The first step in risk management is realizing that there are risks to your business, and to each of your projects. The project team should have a single, comprehensive, and accessible list, typically managed by the project manager, where all risks can be listed.
There are many risk management systems in use. Listing the cause, effect, and impact is part of most of them. A “Cause” is a factual statement about the present, e.g. “We do not have a bioinformaticist on the team.” An “effect” is a probabilistic statement about the future, e.g. “We may make errors in our data analysis”. “Impact” is the consequence for the business, e.g. “Our $50M investment is at risk of producing unusable data.” As you may imagine, the larger and more complex a project becomes, the more risks are present. Typical projects in early stage biotech (where teams number less than 10, budgets are in the range of 6-7 figures, and timelines are 3 months to a few years) will probably have hundreds of risks.
As soon as you formalize project management, or ideally, as soon as you begin to define your company’s culture. If a focus on risk is part of the conversation from day 1, it will be much easier than training it in later.
The majority of project-derailing events can be predicted, and if they can be predicted, they can be mitigated; i.e. most project failures could have been avoided, not in hindsight, but with proactive, disciplined, foresight.
Become conversant in the key components of risk management systems.