In risk management of a project, one of the steps is risk assessment (which follows risk identification). Risk assessment is done to calculate or understand the probability of a risk and the impact or effect it will have on a project. It may be relevant to any one phase in the project life cycle and is an on-going process till the end of the project. Different types of risk assessment reports are created when a risk is identified and assessed.
Risk assessment is done to evaluate many types of risks in a project. Evaluation for each may be inter-related, and documents for each are independently created.
The means of evaluating the risks in each category is based upon qualitative and quantitative risk analysis of the project. It may be risks identified as per each work package in the work breakdown structure from any phase. Risks that are assessed may also be external or internal in nature.
Qualitative risk analysis deals with the probability occurrence of a risk and its anticipated impact. Risks that are analyzed may be prioritized into high, medium and low for their probability and impact respectively, as per the image illustrated below. While there is a high probability a risk might happen, it need not necessarily mean that its impact too would likewise be high. In this case, a probability-impact analysis may be done and represented graphically as per the image in this article.
Quantitative risk analysis quantifies probability and impact. That is, a numerical value is assigned and the risk assessed may be translated into terms of numbers and percentages. There are many techniques adopted for quantitative risk analysis, namely,
- Decision Tree Analysis
- Expected Monetary Value Analysis
- Simulations such as the Monte Caro Simulation
When risks are identified, assessed and documented, a follow up plan may be formulated in time to avert, avoid or work around an identified risk.
Documents involved in Risk Assessment
There are different kinds of risk assessment reports. As risk assessment follows risk identification, a lot of these documents will be based on the risk identification reports. Documentation is done in a systematic way and can be from different inputs. Some of them are discussed below.
Stakeholder Analysis - Risk Report: This identifies probable risks posed by stakeholders and the impact the risk might have on other stakeholders or the project at large. An example of this may be in sponsor partnerships where funds are supplied by more than one individual and there are divided interests by the sponsors in the same project.
WBS - Risk Report: The work breakdown structure, broken down to work packages can be assessed for risks. It may detail risks at different stages based on cost, schedule, resource and manpower factors.
Scope - Risk Report: The scope statement or mission statement may be assessed for risks at the beginning of a project. For example, it could be the impact of a particular project on the community.
Cost Evaluation Risk Report: Cost or funds are at constant risk in a project. It has to be maintained and controlled with as little deviation as possible from the forecasted values. Risks related to cost are in the cost evaluation risk reports.
Schedule Evaluation Risk Report: Time is luxury that a project cannot afford. It is imperative that time schedules are met with as little delay as possible. Time delays can impact the progress of a project and put it at risk. Such risks are documented in the schedule evaluation risk report.
Technical Evaluation Risk Report: Risks related to resources, manpower and departments fall under this category. Risks arising due to quality constraints or the triple constraints, and those which are due to design errors and poor planning also fall under this group.
This post is part of the series: Risk Management
Risk Management is an area of expertise that every project manager should be trained in. It takes a project manager through the process of first identifying and assessing risks in a project. When identifying and assessing risks, many tools and techniques have to be used.