What is Risk Management on Projects?
Project risk management is the process of identifying, analyzing and then responding to any risk that arises over the life cycle of a project to help the project remain on track and meet its goal. Risk management isn’t reactive only; it should be part of the planning process to figure out risk that might happen in the project and how to control that risk if it in fact occurs.
A risk is anything that could potentially impact your project’s timeline, performance or budget. Risks are potentialities, and in a project management context, if they become realities, they then become classified as “issues” that must be addressed. So risk management, then, is the process of identifying, categorizing, prioritizing and planning for risks before they become issues.
Risk management can mean different things on different types of projects. On large-scale projects, risk management strategies might include extensive detailed planning for each risk to ensure mitigation strategies are in place if issues arise. For smaller projects, risk management might mean a simple, prioritized list of high, medium and low priority risks.
6 Steps in the Risk Management Process
So, how do you handle something as seemingly elusive as project risk management?
The same way you do anything when managing a project. You make a risk management plan.
It’s all about process.
Process can make the unmanageable manageable. You can take what looks like a disadvantage
and turn it into an advantage if you follow these six steps.
1. IDENTIFY THE RISK
You can’t resolve a risk if you don’t know what it is. There are many ways to identify risk. As you do go through this step, you’ll want to collect the data in a risk register.
One way is brainstorming or even brainwriting, which is a more structured way to get a group to look at a problem.
As noted earlier, you can tap your resources. That can be your team, colleagues or stakeholders. Find those individuals with relevant experience and set up interviews so you can gather the information you’ll need to both identify and resolve. It doesn’t hurt to speak with that person in your organization
who is the glass is always half-empty type. Their doom-and-gloom perspective can be surprisingly helpful to see risks that might not be evident to everyone else.
Look both forward and backwards. That is, imagine the project in progress. Think of the many things that can go wrong. Note them. Do the same with historical data on past projects. Now your list of potential risk has grown.
As you’re identifying risk, you’ll want to make sure you that your risk register isn’t filling up with risks that are really outliers and not risks at all. Make sure the risks are rooted in the cause of a problem. Basically, drill down to the root cause to see if the risk is one that will have the kind of impact on your project that needs identifying.
When trying to minimize risk, it’s good to trust your intuition. This can point you to unlikely scenarios that you just assume couldn’t happen. Remember, don’t be overconfident. Use process to weed out risks from non-risks.how to manage risk
2. ANALYZE THE RISK
Now you’ve got a lot of potential risks listed in your risk register, but what are you going to do with them? The next step is to determine how likely each of those risks are to happen. This information should also go into your risk register.
When you assess project risk you can ultimately and proactively address many impacts, such as avoiding potential litigation, addressing regulatory issues, complying with new legislation, reducing your exposure and minimizing impact.
Analyzing risk is hard. There is never enough information you can gather. Of course, a lot of that data is complex, but most industries have best practices, which can help you with your analysis. You might be surprised to discover that your company already has a framework for this process.
So, how do you analyze risk in your project? Through qualitative and quantitative risk analysis, of course. What does that mean? It means you determine the risk factor by how it impacts your project across a variety of metrics.
Those rules you apply are how the risk influences your activity resources, duration and cost estimates. Another aspect of your project to think about is how the risk is going to impact your schedule and budget. Then there is the project quality and procurements. These points must be considered to understand the full effect of risk on your project.
3. PRIORITIZE THE RISK
Not all risks are created equally. You need to evaluate the risk to know what resources you’re going to assemble towards resolving it when and if it occurs. Some risks are going to be acceptable. You would grind the project to a halt and possibly not even be able to finish it without first prioritizing the risks.
Having a large list of risks can be daunting. But you can manage this by simply categorizing risks as high, medium or low. Now there’s a horizon line and you can see the risk in context. With this perspective, you can begin to plan for how and when you’ll address these risks.
Some risks are going to require immediate attention. These are the risks that can derail your project. Failure isn’t an option. Other risks are important, but perhaps not threatening the success of your project. You can act accordingly.
4. SOFTWARE FOR RISK MANAGEMENT
Then there are those risks that have little to no impact on the overall project’s schedule and budget. Some of these low-priority risks might be important, but not enough to waste time on. They can be somewhat ignored, because sometimes you just should let stuff go.
5. ASSIGN AN OWNER TO THE RISK
All your hard work identifying and evaluating risk is for naught if you don’t assign someone to oversee the risk. In fact, this is something that you should do when listing the risks. Who is the person who is responsible for that risk, identifying it when and if it should occur and then leading the work towards resolving it?
That determination is up to you. There might be a team member who is more skilled or experienced in the risk. Then that person should lead the charge to resolve it. Or it might just be an arbitrary choice. Of course, it’s better to assign the task to the right person, but equally important in making sure that every risk has a person responsible for it.
Think about it. If you don’t give each risk a person tasked with watching out for it, and then dealing with resolving it when and if it should arise, you’re opening yourself up to more risk. It’s one thing to identify risk, but if you don’t manage it then you’re not protecting the project.
5. RESPOND TO THE RISK
Now the rubber hits the road. You’ve found a risk. All that planning you’ve done is going to get implicated. First you need to know if this is a positive or negative risk. Is it something you could exploit for the betterment of the project?
For each major risk identified, you create a plan to mitigate it. You develop a strategy,
some preventative or contingency plan. You then act on the risk by how you prioritized it.
You have communications with the risk owner and, together, decide on which of the plans
you created to implement to resolve the risk.
6. MONITOR THE RISK
You can’t just set forces against a risk without tracking the progress of that initiative. That’s where the monitoring comes in. Whoever owns the risk will be responsible for tracking its progress towards resolution. But you will need to stay updated to have an accurate picture of the project’s overall progress to identify and monitor new risks.
You’ll want to set up a series of meetings to manage the risks. Make sure you’ve already decided on the means of communications to do this. It’s best to have various channels dedicated to communication.
You can have face-to-face meetings, but some updates might be best delivered by email or text or through a project management software tool. They might even be able to automate some, keeping the focus on the work and not busywork.
Whatever you choose to do, remember: always be transparent. It’s best if everyone in
the project knows what is going on, so they know what to be on the lookout for and help manage the process.