Whereas the term “unknown unknown” has become part of the business lexicon lately, you seldom come across with “known unknowns.” Except in project management and strategic planning, where they play a pivotal role.
Unknowns are threats that become known when they’re formally identified on a so-called risk register, which is nothing but a simple chart or spreadsheet. These are specific risk events—which, by definition, may or may not materialize—with potentially negative impact on project objectives or business operations.
Examples include loss of a key resource, denial of a government permit, last minute design changes, and various supply chain related threat events. Unless you manage them effectively, your projects may fail and strategies falter. It’s critical how you manage them especially when their likelihood of occurrence and potential impact are high.
Supply chain risks
A common known unknown just about every organization experiences is supplier delays, among many other supply chain related threats. These can lead to delays in product launches and production with potentially huge impacts involving project cost overruns and lost revenue.
Take for example, Boeing’s supply chain risks associated with the development of its 787 Dreamliner in the late 2000s. Many of them, including supplier delays, quality issues, bankruptcies, etc. were known unknowns. These risks were not definitely due to any “unknown unknown” global supply chain disruptions such as those caused today by the pandemic.
Boeing apparently didn’t mange their risks effectively. As the risks became real, the launch of the plane was delayed by more than three years. This cost the aerospace giant billions of dollars in project cost overruns and lost revenue due to cancelled orders. Not surprisingly, a large chunk of its shareholder value also evaporated in a short period of time.
Managing known unknowns
Managing known unknowns is well documented and proven in the risk and project management industry. First you identify and prioritize them based on their severity, which is a function of their likelihood of occurrence and possible impact. Then you identify and evaluate the proactive measures you can take, and implement the best of them.
The key is to take appropriate action, in advance, on individual risks in a cost-effective manner to minimize their collective impact on the project or the business operation. Effective strategies for advance actions include:
- Avoid the threat altogether by following a different course of action.
- Mitigate it by proactively reducing the probability of its occurrence and/or the impact it would potentially cause.
- Transfer it to a third party.
- Build contingencies you can leverage if and when needed.
- Escalate the threat to a higher authority.
- Accept it by doing nothing.
You may adapt one or more of these strategies depending on the expected severity of the risk, its timing, and many other factors. You will need to translate these strategies into specific advance actions to mange the threats.
Strategies and actions for known unknowns
For ease of illustration, let me take a simple example from my travel life as I did when explaining unknown unknowns in a previous blog post.
I’m a road warrior with millions of airline miles behind me, having traveled to various parts of the world many times over in the last 35 years. So I know a little about travel threats.
Even after all this time, I still have nightmares about not showing up to deliver a keynote at a conference, conduct a seminar, or participate in a small business meeting because of missed or cancelled flights. And there’s the other fear of not having proper clothes for my events due to lost or delayed bags.
I rarely take the last flight the day before an engagement to avoid the risk of being a no-show due to flight cancellation. In fact, for my international trips I plan to arrive at my destination two days prior to my engagement.
I prefer direct flights without any stops to minimize the probability of cancelled flights or the loss or delay of checked bags. I reduce the potential impact by carrying-on an extra set of clothes. These actions translate to mitigation of the risk.
For international travel, I always buy insurance to transfer some or all of the financial risk. (Believe me, it rescued me a few times.)
I build time (and budget) contingencies for every trip. For instance, I prefer to take an earlier flight in the day, so even if it’s canceled there would be other flights the same day.
There were times when I had to take the last flight from one meeting destination to another for an early morning meeting the next day. In such cases, I escalate the threat by letting my meeting sponsor know in advance the possibility of late arrival or being a no-show.
Finally, there are times when I completely accept the risk without taking any of the above actions when I know the severity of the threat is relatively small.
Applying response strategies to supplier delays
Let’s get back to the pervasive supplier delay threat and look at how to apply these strategies to identify specific response actions.
First, you may avoid altogether the risk of delay by your original supplier by selecting another supplier who is presumably more reliable.
To mitigate the risk, you may decrease the probability of the threat through more rigorous supplier oversight than was originally planned. And, to decrease its potential impact, you may “dual” source; that is, procure a portion of the work from another supplier who is more likely to deliver on time.
You may transfer part or full impact of the risk to another party through insurance, performance bonds, or other such mechanism.
You may opt to accept the risk by taking no proactive measures but create a contingency plan. Your “Plan B” may involve taking proper action, if and when you see early warning signs of potential delays with the supplier.
If you believe that none of these actions is possible because of budget, organizational, or any other constraints and there’s not a whole lot you can do about it, you may escalate the risk up to management and put the monkey on their shoulder (an old metaphor revisited!).
Finally, you may simply decide to accept the risk without taking any upfront action at all.
Of course every one of the response actions you identify will have its own pros and cons. The idea is to identify possible actions for each risk you’ve identified, perform a cost/benefit analysis, select the best option, and implement it. If you follow this process rigorously, the overall risk to your projects and operations should decrease. This leads to fewer crises and unpleasant surprises and, most importantly, more successful projects and business operations.
The specific actions suggested for the example threat above are not pie-in-the-sky risk management solutions. These are practical steps already being taken in many well-established industries including manufacturing, oil and gas, petrochemicals, big pharma, etc. They’re applicable and effective in IT and software development as well.
Learning many lessons during the development of the Dreamliner, Boeing extensively revamped its program and risk management processes. It especially focused on the supply chain risks. The strategies presented in this article form the foundation for many of its risk processes.
There’s no reason to ignore known unknowns and possibly end up in crisis situations, since you can easily implement the well-known and proven processes discussed above.
In my next blog post I discuss another type of risk called ambiguity risk.
Ramesh Koganti says
Great insights on Known Unknowns
Few more examples of Known Unknowns:
1. Lack of Quality Assurance and Quality Control checks at the shops and delivering the equipment to construction site. Identifying the equipment deficiencies at the construction site and correcting them.
2. Not following the equipment preservation procedures and finding out rusted equipment.
3. Dropping the equipment during transportation and at the construction site.
4. How about a Severe Process Safety Incident at a different plant in the organization leading to cash-crunch to complete the projects. Process safety incidents are known throughout the globe and are preventable without a doubt.
5. How about flimsy process designs by so called experts. Example, relief systems are not designed for all scenarios and identifying this prior to startup. Do not start the plant, fix the relief systems.
6. How about Technology suppliers over promising and under delivering resulting in lawsuits after few days of startup. Classic loose-loose situation and in worst case could lead to mothball of a newly build plant.
7. Lack of courage and ethics to bring the issues to surface and fixing them at the early stages of the project.
Prasad Kodukula says
Ramesh, thank you so much for providing great additional examples. These risks can be managed quite effectively ultimately resulting in higher quality, lower costs, accelerated schedules, and larger benefits. Unfortunately though they’re often ignored.