Your Risk Management Process - A Practical and Effective Approach
by:
Vicki Wrona
Some experts have said that a strong risk management process can decrease problems on a project by as much as 80 or 90 percent. In combination with solid project management practices--having a well-defined scope, incorporating input from the appropriate stakeholders, following a good change management process, and keeping open the lines of communication--a good risk management process is critical in cutting down on surprises, or unexpected project risks. Such a process can also help with problem resolution when changes occur, because now those changes are anticipated and actions have already been reviewed and approved, avoiding knee jerk reactions.
Defining "Risk"
Before one can embark on a risk management process, one must have a solid understanding of some key definitions. Project risks as defined from a PMI perspective are, at their core, unknown events. These events can be positive or negative, so that the word "risk" is inherently neutral. That said, most of the time and focus is spent handling negative project risks, or "threats," rather than positive project risks, or "opportunities."
Often, companies that do perform a risk management process on a fairly typical multi-month project (no longer than 12 months) will identify and manage possibly five to ten easily recognized project risks. However, that number should in fact be much higher. With a high number of project risks identified early on, a team's awareness of what to look for is increased, so that potential problems are recognized earlier and opportunities are seen more readily.
It may seem that project risks cannot be managed without taking away from the actual work of the project. However, this can effectively be accomplished with a seven-step risk management process that can be utilized and modified with each project.
The Risk Management Process
Step one of the risk management process is to have each person involved in the planning process individually list at least ten potential risk items. Often with this step, team members will assume that certain project risks are already known, and therefore do not need to be listed. For example, scope creep is a typical problem on most projects. Yet it still must be listed because even with the best practice management processes in place, it could still occur and cause problems on a project over time. Therefore it should be addressed rather than ignored.
Step two of the risk management process is to collect the lists of project risks and compile them into a single list with the duplicates removed.
Step three of the risk management process is to assess the probability (or likelihood), the impact (or consequence) and the detectability of each item on the master list. This can be done by assigning each item on the list a numerical rating such as on a scale from 1 to 4 or a subjective term such as high, medium, or low. Detectability is optional, but it can be simple to assess - if a risk is harder to see, such as with scope creep, then it's a riskier item. If it's easier to catch early, such as loss of management support or loss of a key resource, then it's lower risk.
Step four of the risk management process is to break the planning team into subgroups and to give a portion of the master list to each subgroup. Each subgroup can then identify the triggers (warning signs) for its assigned list of project risks. All triggers should be noted, even minor ones. Normally there will be at least three triggers for each risk.
Step five of the risk management process is for those same subgroups to identify possible preventive actions for the threats and enhancement actions for the opportunities.
Step six of the risk management process is for the subgroups to then create a contingency plan for most but not all project risks - a plan that includes the actions one would take if a trigger or a risk were to occur. This plan will be created for those risks scoring above a certain cut-off point, which is determined after looking at the total scores for all risks. This keeps the risk management process manageable. The risk management process is not effective if it is so time-consuming that it is never done.
Step seven, the final step in planning the risk management process, is to determine the owner of each risk on the list. The owner is the person who is responsible for watching out for triggers and then for responding appropriately if the triggers do in fact occur by implementing the pre-approved and now established contingency plan. Often, the owner of the risk is the project manager, but it is always in the best interest of the project for all team members to watch for triggers while working on the project.
Rather than start this risk management process from scratch for every new project, it can be followed once to establish a list of generic project risks and triggers, skipping step three. Then, a team simply has to add project-specific project risks and triggers and assess the probability, impact, and detectability for each risk, saving a great amount of time and helping to ingrain a risk mentality into your project culture.
Creating a Risk Register or Risk Matrix
Upon completion of the risk management process, a master document, known as a risk register or risk matrix, is created. The most effective format for this document is a table, because it will allow a great deal of information to be conveyed in a few pages. If the information is instead presented in paragraph form, it may not be read by people and will be rendered ineffective. The columns in the table can include risk description, probability, impact, detectability, triggers, preventive actions, and contingency plan. Other columns, such as quantitative value, can also be added as appropriate.
Important Things to Remember
Often, the steps in which triggers and preventive actions are identified are overlooked. However, these are vital to the entire risk management process. After a team has completed this exercise once, the members will be better conditioned on what to pay attention to while managing the project so they are more proactive in catching changes or issues early. If these steps in the risk management process are skipped, the team can find themselves in constant reaction mode, simply implementing a contingency plan for each risk after that risk catches them by surprise. They could also ignore a seemingly overwhelming list of project risks, which is why narrowing the list down to the most important risks is critical for making sure the list is used.
Once the risk register is complete, it is easy to maintain. It can be reviewed during regular status meetings, with as little as 15 minutes spent making sure the list is still current. Determine if any project risks can be closed (but not removed completely), if any risks have increased or decreased in value, and if there are any new project risks to add. This will ensure that the list is continually seen as relevant and useful throughout the life of the project.
