status meeting, you take down notes and you have different bullet points. And I won’t say you need to necessarily be the PM just going over those points. You could be the, just, you could be just a customer. You could be just a stakeholder. You could be just a team member. Obviously they’re all part of the stakeholder, the overall umbrella of stakeholders, but you could be just anyone, you come back to your desk and go over those points.
And for each one I have told either put a ‘R’ or a ‘I’. A risk, or an issue because remember there’s that human angle is coming because it’s just fresh in your mind. And you’re getting back to your desk, your cube, whatever your room, whichever, and you’re putting an R or an I. So here you go. You already have now a risk log and an issues log.
So when you’re going to your next meeting, hello, when you come to that section of talking risk. You can say, okay, these are the areas of risks and issues we all identified in our last meeting. Guess what? You are already, you have included them. You have touched upon the human angle, at the same time you’re talking about the risks and issues.
And the minute you have, and in the previous meeting, when you have identified them in your cube, when you are identifying them, you are naturally building confidence because you are thinking a little bit more about it. So you are already confident about what they are going to, uh, talk one last thing I want you to tell here is that there might be an area and I have faced it this so many times time says that the customer always says, oh, what do you think about this?
Um, And then what do you think about this? Don’t you think it should be a risk? I always encourage people. Yes, you are the project manager and, uh, you should own that risk, but always have that inclusivity team angle.
And you can always say, I’m going to get back to you on this after discussing with my team.
I really like that. And actually that might be a really good segue into the juicy stuff. Um, and so I, I, I really wanted to center this conversation around like exactly that communicating about risks, talking about risk.
Um, but it’s a tough thing for a lot of people. And I wonder in your opinion, why is it so hard for people to talk about risk?
Shashwati Roy: Because, uh, I, I feel is, and I used to be one of those project managers. I used to always feel that risk is something which me as a project manager, I’m the one who owns, I will own a project manager, but over the years I learned I might own the, uh, I might own the whole. So let me go a little bit one step back. There is a risk, and then there is a risk log.
What is a risk log? Risk log is a combination of all risks. Risk log. A project manager must, must own, but risks. You can, risks could be multiple people in your team, your different stakeholders, everybody owns. Then it becomes a team sport. There is that you’re including everyone and everyone is owning a risk, but you as a team are acknowledging the risk, risk mitigation, you as a team as solving it.
So, so here you are killing two birds with one stone because you are not only challenging your team member. You are empowering your team member, or you’re empowering a stakeholder to take owners, to take responsibility of the risk. So I feel that risk log should be owned by the project manager.
Although risk overall is a team sport. So risk owners should be different people.
You mentioned that earlier in your career, risk was tough for you. Um, and we talked earlier about sort of the negative connotation and, and sort of feeling like risk, not just the risk log, but project risk is like your, your responsibility and your responsibility alone.
I, how did that feel and what kind of got you out of that mindset?
Shashwati Roy: Because as I said earlier, Galen, that risk is always looked with a negative connotation. There is such a fear around risk, but earlier, and it’s time people started changing that outlook because people need to. So what I tell people is that you need to project managers.
When I say people, I really mean other project managers and even team members, you need to start separating the personal aspect from risk. Project manager feels his own failure if a risk is identified, but the owners of taking upon yourselves should be separated from the PM’s thought process. The minute you, uh, separated out you are automated and the more you talk about it, you discuss it in status meetings.
You start a project kick off meeting. Hey, let’s talk about risk management. Do you think that would be a risk? Things like that. I feel very strongly that we must mentor people and make them understand that risk is a very comfortable topic. You need to separate that fear and remember, this will not happen overnight.
The minute you change your outlook and you accept that the risk is there. One of my favorite examples is Christopher Columbus. He knew that the risk is there, but just because the queen of Spain funded, I mean, he didn’t have funding before. He just sailed out trying to look for India and he found USA. That’s where we are.
So, uh, I always like to take, so I’m not saying this will be, it will happen overnight, but I really feel the minute you get the personal aspect of separating the personal and the risk, don’t take the burden on your own shoulders. It will, the fear will go and more you talk to others, they will feel comfortable.
Oh, you involved me? I am included in this risk mitigation. One last thing I want to talk about. I have seen this really work in real life. So there is a risk scene. So you’ll come up with a ambitious risk mitigation plan and you know, it’s not a very good solution. You can always face that, right? Uh, like how do, uh, procuring service in a typical, uh, IT department. Procuring servers, there’s always the risk of it getting delayed.
So what are the, what is the mitigation plan? Mitigation plan is that the servers don’t come on time. It has a ramification on the schedule, or you run the upgraded software on all servers. So there are two mitigation plans. And what I have done is I’ve actually done this as I’ve gone to the customer with these two mitigation plans, but I always tell them that a preferred solution is preferred option is this. So here you are killing many birds with one stone because A, you are giving them a preferred option of a mitigation solution.
