Risk Management

Risk Management

A strong risk management process can decrease problems on a project by as much as 80 or 90 percent. In combination with solid project management practices, having a well-defined scope, incorporating input from the appropriate stakeholders, following a good change management process, and keeping open the lines of communication, a good risk management process is critical in cutting down on surprises, or unexpected project risks. 

A Risk Management Process in 7 easy to follow steps:

Step one of the risk management process is to have each person involved in the planning process to list at least ten potential risk items. Often with this step, team members will assume that certain project risks are already known, and therefore do not need to be listed. For example, scope creep is a typical problem on most projects. Yet it still must be listed because even with the best management processes in place, it could still occur and cause problems on a project over time.

Step two is to collect the lists of project risks and compile them into a single list with the duplicates removed.

Step three is to assess the probability and the impact and the detectability of each item on the master list. 
This can be done by assigning each item on the list a numerical rating such as on a scale from 1 to 4 or a subjective term such as high, medium, or low. Detectability is optional, but it can be simple to assess - if a risk is harder to see, such as with scope creep, then it's a riskier item. If it's easier to catch early, such as loss of management support or loss of a key resource, then it's lower risk.

Step four is to break the planning team into sub-groups and to give a portion of the master list to each sub-group. Each sub-group can then identify the warning signs or triggers for its assigned list of project risks. All triggers should be noted, even minor ones. Normally there will be at least three triggers for each risk.

Step five is for the sub-groups to identify possible preventive actions and enhancement actions for the opportunities.

Step six is for the sub-groups to create a contingency plan for most but not all project risks - a plan that includes the actions you should take if a trigger or a risk occurs. This plan will be created for those risks scoring above a certain cut-off point, which is determined after looking at the total scores for all risks. This keeps the risk management process manageable. The risk management process is not effective if it is so time-consuming that it is never done.

Step seven is to determine the owner of each risk. The owner is the person who is responsible for watching out for triggers and then for responding appropriately if the triggers do in fact occur by implementing the pre-approved and now established contingency plan. 

Often, the owner of the risk is the project manager, but it is always in the best interest of the project for all team members to watch for triggers.
Rather than start this risk management process from scratch for every new project, it can be followed once to establish a list of generic project risks and triggers. Then, a team simply has to add project-specific project risks and triggers and assess the probability, impact, and detectability, which will save a great amount of time and help to ingrain a risk mentality into your project culture.
Upon completion of the risk management process, a master document, known as a risk register or risk matrix, is created. The most effective format for this document is a table, because it will allow a great deal of information to be conveyed in a few pages. 

The columns in the table can include risk description, probability, impact, detectability, triggers, preventive actions, and contingency plan. Other columns, such as quantitative value, can also be added as appropriate.
Once the risk register is complete, it is easy to maintain. It can be reviewed during regular status meetings, with as little as 15 minutes spent making sure the list is still current. Determine if any project risks can be closed (but not removed completely), if any risks have increased or decreased in value, and if there are any new project risks to add. This will ensure that the list is continually seen as relevant and useful throughout the life of the project.

Finally you need to be mindful that a risk management process does not have to be complicated or time consuming to be effective. Of course there will always be changes and there may still be surprises, but the team will feel prepared and the project should not be taken off course.