That ostrich in the office – is it you?

Photo of ostrich from the neck up, looking directly at the cameraIs there an ostrich in your office?

Maybe it’s you?

And what in the world am I talking about?


More specifically, hiding from risk. (For the record, ostriches don’t really stick their heads in the sand. But you get my point.)

Risk management and risk mitigation are key skills for leaders at all levels. Yet they’re seldom discussed and even more rarely taught … or, let’s face it, practiced.

Most of the time, we can get away without assessing risk factors for our projects, initiatives, and goals … but sometimes we can’t. And those times when we didn’t and should’ve tend to come back to bite us in the form of high stress, expensive delays, and flat-out failures.

With that in mind, here’s an outline of basic risk management steps to follow. This is far from a complete description (that would take a book, at least), but it will give you a starting point.


What could go wrong?

It’s not a question we like to think about or ask aloud, but it’s an important question – and the more important the project or goal, the more important it is to ask.

Let’s say you’re managing a project expected to take 12 months. You have a team of six people. You’ve done your project plan, and you’ve identified your milestone dates.

Risk factor number one: all six of those people are likely to take vacation time and probably a sick day here or there.

Wait. Vacation time is a risk factor?

Yep. Because I’d be willing to bet that in creating your project plan and schedule, you didn’t factor that in. (Stay with me; the assessment step will help make this more clear.)

And there are other personnel-related factors to consider: what if someone leaves the company? What if someone becomes seriously ill or injured?

What about external resources? What are you assuming will be available to you, but which might (because of some right-now-unknown factor) not be?

And don’t forget the whims of technology, the need to improve skills, and so forth.

And speaking of vacations, let’s say you’re planning a summer trip with your family. Delayed flights, illness and injury (don’t forget the sunscreen!), weather, car breakdowns, Internet availability, and other factors (depending on where you’re going) – all these should be considered.

I’m sure you can come up with more than I’ve listed (and you should!).


Some of the risk factors I listed in the identification phase probably seem trivial or unimportant to you. After all, we all know people get sick, and we all know people take vacation.

The assessment phase is where those factors are broken out and, yes, assessed for just how destructive they may be.

Each factor you’ve identified gets two numeric ratings: likelihood and impact.

Likelihood: on a scale of 1 to 10, how likely is this to happen? Employee vacations get a 10; in the course of your year-long project, everyone is going to take some vacation time. And as for your own vacation, depending on where you’re travelling and how many connecting flights are involved, your chances of having a delay in transit are (sadly enough!) a solid 7 or even 7.5.

Impact: on a scale of 1 to 10, what’s the potential impact? Employee vacations probably rank around 1 or 2 on the severity scale, but please note! Some employees are more important to any project or initiative than others, and a combination of multiple employees all on vacation at once could amp up that impact rating significantly. Meanwhile, if, for instance, you have a big event planned for the day after your scheduled vacation-destination arrival, that missed connection could turn into a big problem. (Let’s not forget delayed luggage. Argh.)

Now add the two together – likelihood plus impact – and presto: instant prioritization for the next step.

Note that this automatically manages the high-likelihood / low-impact risks versus those that are low-likelihood / high-impact.


You’ve come this far; don’t leave your future self scrambling to recover from something you knew could happen! Now’s the time to decide what you’ll do if a particular risk factor actually comes to pass.

For employee vacations, it’s probably obvious: make sure employees schedule their vacations in advance, and be careful not to have more than one or two people out at any given time. Similarly, if you have a mission-critical employee, be sure to have a plan in place to handle their absence. Will you conduct a clear, thorough knowledge transfer before they go, schedule their contribution to the project around their planned time off, or something else?

And for your family’s vacation, it might be best not to have that big expensive and / or meaningful event right after your scheduled arrival – or else have rock-solid fallback plans in place in case you’re delayed by weather, technical difficulties, or any of the other myriad travel challenges that might arise.


This has been a super fast, super high-level zoom through the most important steps involved in risk management and mitigation. In other words, it’s a starting point, and far from complete!

That said, you don’t need to practice this level of formal risk management for every project, and certainly not for your average day-to-day tasks. However, it’s worth going a little overboard in the beginning to establish a habit of thinking about these things. That way, even for those projects or activities where you choose not to complete the full, formal process, you’ll still be aware and alert for potential problems.

As the old saying goes, an ounce of prevention is worth a pound of cure. Taking a few moments up front to run through these steps can save you a world of future hurt!