Remember, you’re only going to give the preferred option because you have done your homework, right? And you’ll feel comfortable with this preferred option. So I gave the preferred option to be delayed the schedule and get the new server because you’re upgrading a software and it should run on the upgraded, uh, hardware on the new hardware.
So that is was my preferred mitigation. Yes, ramification is customer, even if they’re not completely happy, but they saw that it’s positive to get the, uh, you know, new server than running things on an old server not knowing when it will crash. So I feel is that, uh, you educate both your internal and external stakeholders, and it’s all about dissociating risk from just on your own shoulders.
The more you talk about it, the more confident you become. And I think that’s it.
I like that approach. And I liked what you said about, um, yeah, just drops in an ocean, but every drop is building confidence about risk. And, you know, you mentioned about, okay. Yeah. At the beginning of a project, people are, you know, they’re optimistic.
They don’t want to talk about risks. You come in and you start talking about risk day one. Um, and then you educate it slowly. But what about those stakeholders or team members who still like later on in the project for all you’re trying still, just don’t want to talk about risks. Don’t want to talk about risk management. Folks who think it’s just a waste of time.
These things are never going to happen Shash, like that’s a long shot. We don’t even need to plan for that. People who think it’s a negative thing and just don’t want to, you know, take off their blinders and see that there is risk there. How do you deal with those kinds of folks?
I have faced it quite a bit, so, and that’s why I was, uh, I’ll go back to probably two or two questions back that, uh, never overkill, as you said, not to rub people on the wrong side about risks.
The manager include risks as a section in your status meetings or whatever you call them. The, you can call them as a check-in meetings, status meetings, or whatever, you know, bi-weekly touchpoint meetings, whatever you call them. If you have a risk section, people will be, uh, kind of, I hate saying this sentence, but they will be, they will automatically start engaging in those conversations.
They might feel that, oh, it is your headache. Why am I in it? But, and that’s where the communication management comes, uh, you know, very important that it’s a little bit of coaching, mentoring people, that risk management is a collective affair. It’s not a single, I think that is the key Galen that the minute you’re able to establish that risk management, risk mitigation is a collective affair and not a single point thing.
Then most of the battle is won.
And I like that sort of like making it part of the system. It’s on the agenda.
It’s on the agenda. Status meetings. But remember you don’t have separate status meetings about risk. Don’t make it just a risk meeting. People get bored. They, they procrastinate. They, they don’t come for the meetings.
They don’t show up, but the minute you put a risk as a section in your status meeting or checkpoint, or, you know, touch base meeting, you will have already, you know, belt the cat or nipped it in the bud. And coaching, coaching people, mentoring people that it’s a collective affair. Let’s solve this risk.
Look, let us look at what is the, so I feel going back to your example of why that lady got fired, because she rubbed it on the wrong side and I have no right to comment on what she did, so I’m not going to come into on it. But I would like to leverage on that example. That’s why I love to say again and again, it is so important that communication management, uh, goes well with risk management hand in hand, because, and remember, I have constantly all along talked about inclusivity. Give the human angle.
The more you talk about that, it’s a collective affair. Automatically that negativity about risk is going to go up. It’s not going to, uh, go away overnight. So we must start socializing the concept of inclusivity and collaboratively resolving risks.
And I wonder what about the opposite? Like what, uh, what about folks who are a little bit overzealous, a little bit overly enthusiastic about risk and, you know, I’ve been in some risks sessions, which to your point, maybe not advisable, but just have a risk meeting.
Uh, but it was a meeting that kept going because we kept identifying risks. Uh, like what risks are too big or too small to like log and plan for? How do you avoid spending, you know, days identifying and cataloguing and creating mitigation strategies for, for risks?
So, um, I feel is no risk is too big and no risk is too small.
I feel if there is a risk, you should log it, but you could, uh, you should always have a column like status. So, uh, uh, status could have accept risk. Flood is going to flood might happen. The dam might break. That’s an accepted risk. I accepted that this might happen. And another effective thing I’ve seen is if I know that the status of the risk is a accepted risk, it’s a known risk, but I don’t belabor on it again and again in a risk meeting, you automatically are establishing an atmosphere of positivity.
Galen, I sometimes feel that it’s probably sounding all, very all in theory in the typical, you know, uh, typical then phase, it’s the best thing, what Shash is talking, but just to me, I’ve seen this over like 10 years of practice or 15 years of actual project management practice that, uh, the, if you don’t keep belaboring upon accepted risks and that’s why risk priority is important.
So you, as a project manager, you can become a little bit smarter. Not that one doesn’t doubt on smartness of project managers. I just feel all project managers are smart. It’s just that they don’t get the enough value. And then that’s a separate conversation. We could separately talk about it. So I feel a few, the miniature prioritized risks.
