Events that happened 14 years ago changed the way we view our safety and the world around us. Has it changed how we manage risks overall?
The world changed
We weren’t untouchable. In a single moment, everything changed. And by the end of that fateful day, 2.977 individuals had lost their lives at the hands of 19 terrorists. Were the planes hitting the towers a risk we could even imagine? Once? Twice in one day? On purpose? And what about the Pentagon? And the other jet headed toward Washington, D.C.? No, I don’t think that was really in anyone’s risk management strategy (without Terrorism Risk Management methodics). Sure, terrorist’s acts are always considered. And hijacking is always a possibility. But would anyone think that two planes would hit the World Trade Center towers 17 minutes apart and that within two hours both towers would fall, killing so many people all at once. Of course, now we know better…and as usual…hindsight is 20-20.
Not all risks are considered
To equate something so tragic and so monumental to project management seems very, very wrong. But, one must consider that the building of both towers was a project and certain risks weren’t consider - even if they were likely considered unfathomable. So the towers analogy, while it may be the most extreme, shows that anything can happen and there is likely never going to be a way for us to consider all possible risks. And we probably wouldn’t want to consider all risks even if we could. Why? Two things: time and money. It would take far too much time to consider all possible risks and it would take far too much money to plan for and mitigate or avoid all possible risks. It just isn’t feasible and it just doesn’t make sense.
As a nation we hope that governments and certain agencies carefully consider all possible terrorist risks, but reality says while we are planning for those terrorists, they are right now working on new ways to terrorize, just like hackers are coming up with new ways to hack. They are always trying to be one step ahead. Unlike project risks where they are not usually going to be deliberate hacks or terrorist acts (though those can affect our projects, too). They are much more likely to be one-off incidents like a vendor truck crashing during a delivery of a much needed item delaying delivery by several days, etc. Unforeseen, but not deliberate. No one trying to stay a step ahead of us trying to take our project down.
So where are we now with risk? We need to plan, we need to work to mitigate, and we need to attempt to avoid. We need Enterprise Terrorism Risk Management. As project managers, our regular daily projects won’t include risks like the building of the towers did - though construction project managers do have to take certain risks like that into consideration depending on the size of the project. But we need to carefully weigh what we think we can afford to “let happen” on our projects and what we need to actively spend money trying to manage and avoid. There has to be a certain tolerance level at which we include a risk in our risk management efforts and where we say, it’s too unlikely to happen or not worth the effort that it will take to plan for it, mitigate it or avoid it.