Project Risk Management Basics
The purpose of Project Risk Management is to identify project risks and develop strategies to prevent them from occurring or minimize their impact to the project if they do occur.
Project risks exist because of uncertainty. There is always the possibility that something known or unknown could impact the achievement of your project’s goals. Risk management is about being prepared to handle these risks.
As the project manager, there are four basics of risk management that you can use to manage your project’s risks…
- Identify Risks
- Risk Assessment
- Risk Response Development
- Monitor and Control Risks
Risk Management: Identify Risks
The first step of risk management is to identify any risks that may impact your project. You are essentially answering the question, “What could go wrong?”
It’s important to encourage critical thinking when trying to identify risks. In general, it’s great to have a “Can Do” attitude, but during this activity you need to believe in Murphy’s Law.
There are several techniques that you can use to help identify risks…
- Risk Profiles
- Historical Data
- Assumptions Analysis
- Work Breakdown Structure Analysis
Keep in mind that this is not a one-time activity. As the project progresses, new risks may evolve or become known while others may no longer be relevant.
Risk Management: Risk Assessment
Once you have a list of potential project risks, you need to determine which risks need to be managed. Generally, those risks that would have the greatest impact to the project as well as those that are more likely to occur are the ones that should be focused on.
A basic risk assessment will analyze each risk event for the likelihood that the risk will occur and for the impact it will have if it occurs. This type of qualitative risk analysis information can be plotted on a Risk Assessment Matrix which incorporates the risk rating rules as defined in your Project Risk Management Plan.
Quantitative risk management methods can also be used. These methods include the Monte Carlo technique, sensitivity analysis, and expected monetary value analysis.
Risk Management: Risk Response Development
For each risk, there are four response strategies that you can choose from…
In some cases, risk avoidance is possible by making a change to the project management plan. Some examples include extending or shortening the schedule, changing the project strategy, or reducing scope.
Risk transfer involves passing the risk to a third party. This doesn’t change or eliminate the risk, it simply gives another party the responsibility to manage the risk. Examples of risk transfer include insurance, performance bonds, warranties, fixed price contracts, and guarantees.
Risk mitigation means to reduce the probability and/or impact of a risk event. Examples of risk mitigation include safety training, simplifying processes, choosing a stable supplier, and redundant activities.
Risk acceptance is when the project team decides not to change the project management plan to deal with the risk or is unable to identify any other risk response strategies for a risk event. This strategy can be passive where the project team decides to just deal with the risk if it occurs. Or it can be active where the project team has a contingency reserve allocated and plan in place in case the risk occurs.
Risk Management: Monitor and Control Risk
Monitoring and controlling your project risks involves implementing your risk response strategies, tracking identified risks, monitoring triggering events, and identifying new risks. This should be done throughout your project.