High quality project risk management relies on information, common sense, experience -- and to a certain degree -- gut instinct and intuition. These are the keys to successful "project risk management". Read on to learn how it works.
It Takes a Process to Manage Project Risk
Risk management is both a strategy and a process. As a strategy, it embraces the concept that all projects have risk, and the goal is to ensure that those risks are managed to ensure that projects can be completed successfully. Risk is no reason to avoid projects - it's a basis for making decisions about project scope, planning and execution. There may very well be projects that are deemed to risky to proceed, but on the whole, most risks can be managed. That's where the process come in.
As a standardized governance process, project risk management can be broken down into five working elements: risk origination (the risk is identified), risk assignment (responsibility is assigned), execution (risk response is planned and put into action), oversight (status is monitored) and closure (the risk is eliminated).
Even under the best of circumstances, management is a challenge. When you learn to fast track, you’ll learn to work smarter, not harder. And that’s the value of every lesson, resource and template available at Fast Track Manage Learning. We teach you how to fast track your way to successful projects, committees and more. Learn More
Working with the 5 Phases of Managed Risk
What's the benefit of a standardized approach to managing project risk? You get a roadmap to follow, ensuring consistent results, ready to be adapted to the needs of the project at hand. That's the purpose of the 5-phase process described below:
ORIGINATION: Identify risks according to multiple defining elements:
- Risk characteristics by name and impact.
- Risk identifier (code) for reference and tracking purposes.
- The name of the individual raising the risk.
- The date the risk was raised.
- A target risk response date (when must this risk be analyzed and addressed).
ASSIGNMENT: Allocate the work and empower the team:
- Who can submit (raise) risks for action as part of risk management processing?
- Who will be responsible for risk review and analysis?
- Who will be responsible for developing and selecting risk response and control strategies?
- Who will be responsible for approving risk assessments and related response and control strategies?
- Who will execute risk response and control plans?
- Who will monitor risk status and the progress of any risk management activities?
- Who will approve risk closure?
- Who will be responsible for reviewing the success of the risk management process?
EXECUTION: Carry out the work as planned:
- The risk is raised and initially identified.
- The risk is assigned and prioritized for further action.
- The risk is reviewed according to established criteria (category, probability, impact & target values).
- Risk response strategies are devised (acceptance, avoidance or mitigation).
- Risk response strategies are approved.
- Risk response strategies are implemented as needed.
- Risk management activities as listed above are documented.
OVERSIGHT: Track risk status and management results:
- Management of the risk review schedule, which can include organization and prioritization.
- Progress must be readily measured to ensure that risks are reviewed on a timely basis, and to maintain a realistic risk review schedule suited to project circumstances, overall project status, and external resource demands.
- Management of individual risk activities, to include the status of all tasks and decisions necessary to manage individual risk events.
- Have risk review assignments been completed as needed?
- Have response and recovery action plans been completed as needed?
- Have risk response plans been properly communicated so that the project team can act upon them? Are mitigation activities working?
CLOSURE: Integrate the results into a formal record:
- Risk status is assessed to determine if a risk is "open" (meaning that further analysis or action may be required) or "closed" (no further action or analysis is required).
- Risk status is documented. This documentation should address all elements and results of the risk management process as pertaining to the risks at hand. This should include the completion of all forms, and documented evidence of the ways and means by which specific risks were evaluated, as well as the results of the risk response and control activities.
- Risk management "lessons learned" are analyzed and recorded. Every project should conclude with a post project review, to include a comprehensive "Lessons Learned Analysis". An effective "Lessons Learned Analysis" must include an examination of the risk process itself, as well as an evaluation of all risk management results as a contributing factor to overall project success or failure.
How Does Risk Management Fit Into the Project Lifecycle?
Risk management takes place through multiple phases of the project management process, starting with an initial risk assessment as part of project selection, continuing with a comprehensive risk analysis, as part of project definition, sizing of risk management practices as part of project governance, tracking risks through project oversight, and evaluating risk management results as part of project review activities.
Source: Unless noted otherwise, all content is created by and for ITtoolkit.com
ITtoolkit.com staff writers have experience working for some of the largest corporations, in various positions including marketing, systems engineering, help desk support, web and application development, and IT management.
ITtoolkit.com is part of Right Track Associates, proprietors and publishers of multiple web sites including ITtoolkit.com, Fast Track Manage, HOA Board List and more. We started ITtoolkit.com in 2001 and have continued to grow our web site portfolio, Toolkit products, and related data services. To learn more, visit us at Right Track Associates.