As a project manager or team member, you manage risk on a daily basis; it’s one of the most important things you do. If you learn how to apply a systematic risk management process, and put into action the core 5 risk management process steps, then your projects will run more smoothly and be a positive experience for everyone involved.
A common definition of risk is an uncertain event that if it occurs, can have a positive or negative effect on a project’s goals. The potential for a risk to have a positive or negative effect is an important concept. Why? Because it is natural to fall into the trap of thinking that risks have inherently negative effects. If you are also open to those risks that create positive opportunities, you can make your project smarter, streamlined and more profitable. Think of the adage –“Accept the inevitable and turn it to your advantage.” That is what you do when you mine project risks to create opportunities.
Risk Management is a five step process:
Step 1: Identify the Risk.
Step 2: Analyze the risk.
Step 3: Evaluate or Rank the Risk.
Step 4: Treat the Risk.
Step 5: Monitor and Review the risk.
RISK ANALYSIS
All risks identified will be assessed to identify the range of possible project outcomes. Qualification will be used to determine which risks are the top risks to pursue and respond to and which risks can be ignored.
Qualitative Risk Analysis
The probability and impact of occurrence for each identified risk will be assessed by the project manager, with input from the project team using the following approach:
Probability
• High – Greater than <70%> probability of occurrence
• Medium – Between <30%> and <70%> probability of occurrence
• Low – Below <30%> probability of occurrence
Probability
• High – Risk that has the potential to greatly impact project cost, project schedule or performance
• Medium – Risk that has the potential to slightly impact project cost, project schedule or performance
• Low – Risk that has relatively little impact on cost, schedule or performance
Risks that fall within the RED and YELLOW zones will have risk response planning which may include both a risk mitigation and a risk contingency plan.
Quantitative Risk Analysis
Analysis of risk events that have been prioritized using the qualitative risk analysis process and their affect on project activities will be estimated, a numerical rating applied to each risk based on this analysis, and then documented in this section of the risk management plan.
RISK RESPONSE PLANNING
Each major risk (those falling in the Red & Yellow zones) will be assigned to a project team member for monitoring purposes to ensure that the risk will not “fall through the cracks”.
For each major risk, one of the following approaches will be selected to address it:
• Avoid – eliminate the threat by eliminating the cause
• Mitigate – Identify ways to reduce the probability or the impact of the risk
• Accept – Nothing will be done
• Transfer – Make another party responsible for the risk (buy insurance, outsourcing, etc.)
For each risk that will be mitigated, the project team will identify ways to prevent the risk from occurring or reduce its impact or probability of occurring. This may include prototyping, adding tasks to the project schedule, adding resources, etc.
For each major risk that is to be mitigated or that is accepted, a course of action will be outlined for the event that the risk does materialize in order to minimize its impact.
