When taking on any endeavor, you have to be prepared for the inevitable risk that will arise. No project ever runs perfectly. Snags will arise. You need to be prepared for what you will do when the time comes or, even better, you need to know how to prevent as many hurdles as possible.
A risk is any uncertain event or condition that may take place. All risks have a cause and a consequence. However, not all risks are negative. Some risks may be an opportunity. There are six processes to follow when planning and managing risk.
Risk Management Planning
According to the A Guide to the Project Management Body of Knowledge – 3rd Edition (PMBOK®), “risk management planning is the process of deciding how to approach and plan the risk management activities for a project.” Whether you decide to identify risks before the project begins or in the middle, a Risk Management Plan should be drafted. Among other things, the Risk Management Plan determines how risks will be identified, monitored, controlled, and eliminated. This plan will identify what will be considered a risk and how it will be managed. It also defines the team roles and responsibilities for risk management.
PMBOK® defines Risk Identification as “determining which risks might affect the project and documenting their characteristics.” There are two main types of risks: Organization and External. Organizational risks include inconsistent cost, time, and scope objectives, lack of funding, or resource conflicts with other projects. External risks may involve legal or labor issues. You can use the following information as tools to identify risks:
- Historical information from previous projects
- Documentation reviews of prior project files
- Gathering information by brainstorming, interviewing, or SWOT analysis
- Risk log of all possible risks
- Assumptions analysis to explore the risk’s validity
- Diagramming techniques, such as cause/effect diagrams or a system flow chart
Qualitative Risk Analysis
Qualitative Risk Analysis is “assessing the impact and likelihood of identified risks.” (PMBOK®). This ranks risks in order according to the potential effect they will have on the project. When looking at the qualitative risk analysis, you must consider the risk probability and the risk impact. Risk probability is the chance that the risk will occur. Risk impact is the consequences if the risk occurs. Once the probability and impact of the risk has been determined, establish which risk category it should go in. For high risks, consider ways of reducing the impact or prepare a contingency plan. For medium risks, prepare a contingency plan. For low risks, take no immediate action, but continue to monitor them.
Quantitative Risk Analysis
“The quantitative risk analysis process aims to analyze numerically the probability of each risk and its consequence on project objectives, as well as the extent of overall project risk.” (PMBOK®) This quantifies the risk exposure for the project. By attaching a numerical probability to each risk, you will be able to easily identify the risks requiring the most attention.
Risk Response Planning
PMBOK® defines risk response planning as “the process of developing options and determining actions to enhance opportunities and reduce threats to the project’s objectives. It includes the identification and assignment of individuals or parties to take responsibility for each agreed risk response.” There are four main ways that people respond to risk.
- Avoidance – change the project plan to eliminate the risk. By choosing not to do part of the project, you may be scaling down the project’s return on investment.
- Transference – shift the consequence and management responsibility of a risk to another party. You can do this by purchase insurance or hiring an expert to do the work.
- Mitigation – take early action to reduce the chances of a risk occurring or at least reduce the impact the risk will have on the project when it does occur.
- Acceptance – make no changes in the project plan to deal with a risk. Active acceptance monitors the risk and develops a contingency plan in case a risk does occur. Passive acceptance, on the other hand, has you waiting to deal with risks as they occur.
Risk Monitoring and Control
“Risk monitoring and control is the process of keeping track of the identified risks, monitoring residual risks and identifying new risks, ensuring the execution of risk plans, and evaluating their effectiveness in reducing risk.” (PMBOK®) When monitoring risks, you may have to choose an alternative strategy, implement a contingency plan, take corrective action or replan the project. You can use a risk tracking list (a list of all risks which have a plan as well as those without), a tracking matrix (shows each risk and prevention plans), or a risk dashboard (risk indicators which will be tracked) to monitor your progress of dealing with risks.
Knowing how to correctly identify, respond and monitor risks will allow your project to save time and money by not having to continually put out fires.
Dr. Keith Mathis, founder and CEO of The Mathis Group, specializes in Project Management, Management Leadership, and Marketing training for private businesses and government agencies of all kinds. He offers 33 Project Management courses, is a Project Management Professional, is certified by the Project Management Institute and will customize every training session to your individual company’s needs. The Mathis Group also sponsors www.pmexpertlive.com, which is a powerful project management resource with free reports, podcasts, videos, and a monthly newsletter. He also offers customized management training and coaching on any subject with prolific communication and professionalism.