Risk Management consists of the following processes.
| Process | Project Phase |
|---|---|
| Plan risk managment | Planning |
| Identify risks | Planning |
| Perform qualitative risk analysis | Planning |
| Perform quantitative risk analysis | Planning |
| Plan risk responses | Planning |
| Control risks | Monitoring & Controlling |
Risk management is the process of controlling risk. Risk management involves:
- identifying and tracking risk areas
- assessment and prioritization of risks
- coordinating the application of resources to minimize, monitor, and control the probability and/or impact of events or to maximize the realization of opportunities
- developing risk mitigation plans as part of risk handling
- monitoring risks
- performing risk assessments to determine how risks have changed
A risk is a potential event that may have a detrimental affect on time, cost, quality and deliverables.
An issue is a risk that has materialized. It is an unpredicted event that requires a decision; otherwise, a negative affect on the project may result.
Plan Risk Management
An important concept to remember is that the project manager’s role is to prevent problems proactively, rather than reacting to them as they arise. Thus making risk management one of the most critical aspects of the project manager’s function.
“Intellectuals solve problems, geniuses prevent them.” Albert Einstein
Identify Risks
Risks are identified in all phases of the project. Even seemingly non-critical risks should be documented as Watch items and reviewed regularly as part of the monitoring and control process.
A common mistake that project manager’s make when identifying and documenting risks is writing risk statements that are too generic. In other words, they could apply to any project, with any deliverables, at any time.
For more information on writing effective risk statements, refer to Risk Management.
Perform Qualitative Risk Analysis
During qualitative risk analysis, you determine which risks are important enough to manage. At this stage, financial values are not determined. Instead, risks are evaluated for severity and probability, and relative values (such as high, medium, low) are assigned.
Perform Quantitative Risk Analysis
During quantitative risk analysis, measurable, objective data is used to assign financial values to risks, probabilities of occurrence, and impacts. This process provides the project manager with the additional level of detail necessary to devise targeted risk responses which are appropriate and relevant.
Plan Risks Responses
Responses to risk threats include:
- Accept
- Avoid
- Mitigate
- Transfer
Not all risks are threats. Some represent opportunities. Strategies to respond to opportunities include exploit, enhance and share.
For more information on risk responses, refer to Risk Management.
Control Risks
The purpose of controlling risks is to:
- Track identified risks, including the watch list.
- Identify new risks during project execution that were not previously identified.
- Monitor events and conditions to determine if a risk trigger has occurred.
- Ensure execution of risk plans/responses and evaluate their effectiveness
- Confirm that project assumptions are still valid.
- Ensure policies and procedures are followed.
Risk Triggers
Risk triggers are indicators that a risk event is about to occur.
Wouldn’t it be great if we had the robot from Lost in Space who could warn us of pending danger to our projects?
“Danger! Danger! Will Robinson.”
Unfortunately, that is not life on project “planet earth.”
Instead, savvy project managers will proactively identify risk triggers, which they will monitor throughout the project to alert them to signs that risks will manifest as realized issues.
Risk triggers are the warning signs alerting project managers that a risk is imminent.
