Risk theme

Risk theme

Purpose

To identify, assess and control uncertainty and - as a result - improve the ability of the project to succeed.

A project introduces change and change is uncertainty and uncertainty brings risk.

Risk management is a continuous activity during the full life of the project.

Definitions

Risk

Risk is an event that may happen and will affect the project. Such an event can be either a threat or an opportunity.
What is at risk?
The project objectives (think: six variables) are at risk.

Risk Management

The steps you take to identify, assess and control risk.

Risk appetite

The amount of risk that a project is willing to take on. A project with a big risk appetite can take on a lot of risk (i.e. prototyping). A project with a low risk appetite does not like risk (i.e. commercial aircraft).

Approach to Risk

First activity related to risk management in any project is to document the Risk Management Strategy. It describes how risk management will be done in the project; the techniques and standards to use and the various responsibilities related to risk management. The risk management strategy can be adapted from corporate or programme standards

The purpose of the Risk Register is to capture and maintain information on all of the risks (threat or opportunity) relating to the project. Each risk is allocated a unique reference identifier. A template Risk Register can be downloaded from this site.
Project Support role will normally maintain the Risk Register on behalf of the Project Manager.

The Risk Management Strategy will contain the risk management procedure composed of the following basic steps:

1. Identify

Capture risks and prepare early warning indicators.
Project Manager will consult users, specialists who know the business and have experience.
Some risk identification techniques are: Review lessons, risk checklists, (public) risk prompt lists, brainstorming and risk breakdown structure.

Describe cause, event and effect:

CauseEventAndEffect

Due to the (risk cause) the (risk event) might happen, which will have the (effect).

2. Assess

Probability - likelihood of the risk event occurring.
Impact - The consequences of the risk on the project objectives (six variables).
Proximity - How soon the event is likely to occur.

Risk estimation techniques (one risk): probability trees, expected value, pareto analysis and probability impact grid.

Risk evaluation techniques (whole project): risk models - monte carlo analysis and Expected monetary value.

3. Plan

Plan responses to individual risks.
Minimise the threats and maximise the opportunities.
Threats: Avoid, Reduce, Fallback, Transfer, Accept or Share.
Opportunities: Exploit, Enhance, Reject or Share.

4. Implement

Ensure that responses are done and their effectiveness is monitored.
Take corrective action.
Ensure clear roles & responsibilities:
Risk owner will manage, monitor and control the risk, while the risk actionee will carry out the response actions.

5. Communicate

Ensure all stakeholders are informed about threats and opportunities.
Keep communicating about risk to stakeholders. Think about checkpoint & highlight reports, end-stage and end-project reports and also lessons reports.

Risk budget

A risk budget - if used - is a sum of money included in the project budget and set aside to fund specific management responses to the project’s threats and opportunities. The expected monetary value can be used to determine the risk budget. Also a monte-carlo analysis may help to make sure the budget is not dictated by a small number of large risks.

Roles and Responsibilities

Corp. Or Prog. Mgmt
Risk policies, Risk management process.
Executive
Risk accountable.
Ensure Risk Management Strategy exists. Approve RMS.
Risks associated with Business Case.
Senior User
Ensure risks to the users are identified, assessed and controlled.
Senior Supplier
Ensure risks to the supplier are identified, assessed and controlled.
Project Manager
Create Risk Management Strategy.
Create and maintain Risk Register.
Ensure risks are identified, assessed and controlled throughout the project lifecycle.
Team Manager
Participate in identification, assessment and control of risks.
Project Assurance
Review risk management practices to ensure these are in line with the Risk Management Strategy.
Project Support
Assist the Project Manager in maintaining the Risk Register.
×
×

Risk Register

Purpose:
A Risk Register provides a record of identified risks relating to the project, including their status and history. It is used to capture and maintain information on all of the identified threats and opportunities relating to the project.
Composition:
The Risk Register tab contains the contents of the register.
Derivation:
- The composition, format and presentation of the Risk Register will be derived from the Risk Management Strategy
- Entries are made on the Risk Register once a new risk has been identified
- There may be one or more risks inherent in the project mandate
- New risks may be discovered when creating the Project Brief, designing and appointing the project management team, establishing the project’s controls and developing its plans, when issuing Work Packages, when reviewing Work Package status, or when reviewing stage status
- Daily Log/Issue Register - often issues raised to the Project Manager and captured in the Daily Log or Issue Register are actually risks and only identified as such after further examination.
Format and presentation:
A Risk Register can take a number of formats, including:
- Document, spreadsheet or database
- Stand-alone register or a carry forward in progress review minutes
- Entry in a project management tool
- Part of an integrated project register for all risks, actions, decisions, assumptions, issues, lessons etc.
Quality Criteria:
- The status indicates whether action has been taken
- Risks are uniquely identified, including information about which product they refer to
- Access to the Risk Register is controlled and it is kept in a safe place.