Risk management in projects is gaining importance. Why? Well, if you look at generally available statistics on project failure rates, then project failures are often related to an insufficient focus on dealing with risks in projects.
Before we dive into the details, it is important to look at the definition of risk and how to describe it. We mainly look at 3 components:
- What is the cause of the risk? (1) – “Because…..”
- What is the risk? (2) – “We might ….”
- What is the impact of the risk? (3) – “Which may lead to …..”
When documenting a risk in your project plans, it is important to handle a standard way of describing the risk, incl. the 3 components.
An example: “Because we have never been to Vorst Nationaal before (1), we might take the wrong exit or lose our way (2), which may lead to missing the concert of Robbie Williams (3).”
If we go deeper into the risk management process, there are 5 important topics to be taken into account
- Risk management planning
- Risk identification
- Risk analysis
- Risk response planning
- Risk monitoring & control
Let’s find out what each of these aspects entails!
RISK MANAGEMENT PLANNING
Do you need to apply the same level of risk management in all your projects? As you might guess, the answer is no. The amount of focus to put on risk management is related to the complexity of your project (both business and technical). On top of that, business criticality and project size play a big role in this evaluation The level of planning of your risk management depends highly on those factors.
In short, a risk management plan should consist of
- the risk management method
- a definition of roles & responsibilities
- a budget and a timing of your risk management activities
- risk categories
- definitions of risk probability and impact
Do we really need a risk management plan?
Yes, to create visibility on
- the risks in your projects
- the available resources to manage risks
the allocated time to risk management activities
Now, how do we identify potential risks in our project? Several potential inputs can be analysed like open issues, decisions, assumptions, dependencies, and key stakeholders. Also, the project Work Breakdown Structure which focuses on deliverables is an excellent source for identifying potential risks.
Here’s a visual representation of the links between issues, assumptions and risks:
The main objective of risk analysis is to identify specific project risks and determine the project’s vulnerability to the risks.
Risk analysis can be done through qualitative and/or quantitative assessments. Here, we’ll focus on the qualitative aspects of risk analysis. Risk severity (also known as ‘exposure’) can be seen as a function of impact and probability.
?PM Dictionary Tip
Impact is the potential effect that a risk if it occurs, will have on project objectives (time, cost, scope, quality).
?PM Dictionary Tip
Probability is the likelihood that a specific risk may occur.
This is expressed in the PI score: high PI scores require high project attention.
RISK MANAGEMENT RESPONSE PLANNING
Risk response planning can be seen as a proactive way of trying to lower or eliminate causes, risks and impact.
?PM Dictionary Tip
Contingency is a reactive manner and in most cases means to just accept the risks with the related impact on project cost & timing.
There are 4 potential risk response types:
- Avoiding risk: by modifying objectives and/or approaches.
- Transfer risk: by transferring the risk to other parties (as a sort of insurance taking)
- Mitigate risk: with concrete actions to reduce the probability and/or impact of the risks
Accept risk: by applying a contingency plan or in a passive way by just fixing the problem when there is a failure
RISK MONITORING & CONTROL
Risk monitoring & control is an ongoing process throughout the project and deals with questions like:
- Have new risks occurred?
- Have existing risks changed from the prior state? (For example, did the probability/impact score change)
- Are assumptions still valid?
- Have responses been effective?
- Are proper risk management procedures followed?
Do we have to adjust contingencies?
Managing risks in projects is crucial to ensure successful project delivery. By adopting a structured approach to risk management, which includes risk planning, risk identification, risk analysis, risk response planning, and risk monitoring and control, project managers can proactively address risks and mitigate their impact on project objectives. It is important to use a standard way of describing risks and to evaluate the level of risk management needed. This is based on project complexity, criticality, and size. By doing so, project managers can create visibility on project risks, allocate resources and time effectively, and increase the chances of project success.