People know that these are the top points I need to see, or those are accepted risks. I don’t need to touch upon them. Then it’s automatically a contained conversation, positive atmosphere set up, inclusivity collaboration, all that, uh, all those things walking.
And I really liked that, um, approach that prioritization isn’t necessarily just about categorizing risks and being done with it.
But it’s also the way you have a conversation about it. So that could be, you could deprioritize some of these risks. You’re not always hounding people about it. It’s not something you talk about all the time. It’s logged. We know it’s there. We can still plan for it, but it’s the high priority risks. And so instead of having this wall of risks, you know, hundreds of items just register the risk log.
Okay. We all are facing a major risk right now, Galen. This is my quiz time to you. My question time to you. What do you think is a risk, which we all are facing right now?
I think risk of the vaccination not being as effective as we thought?
Pandemic will never end probably.
Mitigation strategies, Shash?
Or I would say building herd immunity, right? Um, no, I don’t have a, there is such top Dr. Fauci and CDC and who, and all those can’t come up with a good mitigation strategy. They keep flitting floating between masks, no masks. Masks, no masks at night.
Well, and I think what you said about sometimes there is a better mitigation strategy than the others.
I like the approach of having a recommended strategy because that makes it a conversation, not just a Negative Nancy, sort of like, here are the risks, bad things are gonna happen, but you know, here’s what we ought to do about it. And sometimes the guidance will change. Sometimes the information you have available to you will change and how you tackle that risk, how you manage that risk and how you’ll mitigate that risk is going to be, it’s going to change as well.
Do you know what, in US there is a, a big strategy about risk mitigation going on? And I’ll tell you right now, it’s for example, this is just out of my reading a New York times daily, and that’s given me this thought just gaming. So for example, right now, Delta variant is happening a lot, right? It’s really ravaging across, especially the unvaccinated people, but the CDC director like yesterday, she said, uh, Dr. Wilensky that, uh, we are talking about, uh, how do we deal with the, uh, that Lambda variant.
That’s risk mitigation. They’re already thinking about risk mitigation about the Lambda variant, because they’ll tell variant is the issue now. It’s no longer a risk. It’s happening right now. It’s happening, it’s happening. So Delta radiant is more like an issue, but they are talking about what, how will they handle the Lambda area and whatever, I can probably pronounce it correctly, but that I would say is a risk mitigation.
Absolutely. And in terms of just the impact of risk management done right, I think there’s a great example where let’s start talking about it early before it’s happened, before it’s an issue. Let’s make some plans and let’s be prepared in case it happens. And if it does happen, then we can avoid having such a negative impact on, you know, population health, on quality of life, on the healthcare system.
Uh, so that can be risk done right. It can help steer a project to really good outcomes.
Listen Shash, these insights are all really valuable. I think the one thing that resonated with me was your approach of just drops in the ocean. And that every time you talk about risk, you’re building confidence in your team and your stakeholders to tackle that risk.
It’s not about nagging. You can definitely overkill the conversation, but there’s also a slant you can take on it where it’s listen, we are planning. We are being prepared. We are identifying the risk and feeling confident that we can address it if it does happen. And that’s something that normalizes it and takes that negative connotation away.
And, uh, do summarize that Galen. I, I, and I’m saying that this won’t happen overnight. The minute we project managers learn to take out that onus of risk only from our shoulders and share the weld, the risk weld across the team, share it across the team. It automatically becomes a easier topic.
I love that. Shash, listen, thanks so much for joining us today. I really enjoyed this conversation. Uh, as much as I hate to admit it. I love nerding out about risk and risk management, and I think it’s such an important topic. So thank you for sharing your knowledge. I really appreciate it.
No, thank you so much.
And it’s been my honor to be, and I’ve learned, I learned so much by just talking about it. So thank you so much. It has been a wonderful experience.
This has been great. I really appreciate it. Thanks so much, Shash.
So what do you think? Do you talk about risk with your project teams or is it the taboo topic?
Tell us a story. What’s the biggest failure you’ve experienced as a result of not talking openly about project risks. What are your top tips for getting people to understand and engage with the topic of risk? And if you want to hone your skills as a strategic project leader, come and join our tribe.
Head over to thedigitalprojectmanager.com/membership to get access to a supportive community that shares knowledge, solves complex challenges, and shapes the future of our craft together. From robust templates and monthly training sessions that save you time and energy, to the peer support offered through our discussion forum, community events and mastermind groups. Being a member of our tribe means having over a thousand people in your corner as you navigate your career in digital delivery.
And if you like what you heard today, please subscribe and stay in touch at thedigitalprojectmanager.com.
Until next time. Thanks for listening.