Risk Management Steps
Risk management is an essential part of any project plan and project implementation. Without a thorough knowledge of possible risks, a project cannot be authorized. There are always risks at stake which could no doubt benefit the project, but could also jeopardize the project and incur huge monetary losses. The most effective steps in a risk management plan are outlined here.
Risk management ideally begins with risk identification. Risks are identified through techniques such as, brainstorming, document reviews, interviews, Delphi technique and SWOT Analysis. Additional identification methods may be via check lists, assumption analysis and diagramming techniques. The initial five techniques mentioned are direct methods, while the latter three are basically supportive methods.
- Brainstorming: In this method, the views of all members are important, and hence a meeting is held to co-relate ideas on identifying risks. Brainstorming is one of the most effective methods.
- Document reviews: This involves references to documents of prior projects and their identifyed risks. Risk records lead to a better understanding of possible hurdles that will arise in the project.
- Delphi technique: This is a brainstorming method except that members are anonymous to each other.
- Interviewing: It is always helpful when there are experts or members who have been part of prior projects and can help shed light on this topic of risk identification.
- SWOT Analysis: This method involves the assessment of the business' and project’s Strengths, Weaknesses, Opportunities and Threats, and likewise working around these aspects.
Risk assessment follows risk identification in the risk management plan. Categorize the risks as internal or external risks. Internal risks are those that can be controlled. External risks are events over which you have no direct control. Examples of internal risks are project assumptions that may be invalid and organizational risks. Examples of external risks are Government regulations and supplier performance. It may also be dependent on natural conditions such as floods, hurricanes, earthquakes, etc.
Evaluate the identified risks in terms of probability and impact. For each risk item, determine the probability that this will occur and the resulting impact if it does occur.
Use an evaluation tool to score each risk. For example, a simple model could be:
Assign numerical scores to risk probability (l=low, 2=moderate. 3=high) and severity of impact (1=low, 2=moderate, 3=high). A risk score would be the multiplication of the two scores. Management’s attention would be then be focused on those risks with a score of 9, followed by 6, etc.. or which ever the scale of numbering used.
The Probability-Impact assessment of risks is mentioned in the Risk Assessment Report. Risks that as identified and assessed are taken through the Decision Tree sequence to determine the seriousness and impact of the risk in numerical value. An example of this may be seen in the article Sample of a Decision Making Tree.
Risk Action Plan or Risk Resolution
The last section of the risk management plan details the actions or steps to be taken when a risk is identified. For this section review the risk items with high rankings from Section 3 and determine if the significant risks will be accepted, transferred, or mitigated.
With the acceptance approach, no effort is made to avoid the risk item. This approach is usually employed because the risk items are the result of external factors over which you have no direct control. You can plan contingencies in case the risk does occur. Thus, the project team has a backup plan to minimize the effects of the risk event. Or you can take no action and accept responsibility if the risk event does indeed occur. In cases where risk resolution is adopted and changes made to a project plan, it is followed up with a Project Change Management document. In case external risks are foreseen as possibilities, there should be a Project Disaster Recovery Plan.
With the transfer approach, the objective is to reduce risk by transferring it to another entity that can better bear it. Two methods of transferring risk are the use of insurance and the alignment of responsibility and authority.
With the mitigation approach, emphasis is on actually avoiding, preventing, or reducing the risk. Some risks can be avoided by reducing the number of requirements or defining them more completely. For example, careful definition of the scope of a project can avoid the possible consequence of “scope creep,” or indecisive, protracted, and uncertain scope objectives.
In this section, identify and describe in detail the actions that will be taken to transfer or mitigate risks that are prioritized as high. These actions should ultimately result in the reduction of project risk and should directly affect the project management plan and the metrics used for the project. Activities for reducing the effects of risk will require effort, resources, and time just like other project activities.
The risk management plan will need to be monitored and updated throughout the project life-cycle. With careful planning and execution the effective steps in a risk management plan can save any organization time and money.
Image Credit: Author, Amanda Dcosta
This post is part of the series: Risk Management Plan - A Working Example
This series discusses how to create a risk management plan and provides a working example.