Risk management is an important aspect of successful project delivery. This article introduces the concepts of risk and risk management and describes how the application of risk management techniques increases the likelihood that a project will succeed in delivering its objectives.
What is Risk?
Risk is the possibility of suffering harm or loss. Risks are inherent in every project and can be considered to be anything that will adversely impact the progress or objectives of the project.
What is Risk Management?
Risk management can be defined as “the culture, processes and structures that are directed towards realising potential opportunities whilst managing possible adverse impacts”.
From a project management perspective, risk management is a continuous activity throughout the life of the project that seeks to identify potential risks to delivery, evaluate their likely impact, develop mitigation plans and monitor progress.
Finding risks is an ongoing process. Everyone involved in the project should be encouraged to think about possible problems that might arise and adding them to the “risk register”, which is a list of all known project risks.
A risk is initially placed into an “open” status when it is added to the risk register and remains in this state until it has been fully reviewed and a mitigation strategy has been put in place.
When a risk is registered, the person creating the entry also assigns an estimate of the probability of the issue occurring and the magnitude of the impact on the project if the risk does eventuate. The scale used to represent the probability and magnitude may vary between organisations and projects however I recommend you keep them simple so that anyone involved in the project can understand and utilise them.
If you are a project manager then you should strongly consider running regular risk workshops with the project team and also key stakeholders. These workshops are used to brainstorm finding additional risks and to assist with development of mitigation strategies.
Generally it is the responsibility of the project manager to ensure that all new risks are properly evaluated once they have been added into the risk register. On larger projects there may be a dedicated risk manager who holds this responsibility.
The first step in evaluating new risks is to validate the risk. This includes ensuring that the risk is not duplicated in the register and also identifying and separating out issues, which are impacts that have actually occurred rather than those that might occur in future.
Once a risk has been determined to be a valid new item on the register, then the probability and magnitude estimates from the risk creator are also reviewed to ensure they are appropriate and consistent with other risks.
Monitoring and Control
Each risk on the register should be allocated to an owner, who has responsibility for determining the appropriate mitigation strategy and also for monitoring the risk on an ongoing basis. Make sure that the risk owner is someone who is in a position to understand and respond to the specific risk being assigned to them and also ensure they are aware of and agree ownership of the risk.
For each risk, ensure there is one or more mitigation strategies identified. This may be as simple as determining that the impact of the risk is negligible and nothing further is to be done, however in most cases an active strategy will be required to reduce the probability of the risk occurring or to address the possible impact. It is essential that clear and realistic dates are set for achieving each mitigation.
On a regular ongoing basis, preferably weekly, the risk register should be reviewed to determine whether actions have been taken and whether the probability or impact of a risk should be adjusted.
Any risk that is evaluated as having a potentially significant impact on the project or that is viewed as highly likely to occur should be escalated to the appropriate group or individuals. Similarly, any risk where the required actions are overdue should also be escalated. The escalation path will depend on your project governance structure and is likely to include a project or programme office, project sponsor and steering committee.
Improving Certainty of Delivery
Good risk management increases the likelihood or project success by decreasing the probability and impact of negative events on the project. By proactively identifying and preparing for potential issues throughout the life of your project you will be well prepared for challenges as they arise and can reduce the chance of potential threats becoming real problems.