There are three steps to assessing a risk; Likelihood, Impact, Priority/Importance. Priority/Importance is determined by the likelihood and impact.
Risks are often assessed by project team members who have prior experience in a particular area, but bringing in experts can also add value. In fact as most risks have to be assessed by rule of thumb as they are estimates of future behaviour and events the more subject matter expertise you can bring to bear the better.
Be warned that subject matter expertise can also bring a skewed view. People who have been burned by a particular risk can often over-estimate its impact in the future. Similarly people’s assessment of risks can be skewed by their objectives and their horizons. An example from my past work is subject matter experts from operational areas often assess risks as having a huge impact (to their business unit) when in fact, in the context of the whole organisation the impact is insignificant and any inconvenience can be absorbed.
Organised project offices often have defined thresholds for likelihood and impact and they should be contextualised to the environment. For example, my family’s suburban legal practice would consider a $100,000 critical, while Telstra would probably consider this minor.
Typically risk management systems use Likert scales (score from 1-5) to assess impacts and likelihood, with each score corresponding to a minimum, maximum or both threshold.
Assessing likelihood and impact will be addressed in detail later in the series.
Craig Brown has worked as a project manager and business analyst mainly in the Australian ITC and the banking industries. He has also worked in the law, education and welfare industries, including starting a law firm. Craig now has a Master’s degree in project management from RMIT university, and is currently working with a Melbourne based IT consulting firm called OptimiseIT. Craig’s personal blog can be found at http://betterprojects.net.