Purpose
To identify, assess and control uncertainty and - as a result - improve the ability of the project to succeed.
A project introduces change and change is uncertainty and uncertainty brings risk.
Risk management is a continuous activity during the full life of the project.
Definitions
Risk
Risk is an event that may happen and will affect the project. Such an event can be either a threat or an opportunity.
What is at risk?
The project objectives (think: six variables) are at risk.
Risk Management
The steps you take to identify, assess and control risk.
Risk appetite
The amount of risk that a project is willing to take on. A project with a big risk appetite can take on a lot of risk (i.e. prototyping). A project with a low risk appetite does not like risk (i.e. commercial aircraft).
Approach to Risk
First activity related to risk management in any project is to document the Risk Management Strategy. It describes how risk management will be done in the project; the techniques and standards to use and the various responsibilities related to risk management. The risk management strategy can be adapted from corporate or programme standards
The purpose of the Risk Register is to capture and maintain information on all of the risks (threat or opportunity) relating to the project. Each risk is allocated a unique reference identifier. A template Risk Register can be downloaded from this site.
Project Support role will normally maintain the Risk Register on behalf of the Project Manager.
The Risk Management Strategy will contain the risk management procedure composed of the following basic steps:
1. Identify
Capture risks and prepare early warning indicators.
Project Manager will consult users, specialists who know the business and have experience.
Some risk identification techniques are: Review lessons, risk checklists, (public) risk prompt lists, brainstorming and risk breakdown structure.
Describe cause, event and effect:
Due to the (risk cause) the (risk event) might happen, which will have the (effect).
2. Assess
Probability - likelihood of the risk event occurring.
Impact - The consequences of the risk on the project objectives (six variables).
Proximity - How soon the event is likely to occur.
Risk estimation techniques (one risk): probability trees, expected value, pareto analysis and probability impact grid.
Risk evaluation techniques (whole project): risk models - monte carlo analysis and Expected monetary value.
3. Plan
Plan responses to individual risks.
Minimise the threats and maximise the opportunities.
Threats: Avoid, Reduce, Fallback, Transfer, Accept or Share.
Opportunities: Exploit, Enhance, Reject or Share.
4. Implement
Ensure that responses are done and their effectiveness is monitored.
Take corrective action.
Ensure clear roles & responsibilities:
Risk owner will manage, monitor and control the risk, while the risk actionee will carry out the response actions.
5. Communicate
Ensure all stakeholders are informed about threats and opportunities.
Keep communicating about risk to stakeholders. Think about checkpoint & highlight reports, end-stage and end-project reports and also lessons reports.
Risk budget
A risk budget - if used - is a sum of money included in the project budget and set aside to fund specific management responses to the project’s threats and opportunities. The expected monetary value can be used to determine the risk budget. Also a monte-carlo analysis may help to make sure the budget is not dictated by a small number of large risks.