Imagine we’ve been put in charge of constructing a new bridge across a river. We have a strong charter, well-developed detailed plans, have hired a great team, and are just getting underway with the fresh hope and enthusiasm of a new project. Our engineers, however, now tell us that there is a potential problem. They warn of possible unexpected soil conditions when we excavate that could require additional foundation work, leading to schedule delays and budget overruns—and we haven’t even started yet! This possible problem is known as a risk (specifically: a negative risk, or threat). To address the possibility, we decide to set aside some extra time and budget reserves. This is known as contingency. If, upon excavation and testing, the soil conditions turn out to be fine, then we won’t need to use the contingency. But if soil conditions are indeed poor and require remediation, then the schedule and budget contingency (and a plan to use them appropriately) are available to us.
Risk and contingency are two critical concepts in project management. While they are often discussed together, it's important to understand that they are not the same. Risk refers to potential events that could impact the successful completion of a project, such as technical challenges, resource constraints, market fluctuations, or even unforeseen external factors. In contrast, contingency refers to project resources or elements (i.e., time, budget, or scope) that are set aside to address the impact of negative risks should they materialize. Both risk and contingency planning are critical to project success, as they ensure that project teams are prepared to respond to unexpected events.
Understanding Project Risk
Project risk can be defined as the potential for events or conditions to occur that may impact the project's objectives. These impacts can be positive or negative. Positive risks are known as opportunities, and negative risks are known as threats. While both are important to recognize and address, threats are generally the most common and consequential. Negative risks can stem from a variety of sources, including technical, organizational, programmatic, environmental, or even political factors. Identifying, assessing, and managing project risks is a fundamental responsibility of the project manager.
The process of risk management typically involves the following steps:
Risk Identification & Documentation: The project team systematically identifies potential risks that could affect the project's success. These risks are captured in a document called a project Risk Register.
Risk Analysis & Prioritization: The identified risks are analyzed to determine their likelihood of occurrence and the potential impact on the project. Risks are then prioritized based on their combined likelihoods and impacts.
Risk Responses: Strategies are developed—and applied—to address and respond to the identified risks in prioritized order. These responses include specific methods to reduce the likelihood of the risk occurring and/or the impact of the risk if it materializes.
Issue Responses. Specific tactics are developed to address each risk if/when it is realized. Realized risks are known as “issues”; they are no longer a potential problem, but have in fact become one that must be addressed. Issue Responses are *not* the same thing as Risk Responses.
Risk Monitoring and Control: The project team continuously monitors the project for additional risks, tracks the status of identified risks, and implements the planned issue responses as required.
Effective risk management is crucial for project success, as it helps the team proactively expect and prepare for potential challenges, rather than being surprised by them as they arise.
Understanding Contingency
Contingency refers to additional resources (budget, time, or scope) used to address the potential impact of identified risks. Setting aside contingency is a proactive measure taken by the project team to ensure that the project can withstand the effects of realized risks without compromising its overall objectives.
There are three main types of contingency:
Budget Contingency: This is the additional money allocated to the project to cover the cost impact of realized risks or unforeseen events.
Schedule Contingency: This is the additional time allocated to the project to address the impact of realized risks or unforeseen events that delay the project schedule.
Scope/Quality Contingency: In some cases, projects may also include scope and/or quality contingency. Scope contingency refers to identified deliverables that could be deferred or removed from the project if necessary to stay within budget or schedule constraints. Quality contingency refers to certain functionality or performance requirements that may be deferred or foregone in order to stay within the budget or schedule.
The Relationship Between Risk and Contingency
While risk and contingency are distinct concepts, they are closely related and should be managed in tandem. The amount of contingency required for a project is directly proportional to the level of risk associated with the project.
Projects with higher levels of risk, such as those involving new technologies, complex stakeholder relationships, or uncertain market conditions, will typically require larger contingency allocations to account for the impact of realized risks. Conversely, projects with lower levels of risk may require smaller contingency allocations.
Managing Risk and Contingency
Effective management of project risk and contingency is a critical aspect of project management. The project manager must balance allocating sufficient contingency to address potential risks, while maintaining a lean and efficient project plan.
Here are some key strategies for managing risk and contingency:
Risk Identification and Assessment: Thorough risk identification and assessment are the foundations of effective risk management. The project team should regularly review and update the project's risk register to ensure that all risks are identified and properly evaluated.
Contingency Planning: Based on the identified risks and their potential impact, the project team should develop a comprehensive contingency plan. This plan should outline the specific actions and resources that will address realized risks (i.e., issue responses), as well as the triggers for implementing contingency usage.
Contingency Allocation: The project manager must carefully determine the appropriate amount of contingency to allocate for the project. This decision should be based on the project's status, its risk profile and appetite, the team's experience with similar projects, and industry best practices.
Contingency Monitoring and Control: Throughout the project's lifecycle, the project manager must continuously monitor the project's risk exposure and the status of the contingencies. If risks are realized or if additional risks emerge, the contingency plan should be updated as necessary.
Stakeholder Communication: Effective communication with project stakeholders is crucial for managing risk and contingency. The project manager should regularly update stakeholders on the project's overall risk exposure, the status of the contingency, and any changes to the project's budget, schedule, or scope.
The Bottom Line:
Project risk and contingency are two sides of the same coin bridge, and effective management of these elements is a foundational element (pun intended) for the successful delivery of any engineering project. By implementing robust strategies for a) identifying risks and b) establishing sufficient contingencies, project managers can help ensure that their projects are well-equipped to withstand the challenges that may arise.