Risk is an inherent part of any project. Having the essential tools needed to manage and mitigate these project risks will help you protect your project against the risks that threaten to take it off-track.
The Project Management Institute provides the following process to manage project risks:
- Plan risk management.
- Identify risks.
- Perform qualitative risk analysis.
- Perform quantitative risk analysis.
- Plan risk responses.
- Monitor and control risks.
Let’s break down each component of the risk management a bit further.
Step 1. Plan Risk Management
In the same way that you have a method to run your project, you should have a clear method for how to manage risks in your project. Your risk management plan should be appropriate for the types of risks that you’re likely to face, and the importance of the project to your organization. When planning for your risk management, identify the tools and techniques you are going to use, as well as your communication plan for stakeholders.
Depending on the importance of the project and the types of risks you face, you may also create a risk breakdown structure. The risk breakdown structure is a method of organizing potential causes of risk into a hierarchy.
Step 2: Identify Risks
When identifying risks, you simply determine which risks may affect your project, and document their characteristics. This helps you and your team anticipate events that affect your project. This step isn’t about resolving the risk. Instead, you and your team identify the risks and compare risks against one another, so it’s easier to respond to the risks with the highest impact.
Step 3: Perform Qualitative Risk Analysis
How likely is it that this risk will occur? What will the impact of this risk be? The answers to these questions are the fundamentals of qualitative risk analysis. This allows you, as the project manager, to reduce the level of uncertainty in your project and focus on high-priority risks. Phase 3 should be a quick phase in your project risk management process. It lays the foundation for quantitative risk analysis and feeds directly into planning risk response.
Step 4: Perform Quantitative Risk Analysis
During your quantitative risk analysis, you analyze the identified risks based on numeric rankings.In some cases, you won’t have enough data to develop appropriate risk models. In these cases, you’ll need to use your best judgment about if you need quantitative risk analysis, and which method you will use. Common methods of data gathering and representation include interviewing members of previous project teams and probability distributions based on the likelihood of a risk occurring.
Step 5: Plan Risk Response
When you identify a risk, it’s natural to want to jump to planning a response. By working through this process, you can address risks based on their priority. You can insert the resources and activities you need into your project plan and budget. Your risk response plan should also assign an owner for the risk response for each agreed-to and funded risk response. Remember – not all risks to projects are negative. For negative risks – or threats, your response plan is typically to avoid the risk, transfer the risk to a third party, mitigate the risk, or accept it. Some risks have a positive impact on your project. For these risks, you’ll want to exploit them, enhance them by increasing the likelihood of the opportunity occurring, share the opportunity with a third party better equipped to handle the opportunity, or accept it (if it occurs).
Step 6: Monitor and Control Risks
The final step in project risk management is to control risks. This is when you put your plan into place – implementing response plans, tracking identified risks, monitoring residual risks, and evaluating your risk responsiveness throughout the process. During this process, you’ll determine if your project assumptions are still valid, remove assessed risks that have changed, ensure that your risk management procedures are being followed, and plan for any contingencies in cost or schedule based on alignment with your current risk assessment.
At first review, the process of managing project risk may seem as complex as managing the project itself. By layering risk management into your project management process, you can have more successful projects with fewer headaches.