Some people say that complex projects are not the same as other “ordinary” projects, and so they need to be managed differently. When we consider the risk angle, there are three questions to answer:
- Are complex projects inherently different from other projects? Complexity is a continuous variable, so it might be hard to tell if a particular project is complex or not. Complexity is not just a function of scale – a project can be large but simple, or small and complex. Instead complexity arises from the structure of the project and the way its elements relate together. It involves unpredictability, where it is not always clear how a change in one part might influence other parts. It is usually hard to see how variations in input might affect the overall output for a complex project, due to the number of interconnections and dependencies within project elements. The behaviour of complex projects is often ambiguous, which means that complex projects are always risky.
- Are complex projects exposed to different types of risk? Complex projects are subject to the same sorts of risk that are found in any project. However the unpredictable nature of complex projects also results in particular types of unforeseeable risk. These have various names: they are sometimes known as unknown-unknowns, or Black Swans, or ontological risks, or emergent risks. These risks are hard to identify in advance and difficult to assess accurately, and the standard risk response strategies are often not effective in treating them.
- Do these types of risk require managing differently? The fact that some risks are unpredictable means that we cannot use the normal proactive risk process to prepare for them, because we cannot see them coming. Instead we need to develop an approach that will be effective in addressing emergent risks in complex projects. Two key strategies will help when unforeseen risks emerge:
- Flexibility – the ability to bend without breaking, to adapt easily
- Resilience – the capacity to maintain core purpose and carry on with integrity
Both of these strategies can be applied at multiple levels to address the challenges of complexity, including for the whole organisation, at project/programme/portfolio levels, in contractual and technical areas, and in the personal attitudes of key staff. At each of these levels, specific actions can be taken to develop appropriate flexibility and resilience to deal with emergent risks that may arise. For example, a specific complex project should have a risk budget for known risks, as well as the right level of contingency built into its budget and schedule for emergent risks. Project processes should be flexible enough to cope with changes while maintaining overall direction towards project goals. And the project team should be empowered to get the job done within agreed limits, without needing approval for every small deviation from the original plan.
So our answers to these three questions are Yes, Yes and Yes. Some projects can clearly be described as complex, if their structure leads to inherently unpredictable behaviour. This unpredictability produces a particular type of emergent risk which cannot be addressed using the traditional project risk management process. Instead we need to develop flexibility and resilience at all levels in order to cope with the special risk challenges associated with complexity. Only then will we be able to undertake truly complex projects with confidence that we can succeed.
[© Copyright January 2014, David Hillson/The Risk Doctor Partnership]