Conclusion
A risk management process does not have to be complicated or time consuming to be effective. By following a simple, tested, and proven approach that involves seven steps taken at the beginning of each project (fewer if a generic list of project risks has already been established), the project team can prepare itself for whatever may occur. Of course there will always be changes and there may still be surprises, but the end result is that they are fewer, that the team feels prepared and that the project is not taken off course.
About the Author:
Vicki Wrona, PMP, is the president of Forward Momentum, LLC, an 8(a) consulting and training company, and an instructor with
Westlake Training and Development. She has 20 years of project management experience, has trained over 3,800 people, has mentored individuals and organizations, and has authored multiple white papers.
No. of Times this article has been viewed :
2089
Date Published :
Nov 18 2009
Most Recently Published Risk Management Articles as of
|
|
Mar 19 2010
Why Every Company Needs Combined Commercial Insurance
by
BMA Editorial Team A
Most often, companies large or small need a varying range of policies in order to protect their businesses. Many providers offer to bring together a range of policies into one single policy in a manner that offers total protection to any commercial establishment.
|
Mar 5 2010
Risk Management Strategy - What It Means to Your Trading Success
by
BMA Editorial Team A
Start incorporating a risk management strategy into your trading plan. Doing so can only mean greater gains for you.
|
Feb 20 2010
Risk Management
by
Aweng Moral-Basco
Risk Management is the process of assessing risk and developing strategies to manage it. Strategies include transferring the risk, avoiding the risk, reducing the negative effect of the risk, and accepting the consequences of a particular risk.
|
Feb 19 2010
Choosing the Correct Road Risk Insurance for You
by
BMA Editorial Team A
If you are employed in motor trade, you are required to drive and store a wide range of vehicle types on public roads and highways. In order to do this legally, you must have some type of motor trade insurance coverage that is called road risk insurance.
|
Jan 26 2010
The Importance of a Fire Risk Assessment
by
BMA Editorial Team A
With advice and legislation being updated on an ongoing basis, every business must do everything in its power to insure it understands the fundamental principals of a fire risk assessment.
|
Jan 21 2010
Employers Liability Insurance - Protect Your Business
by
BMA Editorial Team A
It is imperative that every business has adequate cover. Companies prefer to have business relations with traders who have public liability insurance as they feel comfortable and secure.
|
Jan 21 2010
Insurance: Beware of Universal Life
by
BMA Editorial Team A
Has a life insurance agent suggested that you buy 'permanent' insurance such as Whole Life, Universal Life or Variable Universal Life? The reasons they give seem so compelling, but are they in your best interest? Here's an explanation of the basics, plus what the insurance agent isn't telling you!
|
Jan 12 2010
General Insurance is Not a Luxury
by
BMA Editorial Team A
General Insurance helps you to face a number of risks in our daily lives, especially those associated with the properties and possessions we own.
|
Jan 12 2010
Fire Risk Asessment - It's the Law
by
BMA Editorial Team A
Any responsible person, even with limited formal instruction or experience, can do a simple fire risk assessment. More complex buildings will need to be assessed by a person with full training and experience in fire risk assessment.
|
Dec 31 2009
Top 5 Business Insurance Tips
by
BMA Editorial Team A
It is a bitter fact that the overall sales are going down, and profits margins are indeed reducing greatly. Under such circumstances, it becomes lot more difficult to invest in the business insurance premiums.
|
Dec 29 2009
What is an Insurance Agent?
by
BMA Editorial Team A
When you need to get insurance you should look to an insurance agent for help. They will assist you in finding the best programs for you and your situation, while offering expert advice and additional knowledge.
|
Dec 28 2009
How to Select the Best Insurance Premium?
by
BMA Editorial Team A
It is compulsory for every car owner or the drivers to own a car insurance other wise that will be considered as a criminal offense. The cars which are plying on the roads without a proper insurance, they are plying at their own risk.
|
Dec 22 2009
The Different Facets of Commercial Insurance
by
BMA Editorial Team A
The most popular commercial insurance sought after is shop insurance, where the owner is protected against risks and damage caused due to employee dishonesty, faulty goods and so on. This article covers this and other forms of commercial insurances.
|
Dec 22 2009
Getting the Right Commercial Insurance for Your Business
by
BMA Editorial Team A
If you own a business you will try to take every possible step to run it smoothly. However, no business is free from risk. Therefore it is important that you take commercial insurance to protect yourself and your business from unforeseen risks.
|
Dec 22 2009
Does My Business Require Commercial Insurance?
by
BMA Editorial Team A
Commercial insurance is used as risk management in most businesses. The insured amount will serve the purpose of meeting any unexpected huge expenses in the business such as property damage, liabilities or any machinery breakdown.
|
|
Search for ebooks on Management & Business