Project Risk Management
Project Risk Management includes the processes of conducting risk management planning, identification, analysis, response planning, and monitoring and control on a project. Project Risk is always in the future and has its origins in the uncertainty present in all projects. It is possible to plan responses for the known risks as they have been identified and analyzed. However, unknown risks cannot be managed pro-actively which then requires the project team to create a contingency plan. Risk responses reflect an organization’s perceived balance between risk taking and risk avoidance. There are varying degrees of risk that the organizations and stakeholders are sometimes willing to accept. This is called risk tolerance. Threats to the project thus may be accepted if they are within tolerances and are in balance with the rewards that are gained by taking the risk. To be successful, the organization should be committed to address risk management pro-actively and consistently throughout the project.
An overview of Project Risk Management processes:
An overview of Project Risk Management processes:
- Plan Risk Management: This process defines how to conduct risk management activities. It is an important process as it ensures the degree, type, and visibility of risk management are commensurate with both the risks and the importance of the project to the organization. This process begins when the project is conceived and should be completed during project planning.
- Identify Risks: This process identifies which risks may affect the project and documents their characteristics. It is an iterative process because new risks may evolve as the project progresses.
Outputs:
Risk Register: It is a document that contains a list of identified risks and potential responses.
- Perform Qualitative Risk Analysis: This process prioritizes risks for further analysis by accessing and combining their probability of occurrence and impact. In this process, identification and management of risk attitudes of key participants is necessary for an effective assessment. The process is usually a rapid and cost-effective means of establishing priorities for Plan Risk Responses and lays the foundation of the Perform Quantitative Risk Analysis process.
Tools and Techniques:
Risk Probability and Impact Assessment: This technique investigates the likelihood that each specific risk will occur. It investigates the potential effect on a project objective such as schedule, cost, quality, or performance. Probability and Impact are assessed for each identified risk in interviews or meetings with knowledgeable persons.
Probability and Impact Matrix: This matrix specifies combinations of probability and impact that lead to rating the risks as low, moderate, or high priority. The matrix serve a look-up table to evaluate each risk’s importance and priority for attention. The risk rating helps guide risk responses. For example, threats that occur in the high risk (dark gray) zone of the matrix, may require priority action and aggressive response strategies. Similarly, opportunities in the high-risk zone that offer the greatest befit should be targeted first.
- Perform Quantitative Risk Analysis: This process numerically analyses the effect of identified risks on overall project objectives. It is performed on risks that have been prioritized by the Perform Qualitative Risk Analysis process. This process can be used to assign a numerical rating those risks individually or to assess the aggregate effect of all risks affecting the project.
- Plan Risk Responses: The process is used to develop options and actions so as to enhance opportunities and reduce threats to project objectives. It assigns one person (“The risk response owner”) to take responsibility for each agreed-to and funded risk response. It address the risks by their priority, inserting resources in budget and schedule and activities in the project management plan as required. Perform Quantitative Risk Analysis should be repeated after this process to determine if the overall project risk has been satisfactorily decreased.
Tools and Techniques:
Strategies for Negative Risks or Threats: There are 4 responses that can be counted as strategies for negative risks or threats – Avoid (Changing the project management plan to eliminate the threat entirely), Transfer (Shifting some or all of the negative impact, along with the ownership of the response, to a third party), Mitigate (Reduce the probability and impact of an adverse risk event within acceptable threshold limits by taking early action) and Accept (acceptance by the project team that the risk cannot be eliminated completely and thus decides to establish a contingency reserve to be prepared to face the risk in case it comes along).
Strategies for Positive Risks or Opportunities: There are 4 responses that can be counted as strategies for positive risks or opportunities – Exploit (to ensure that the opportunity is realized), Share (allocating some or all of the ownership of the opportunity to a third part who is best able to capture it for the overall benefit), Enhance (increase the probability of the opportunity) and Accept (being willing to take advantage of it if it comes along. It can be also used as a strategy for negative risks/threats too).
- Monitor and Control Risks: This process is used implement risk response plans, track identified risks, monitor residual risks, identify new risks and evaluate the effectiveness of the risk process throughout the project. This process also helps determine if project assumptions are still valid, if the risk management policies and procedures are being followed and if the contingency reserve for cost or schedule need to be modified. It also includes updating organizational process assets and the lessons learned database for the benefit of future projects.